Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SetupWIService.exe

Overview

General Information

Sample Name:SetupWIService.exe
Analysis ID:763396
MD5:6685bbb6eea96a5bee42ca0379671647
SHA1:ff0dff812260ce80394ca3c228da9d45701cb57d
SHA256:ee426380bbb5a135bc257b15aa32b78f1e21aa25f624e6ac5eb730005bb737b2
Infos:

Detection

GuLoader
Score:57
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:35
Range:0 - 100

Signatures

Yara detected GuLoader
Uses netsh to modify the Windows network and firewall settings
Tries to delay execution (extensive OutputDebugStringW loop)
Modifies the hosts file
DLL side loading technique detected
Sets file extension default program settings to executables
Modifies the windows firewall
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Creates files inside the system directory
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Enables debug privileges
EXE planting / hijacking vulnerabilities found
PE file does not import any functions
Drops PE files
Tries to load missing DLLs
Drops PE files to the windows directory (C:\Windows)
Binary contains a suspicious time stamp
Uses taskkill to terminate processes
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • SetupWIService.exe (PID: 5396 cmdline: C:\Users\user\Desktop\SetupWIService.exe MD5: 6685BBB6EEA96A5BEE42CA0379671647)
    • cmd.exe (PID: 2852 cmdline: cmd /C taskkill /F /IM WIService.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 4132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 4436 cmdline: taskkill /F /IM WIService.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 4760 cmdline: cmd /C taskkill /F /IM WIui.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 4356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 2856 cmdline: taskkill /F /IM WIui.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 3480 cmdline: cmd /C taskkill /F /IM wirtpproxy.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 2472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 6140 cmdline: taskkill /F /IM wirtpproxy.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 2068 cmdline: cmd /C taskkill /F /IM wiservice-ui.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 6096 cmdline: taskkill /F /IM wiservice-ui.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 2992 cmdline: cmd /C taskkill /F /IM vncsrv.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 6136 cmdline: taskkill /F /IM vncsrv.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 2860 cmdline: cmd /C taskkill /F /IM WildixOutlookIntegration.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 4760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 3084 cmdline: taskkill /F /IM WildixOutlookIntegration.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • wiservice.exe (PID: 3712 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --removesvc MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
    • wiservice.exe (PID: 4496 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
    • RegAsm.exe (PID: 1428 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 4504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • Conhost.exe (PID: 5404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 5360 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 5356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 5088 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 4640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 5708 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 5712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • MpCmdRun.exe (PID: 5880 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: A267555174BFA53844371226F482B86B)
      • conhost.exe (PID: 524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 5272 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 5264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 5332 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 3636 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 4516 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 3804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 2472 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 5816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 4332 cmdline: cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 2856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 5944 cmdline: schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
    • cmd.exe (PID: 5880 cmdline: cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 5664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • netsh.exe (PID: 5732 cmdline: netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 98CC37BBF363A38834253E22C80A8F32)
    • cmd.exe (PID: 1252 cmdline: cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 2848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • netsh.exe (PID: 204 cmdline: netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 98CC37BBF363A38834253E22C80A8F32)
    • wiservice.exe (PID: 4940 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
    • wiservice.exe (PID: 5344 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
    • explorer.exe (PID: 6032 cmdline: C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • svchost.exe (PID: 3084 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • spoolsv.exe (PID: 1876 cmdline: C:\Windows\System32\spoolsv.exe MD5: C05A19A38D7D203B738771FD1854656F)
  • spoolsv.exe (PID: 4140 cmdline: C:\Windows\System32\spoolsv.exe MD5: C05A19A38D7D203B738771FD1854656F)
  • svchost.exe (PID: 4368 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 4896 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • wiservice.exe (PID: 5316 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --update MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
  • wiservice.exe (PID: 5892 cmdline: "C:\Program Files\Wildix\WIService\WIService.exe" MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
  • wiservice.exe (PID: 3428 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
    • wiservice.exe (PID: 5088 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
    • wiservice.exe (PID: 3872 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
  • explorer.exe (PID: 3800 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: AD5296B280E8F522A8A897C96BAB0E1D)
    • wiservice.exe (PID: 4112 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.547551815.00000000006C6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
    00000000.00000002.550313217.00000000006C6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
      00000000.00000003.546819473.00000000006C6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
        00000000.00000003.546214148.0000000000696000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
          00000000.00000002.549911172.000000000069A000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
            Click to see the 2 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results
            Source: wiservice.exe, 00000013.00000000.335171288.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----
            Source: C:\Users\user\Desktop\SetupWIService.exeEXE: cmd.exeJump to behavior

            Compliance

            barindex
            Uses 32bit PE files
            Source: SetupWIService.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            EXE planting / hijacking vulnerabilities found
            Source: C:\Users\user\Desktop\SetupWIService.exeEXE: cmd.exeJump to behavior
            Creates a software uninstall entry
            Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIServiceJump to behavior
            Uses new MSVCR Dlls
            Source: C:\Users\user\Desktop\SetupWIService.exeFile opened: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
            Creates a directory in C:\Program Files
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\WildixJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIServiceJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xmlJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix.icoJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wiservice.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\faxJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDLJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDNAMES.GPDJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDLJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDLJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.HLPJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\imgprint.gpdJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwaresJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtBase0x5642.dfuJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtHeadset0x5642.dfuJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resourcesJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resources\cdr.dbJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook IntegrationJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Office.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\UC.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\wildix-oi.icoJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dll.manifestJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.vstoJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exe.configJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\proxyex.lnkJump to behavior
            Source: C:\Program Files\Wildix\WIService\wiservice.exeDirectory created: C:\Program Files\Wildix\updates
            PE / OLE file has a valid certificate
            Source: SetupWIService.exeStatic PE information: certificate valid
            Contains modern PE file flags such as dynamic base (ASLR) or NX
            Source: SetupWIService.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Binary contains paths to debug symbols
            Source: Binary string: C:\design\wiservice\deploy\win-x64-release\wiservice.pdb source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp
            Source: Binary string: C:\design\wiservice\deploy\win-x64-release\wiservice.pdbg source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\rand\randfile.cFilename=RANDFILESYSTEMROOT.rnd` source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp
            Source: Binary string: C:\design\wiservice\deploy\win-x64-release\fax\wfaxport.pdb``. source: spoolsv.exe, 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmp
            Source: Binary string: C:\design\wiservice\deploy\win-x64-release\fax\wfaxport.pdb source: spoolsv.exe, 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmp
            Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00402765 FindFirstFileA,0_2_00402765
            Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00406313 FindFirstFileA,FindClose,0_2_00406313
            Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_004057D8 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004057D8
            Source: C:\Windows\System32\spoolsv.exeCode function: 24_2_00007FFA126F3F10 FindFirstFileW,_invalid_parameter_noinfo_noreturn,FindClose,24_2_00007FFA126F3F10
            Source: global trafficHTTP traffic detected: GET /integrations/integrations.json HTTP/1.1Host: files.wildix.comAccept: */*
            Source: global trafficHTTP traffic detected: GET /integrations/applications.json HTTP/1.1Host: files.wildix.comAccept: */*
            Source: global trafficHTTP traffic detected: GET /integrations/x-beesNativeApp.json HTTP/1.1Host: files.wildix.comAccept: */*
            Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 498Content-Type: application/x-www-form-urlencoded
            Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 430Content-Type: application/x-www-form-urlencoded
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: svchost.exe, 0000001F.00000003.411975561.000002BC8F5B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.412779972.000002BC8F5A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.412673472.000002BC8F5B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: t enough.\r\n\r\nSHARE WITH FRIENDS\r\nSend photos and videos to keep your close friends up to speed. Receive files for even more productivity.\r\n\r\n\r\n*Calls are free over Wi-Fi but otherwise standard data charges apply.\r\nPrivacy Policy: https://www.facebook.com/about/privacy | LEARN MORE at: https://messenger.com (https://messenger.com/)","ProductTitle":"Messenger","SearchTitles":[],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9WZDNCRF0083","Properties":{"PackageFamilyName":"Facebook.317180B0BB486_8xx8rvfyw5nnt","PackageIdentityName":"FACEBOOK.317180B0BB486","PublisherCertificateName":"CN=6E08453F-9BA7-4311-999C-D22FBA2FB1B8","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"c6a9fa5c-20a2-4e12-904d-edd408657dc8"},{"IdType":"LegacyWindowsPhoneProductId","Value":"3219d30d-4a23-4f58-a91c-c44b04e6a0c7"},{"IdType":"XboxTitleId","Value":"2004208728"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-12-06T03:21:59.5689546Z||.||a6e233a8-4347-4ff6-a4aa-953fcb950be0||1152921505695651047||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku":{"LastModifiedDate":"2022-12-06T03:20:53.0216621Z","LocalizedProperties":[{"SkuDescription":"Made for big screens and close connections. Get access to free* texting, and high-quality voice & video chat built specifically for desktop.\r\n\r\nMADE FOR DESKTOP, MADE
            Source: svchost.exe, 0000001F.00000002.430721634.000002BC8EAC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \nLike us on Facebook: http://www.facebook.com/spotify\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"Sear equals www.facebook.com (Facebook)
            Source: svchost.exe, 0000001F.00000002.430721634.000002BC8EAC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \nLike us on Facebook: http://www.facebook.com/spotify\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"Sear equals www.twitter.com (Twitter)
            Source: svchost.exe, 0000001F.00000003.418252777.000002BC8F598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \nLike us on Facebook: http://www.facebook.com/spotify\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-7 equals www.facebook.com (Facebook)
            Source: svchost.exe, 0000001F.00000003.418252777.000002BC8F598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \nLike us on Facebook: http://www.facebook.com/spotify\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-7 equals www.twitter.com (Twitter)
            Source: svchost.exe, 0000001F.00000003.420849026.000002BC8F598000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.418252777.000002BC8F598000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.418407921.000002BC8F5BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \nLike us on Facebook: http://www.facebook.com/spotify\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-12-08T11:21:54.2747108Z||.||803d05e9-9690-401d-bb6a-d73bbac152d0||1152921505695662202||Null||prerelease","ValidationResultUri":""},"MerchandizingTags":["HeadlessApp"],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku":{"LastModifiedDate":"2022
            Source: svchost.exe, 0000001F.00000003.420849026.000002BC8F598000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.418252777.000002BC8F598000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.418407921.000002BC8F5BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \nLike us on Facebook: http://www.facebook.com/spotify\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-12-08T11:21:54.2747108Z||.||803d05e9-9690-401d-bb6a-d73bbac152d0||1152921505695662202||Null||prerelease","ValidationResultUri":""},"MerchandizingTags":["HeadlessApp"],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku":{"LastModifiedDate":"2022
            Source: svchost.exe, 0000001F.00000003.418252777.000002BC8F598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \nLike us on Facebook: http://www.facebook.com/spotify\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify - Music and Podcasts","Languag equals www.facebook.com (Facebook)
            Source: svchost.exe, 0000001F.00000003.418252777.000002BC8F598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \nLike us on Facebook: http://www.facebook.com/spotify\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify - Music and Podcasts","Languag equals www.twitter.com (Twitter)
            Source: svchost.exe, 0000001F.00000003.418252777.000002BC8F598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \nLike us on Facebook: http://www.facebook.com/spotify\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify - Music and Podcasts","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9NCBCSZSJRSB","Properties":{"FulfillmentData":{"ProductId":"9NCBCSZSJRSB","WuCategoryId":"5c353b9c-7ac7-4d27-af07-923e7d9aa2e2","PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","SkuId":"0010"},"FulfillmentType":"WindowsUpdate","FulfillmentPluginId":null,"Packages":[{"Applications":[{"ApplicationId":"Spotify"}],"Architectures":["x86"],"Capabilities":["internetClient","runFullTrust","Microsoft.storeFilter.core.notSupported_8wekyb3d8bbwe"],"ExperienceIds":[],"MaxDownloadSizeInBytes":110594921,"MaxInstallSizeInBytes":218030080,"PackageFormat":"Appx","PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","MainPackageFamilyNameForDlc":null,"PackageFullName":"SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0","PackageId":"e3ffbaf1-533d-0e62-534a-7003b35c0759-X86","PackageRank":30001,"PlatformDependencies":[{"MaxTested":2814750754275328,"Min equals www.facebook.com (Facebook)
            Source: svchost.exe, 0000001F.00000003.418252777.000002BC8F598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \nLike us on Facebook: http://www.facebook.com/spotify\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify - Music and Podcasts","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9NCBCSZSJRSB","Properties":{"FulfillmentData":{"ProductId":"9NCBCSZSJRSB","WuCategoryId":"5c353b9c-7ac7-4d27-af07-923e7d9aa2e2","PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","SkuId":"0010"},"FulfillmentType":"WindowsUpdate","FulfillmentPluginId":null,"Packages":[{"Applications":[{"ApplicationId":"Spotify"}],"Architectures":["x86"],"Capabilities":["internetClient","runFullTrust","Microsoft.storeFilter.core.notSupported_8wekyb3d8bbwe"],"ExperienceIds":[],"MaxDownloadSizeInBytes":110594921,"MaxInstallSizeInBytes":218030080,"PackageFormat":"Appx","PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","MainPackageFamilyNameForDlc":null,"PackageFullName":"SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0","PackageId":"e3ffbaf1-533d-0e62-534a-7003b35c0759-X86","PackageRank":30001,"PlatformDependencies":[{"MaxTested":2814750754275328,"Min equals www.twitter.com (Twitter)
            Source: svchost.exe, 0000001F.00000003.415935980.000002BC8F583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: t enough.\r\n\r\nSHARE WITH FRIENDS\r\nSend photos and videos to keep your close friends up to speed. Receive files for even more productivity.\r\n\r\n\r\n*Calls are free over Wi-Fi but otherwise standard data charges apply.\r\nPrivacy Policy: https://www.facebook.com/about/privacy | LEARN MORE at: https://messenger.com (https://messenger.com/)","ProductTitle":"Messenger","SearchTitles":[],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9WZDNCRF0083","Properties":{"PackageFamilyName":"Facebook.317180B0BB486_8xx8rvfyw5nnt","PackageIdentityName":"FACEBOOK.317180B0BB486","PublisherCertificateName":"CN=6E08453F-9BA7-4311-999C-D22FBA2FB1B8","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"c6a9fa5c-20a2-4e12-904d-edd408657dc8"},{"IdType":"LegacyWindowsPhoneProductId","Value":"3219d30d-4a23-4f58-a91c-c44b04e6a0c7"},{"IdType":"XboxTitleId","Value":"2004208728"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-12-06T03:21:59.5689546Z||.||a6e233a8-4347-4ff6-a4aa-953fcb950be0||1152921505695651047||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku":{"LastModifiedDate":"2022-12-06T03:20:53.0216621Z","LocalizedProperties":[{"SkuDescription":"Made for big screens and close connections. Get access to free* texting, and high-quality voice & video chat built specifically for desktop.\r\n\r\nMADE FOR DESKTOP, MADE
            Source: svchost.exe, 0000001F.00000003.411823652.000002BC8F598000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.415935980.000002BC8F583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: t enough.\r\n\r\nSHARE WITH FRIENDS\r\nSend photos and videos to keep your close friends up to speed. Receive files for even more productivity.\r\n\r\n\r\n*Calls are free over Wi-Fi but otherwise standard data charges apply.\r\nPrivacy Policy: https://www.facebook.com/about/privacy | LEARN MORE at: https://messenger.com (https://messenger.com/)","ProductTitle":"Messenger","SearchTitles":[],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9WZDNCRF0083","Properties":{"PackageFamilyName":"Facebook.317180B0BB486_8xx8rvfyw5nnt","PackageIdentityName":"FACEBOOK.317180B0BB486","PublisherCertificateName":"CN=6E08453F-9BA7-4311-999C-D22FBA2FB1B8","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"c6a9fa5c-20a2-4e12-904d-edd408657dc8"},{"IdType":"LegacyWindowsPhoneProductId","Value":"3219d30d-4a23-4f58-a91c-c44b04e6a0c7"},{"IdType":"XboxTitleId","Value":"2004208728"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-12-06T03:21:59.5689546Z||.||a6e233a8-4347-4ff6-a4aa-953fcb950be0||1152921505695651047||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku":{"LastModifiedDate":"2022-12-06T03:20:53.0216621Z","LocalizedProperties":[{"SkuDescription":"Made for big screens and close connections. Get access to free* texting, and high-quality voice & video chat built specifically for desktop.\r\n\r\nMADE FOR DESKTOP, MADE
            Source: SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000015.00000003.370813987.000001CE7CEB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
            Source: svchost.exe, 0000001F.00000002.431097656.000002BC8F500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: svchost.exe, 0000001F.00000002.430836706.000002BC8EAE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000015.00000003.370813987.000001CE7CEB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
            Source: SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000015.00000003.370813987.000001CE7CEB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
            Source: SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000015.00000003.370813987.000001CE7CEB6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 00000018.00000003.363118461.0000000001A62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
            Source: svchost.exe, 0000001F.00000002.430836706.000002BC8EAE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
            Source: SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000015.00000003.370813987.000001CE7CEB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
            Source: SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000015.00000003.370813987.000001CE7CEB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
            Source: wiservice.exe, 0000003D.00000002.566952484.0000026149E53000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.564065548.000001A21B879000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
            Source: SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000015.00000003.370813987.000001CE7CEB6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 00000018.00000003.363118461.0000000001A62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
            Source: svchost.exe, 0000001F.00000003.403015937.000002BC8F59C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403193816.000002BC8F5A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403163507.000002BC8F58A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403100725.000002BC8F579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://help.disneyplus.com
            Source: wiservice.exe, 00000013.00000000.335171288.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000013.00000002.342744442.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350355369.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000002.379917191.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000000.458460174.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.481251885.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.461919295.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.473639808.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://jimmac.musichall.cz
            Source: SetupWIService.exe, SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000000.294309687.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
            Source: SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000000.294309687.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000015.00000003.370813987.000001CE7CEB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
            Source: SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000015.00000003.370813987.000001CE7CEB6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 00000018.00000003.363118461.0000000001A62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
            Source: wiservice.exe, 0000003D.00000002.566952484.0000026149E53000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.564065548.000001A21B879000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com09
            Source: SetupWIService.exe, 00000000.00000002.549647948.0000000000672000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000003.545649630.000000000066E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pbx.wildix.com
            Source: SetupWIService.exe, 00000000.00000002.549647948.0000000000672000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000003.545649630.000000000066E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pbx.wildix.comDisplayIcon
            Source: wiservice.exe, 00000013.00000000.335171288.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000013.00000002.342744442.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350355369.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000002.379917191.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000000.458460174.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.481251885.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.461919295.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.473639808.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.gimp.orgg
            Source: wiservice.exe, 00000013.00000002.338614183.00000244D2548000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000002.375509820.000001CE7CE38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469260343.0000025192FAF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.466508765.00000154F7D48000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/
            Source: wiservice.exe, 0000003C.00000002.466508765.00000154F7D48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/dll3
            Source: wiservice.exe, 00000036.00000003.461972715.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469964690.0000025192FE5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467243444.0000025192FFF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.463102109.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461653010.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465952581.0000025192FE1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461718807.0000025193043000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.462040358.0000025193043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/wildix-collaboration/lobgohpoobpijgfegnlhdnppegdbomkn
            Source: wiservice.exe, 00000036.00000003.467243444.0000025192FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/wildix-collaboration/lobgohpoobpijgfegnlhdnppegdbomknP
            Source: wiservice.exe, 00000036.00000003.461972715.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469096792.0000025192F99000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469964690.0000025192FE5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467243444.0000025192FFF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464145729.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461856499.0000025193049000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.463102109.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461653010.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465952581.0000025192FE1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465717602.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461718807.0000025193043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/x-bees/olejekejjhgimnlliplaiodgmbpcflhi
            Source: wiservice.exe, 00000013.00000000.335171288.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000013.00000002.342744442.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350355369.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000002.379917191.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000000.458460174.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.481251885.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.461919295.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.473639808.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
            Source: svchost.exe, 0000001F.00000003.403015937.000002BC8F59C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403193816.000002BC8F5A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403163507.000002BC8F58A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403100725.000002BC8F579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://disneyplus.com/legal/subscriber-agreement
            Source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000003.501564671.0000026149EAD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003D.00000003.500298278.0000026149EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Analytics/wiservice
            Source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Analytics/wiserviceext_getsid()
            Source: wiservice.exe, 00000013.00000002.338614183.00000244D2548000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000002.375509820.000001CE7CE38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469260343.0000025192FAF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.466508765.00000154F7D48000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservice
            Source: wiservice.exe, 00000013.00000002.338614183.00000244D2548000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000002.466508765.00000154F7D48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservicee
            Source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/WiserviceemailothersendLogssizestypemessagecontextfeedba
            Source: wiservice.exe, 00000036.00000002.469260343.0000025192FAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservicer$
            Source: wiservice.exe, 00000036.00000003.465717602.0000025193063000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com
            Source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000003.468204748.0000025192FD3000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.468071215.0000025192FCD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467302337.0000025192FBB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.469810859.0000025192FD5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/
            Source: wiservice.exe, 00000036.00000003.466905339.0000025193004000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/applications.json
            Source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/applications.jsonintegrations.jsonx-beesNativeApp.jsonC:
            Source: wiservice.exe, 00000013.00000002.338614183.00000244D2548000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000002.375509820.000001CE7CE38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469260343.0000025192FAF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.468204748.0000025192FD3000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.468071215.0000025192FCD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467302337.0000025192FBB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.469810859.0000025192FD5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000002.466508765.00000154F7D48000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.json
            Source: wiservice.exe, 0000003C.00000002.466508765.00000154F7D48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.json(3
            Source: wiservice.exe, 00000036.00000003.468204748.0000025192FD3000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.468071215.0000025192FCD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467302337.0000025192FBB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469810859.0000025192FD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonQ
            Source: wiservice.exe, 00000013.00000002.338614183.00000244D2548000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonW
            Source: wiservice.exe, 00000015.00000002.375509820.000001CE7CE38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsone.dll
            Source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonhttps://backtrace.wildix.com/api/v1/Integrati
            Source: wiservice.exe, 00000036.00000003.466262887.0000025193006000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.470174820.0000025193008000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/collaboratio
            Source: wiservice.exe, 00000036.00000003.464479574.000002519300A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.463343581.000002519300A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.463089405.0000025193058000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.466262887.0000025193006000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467034842.0000025193061000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465924253.0000025193060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkg
            Source: wiservice.exe, 00000036.00000003.467034842.0000025193061000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465924253.0000025193060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkgO&
            Source: wiservice.exe, 00000036.00000003.463102109.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461653010.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465717602.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467034842.0000025193061000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461718807.0000025193043000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465924253.0000025193060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/wiservice/WIService.pkg
            Source: wiservice.exe, 00000036.00000003.467034842.0000025193061000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465924253.0000025193060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/wiservice/WIService.pkg3&n=
            Source: wiservice.exe, 00000036.00000003.464145729.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.463102109.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465717602.0000025193063000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/wiservice/WIService.pkgS#
            Source: wiservice.exe, 00000036.00000002.470108834.0000025193000000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465874174.000002519307E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467243444.0000025192FFF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464237105.000002519303D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464145729.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.466398514.0000025193011000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467302337.0000025192FBB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.470232397.0000025193011000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469373608.0000025192FC0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465717602.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464223781.000002519307E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.468232893.0000025192FBF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464123773.000002519307E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/x-bees/x-bees.pkg
            Source: wiservice.exe, 00000036.00000002.470108834.0000025193000000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467243444.0000025192FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/x-bees/x-bees.pkgdates
            Source: wiservice.exe, 00000036.00000003.466262887.0000025193006000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.470174820.0000025193008000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465924253.0000025193060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/collaboration/Collaboration-x64.exe
            Source: wiservice.exe, 00000036.00000003.461972715.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464145729.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461856499.0000025193049000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467302337.0000025192FBB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.463102109.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461653010.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469373608.0000025192FC0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465717602.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461718807.0000025193043000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.468232893.0000025192FBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/tapi/WildixTAPI.exe
            Source: wiservice.exe, 00000036.00000003.463102109.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461653010.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465717602.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467034842.0000025193061000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461718807.0000025193043000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465924253.0000025193060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/wiservice/SetupWIService.exe
            Source: wiservice.exe, 00000036.00000003.467034842.0000025193061000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465924253.0000025193060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/wiservice/SetupWIService.exeW&J=(
            Source: wiservice.exe, 00000036.00000003.465874174.000002519307E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464237105.000002519303D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464145729.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467302337.0000025192FBB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469373608.0000025192FC0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465717602.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464223781.000002519307E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.468232893.0000025192FBF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464123773.000002519307E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/x-bees/x-bees.exe
            Source: wiservice.exe, 00000036.00000003.467302337.0000025192FBB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469373608.0000025192FC0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.468232893.0000025192FBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/x-bees/x-bees.exeQ
            Source: wiservice.exe, 00000036.00000003.468204748.0000025192FD3000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.468071215.0000025192FCD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467302337.0000025192FBB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469810859.0000025192FD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/x-beesNativeApp.json
            Source: SetupWIService.exe, 00000000.00000002.549647948.0000000000672000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000003.545649630.000000000066E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firmwares.wildix.com/app/integrations/vc_redist.x64.exe
            Source: SetupWIService.exe, 00000000.00000002.549647948.0000000000672000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000003.545649630.000000000066E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firmwares.wildix.com/app/integrations/vc_redist.x64.exegetOKError
            Source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16739
            Source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assign
            Source: SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000015.00000003.370813987.000001CE7CEB6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 00000018.00000003.363118461.0000000001A62000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003D.00000002.566952484.0000026149E53000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.564065548.000001A21B879000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
            Source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000003.476893151.0000026149E0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wildix.atlassian.net/wiki/x/HgfOAQ
            Source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://wildix.atlassian.net/wiki/x/HgfOAQ&Logsuser
            Source: svchost.exe, 0000001F.00000003.403015937.000002BC8F59C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403193816.000002BC8F5A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403163507.000002BC8F58A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403100725.000002BC8F579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.disneyplus.com/legal/privacy-policy
            Source: svchost.exe, 0000001F.00000003.403015937.000002BC8F59C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403193816.000002BC8F5A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403163507.000002BC8F58A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403100725.000002BC8F579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.disneyplus.com/legal/your-california-privacy-rights
            Source: svchost.exe, 0000001F.00000003.404662343.000002BC8F5AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.404706434.000002BC8F598000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.405065942.000002BC8F583000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.404545643.000002BC8F5AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.404781198.000002BC8FA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/legal/report/feedback
            Source: wiservice.exe, 0000003D.00000003.478618885.0000026149E8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.wildix.com
            Source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.wildix.comext_openfolder()
            Source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://x-bees.biz
            Source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://x-bees.bizisSecureporttype
            Source: unknownHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 498Content-Type: application/x-www-form-urlencoded
            Source: unknownDNS traffic detected: queries for: files.wildix.com
            Source: global trafficHTTP traffic detected: GET /integrations/integrations.json HTTP/1.1Host: files.wildix.comAccept: */*
            Source: global trafficHTTP traffic detected: GET /integrations/applications.json HTTP/1.1Host: files.wildix.comAccept: */*
            Source: global trafficHTTP traffic detected: GET /integrations/x-beesNativeApp.json HTTP/1.1Host: files.wildix.comAccept: */*
            Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00405275 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405275

            Spam, unwanted Advertisements and Ransom Demands

            barindex
            Modifies the hosts file
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
            Source: SetupWIService.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: C:\Windows\System32\spoolsv.exeFile deleted: C:\Windows\System32\spool\drivers\x64\3\Old\1\stddtype.gdlJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_0040326B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326B
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\wfaxport.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00406FC40_2_00406FC4
            Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_004067ED0_2_004067ED
            Source: C:\Windows\System32\spoolsv.exeCode function: 24_2_00007FFA12709CA024_2_00007FFA12709CA0
            Source: C:\Windows\System32\spoolsv.exeCode function: 24_2_00007FFA1270130024_2_00007FFA12701300
            Source: C:\Windows\System32\spoolsv.exeCode function: 24_2_00007FFA127021A024_2_00007FFA127021A0
            Source: C:\Windows\System32\spoolsv.exeCode function: 24_2_00007FFA127031A024_2_00007FFA127031A0
            Source: C:\Windows\System32\spoolsv.exeCode function: 24_2_00007FFA126FD23024_2_00007FFA126FD230
            Source: C:\Windows\System32\spoolsv.exeCode function: 24_2_00007FFA1270482024_2_00007FFA12704820
            Source: C:\Windows\System32\spoolsv.exeCode function: 24_2_00007FFA127019D024_2_00007FFA127019D0
            Source: C:\Windows\System32\spoolsv.exeCode function: 24_2_00007FFA126F6F1024_2_00007FFA126F6F10
            Source: C:\Windows\System32\spoolsv.exeCode function: 24_2_00007FFA126F0CE024_2_00007FFA126F0CE0
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 32_2_00007FF9A55F0BD132_2_00007FF9A55F0BD1
            Source: C:\Windows\System32\spoolsv.exeCode function: String function: 00007FFA127050C0 appears 48 times
            Source: UC.dll.0.drStatic PE information: No import functions for PE file found
            Source: C:\Windows\System32\spoolsv.exeSection loaded: ualapi.dllJump to behavior
            Source: C:\Windows\System32\spoolsv.exeSection loaded: ualapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeFile read: C:\Users\user\Desktop\SetupWIService.exeJump to behavior
            Source: SetupWIService.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\SetupWIService.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\SetupWIService.exe C:\Users\user\Desktop\SetupWIService.exe
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exe
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exe
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exe
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exe
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exe
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exe
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exe
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exe
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exe
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exe
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exe
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exe
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --removesvc
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
            Source: unknownProcess created: C:\Windows\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe
            Source: unknownProcess created: C:\Windows\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
            Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
            Source: unknownProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --update
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
            Source: unknownProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\WIService.exe"
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc
            Source: unknownProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc
            Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
            Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk
            Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
            Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
            Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --removesvcJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinterJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebaseJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebaseJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebaseJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebaseJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebaseJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebaseJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebaseJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /FJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenableJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyexJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvcJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnkJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
            Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
            Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
            Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: unknown unknown
            Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
            Source: C:\Users\user\Desktop\SetupWIService.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_0040326B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326B
            Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIService.exe")
            Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIui.exe")
            Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wirtpproxy.exe")
            Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wiservice-ui.exe")
            Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vncsrv.exe")
            Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookIntegration.exe")
            Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookIntegration.exe")
            Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIui.exe")
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Users\user\AppData\Roaming\WildixJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsoF9C4.tmpJump to behavior
            Source: classification engineClassification label: mal57.troj.adwa.evad.winEXE@102/87@5/4
            Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00402138 CoCreateInstance,MultiByteToWideChar,0_2_00402138
            Source: C:\Users\user\Desktop\SetupWIService.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.UInt64 WebSocketSharp.PayloadData::get_Length()
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Void WebSocketSharp.PayloadData::Mask(System.Byte[])
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Collections.IEnumerator WebSocketSharp.PayloadData::System.Collections.IEnumerable.GetEnumerator()
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Void WebSocketSharp.PayloadData::.ctor(System.Byte[],System.Int64)
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Byte[] WebSocketSharp.PayloadData::get_ExtensionData()
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Boolean WebSocketSharp.PayloadData::get_IncludesReservedCloseStatusCode()
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Collections.Generic.IEnumerator`1<System.Byte> WebSocketSharp.PayloadData::GetEnumerator()
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.String WebSocketSharp.PayloadData::ToString()
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Void WebSocketSharp.PayloadData::.cctor()
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Void WebSocketSharp.PayloadData::.ctor(System.Byte[])
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Void WebSocketSharp.PayloadData::set_ExtensionDataLength(System.Int64)
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Byte[] WebSocketSharp.PayloadData::ToArray()
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Byte[] WebSocketSharp.PayloadData::get_ApplicationData()
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Void WebSocketSharp.PayloadData::.ctor()
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Int64 WebSocketSharp.PayloadData::get_ExtensionDataLength()
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/CloseEventArgs.csSuspicious method names: WebSocketSharp.PayloadData WebSocketSharp.CloseEventArgs::get_PayloadData()
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/CloseEventArgs.csSuspicious method names: System.Void WebSocketSharp.CloseEventArgs::.ctor(WebSocketSharp.PayloadData)
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: WebSocketSharp.WebSocketFrame WebSocketSharp.WebSocketFrame::readExtendedPayloadLength(System.IO.Stream,WebSocketSharp.WebSocketFrame)
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: System.UInt64 WebSocketSharp.WebSocketFrame::get_FullPayloadLength()
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: System.Byte WebSocketSharp.WebSocketFrame::get_PayloadLength()
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: System.Byte[] WebSocketSharp.WebSocketFrame::get_ExtendedPayloadLength()
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: System.Void WebSocketSharp.WebSocketFrame::readExtendedPayloadLengthAsync(System.IO.Stream,WebSocketSharp.WebSocketFrame,System.Action`1<WebSocketSharp.WebSocketFrame>,System.Action`1<System.Exception>)
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: System.Void WebSocketSharp.WebSocketFrame::.ctor(WebSocketSharp.Opcode,WebSocketSharp.PayloadData,System.Boolean)
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: System.Void WebSocketSharp.WebSocketFrame::.ctor(WebSocketSharp.Fin,WebSocketSharp.Opcode,WebSocketSharp.PayloadData,System.Boolean,System.Boolean)
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: System.Void WebSocketSharp.WebSocketFrame::readPayloadDataAsync(System.IO.Stream,WebSocketSharp.WebSocketFrame,System.Action`1<WebSocketSharp.WebSocketFrame>,System.Action`1<System.Exception>)
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: WebSocketSharp.WebSocketFrame WebSocketSharp.WebSocketFrame::readPayloadData(System.IO.Stream,WebSocketSharp.WebSocketFrame)
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: System.Int32 WebSocketSharp.WebSocketFrame::get_ExtendedPayloadLengthCount()
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: WebSocketSharp.WebSocketFrame WebSocketSharp.WebSocketFrame::CreateCloseFrame(WebSocketSharp.PayloadData,System.Boolean)
            Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: WebSocketSharp.PayloadData WebSocketSharp.WebSocketFrame::get_PayloadData()
            Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00404530 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404530
            Source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
            Source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
            Source: Office.dll.0.dr, Office.Core/WorkflowTask.csTask registration methods: 'get_CreatedDate', 'get_CreatedBy'
            Source: Office.dll.0.dr, Office.Core/ICTPFactory.csTask registration methods: 'CreateCTP'
            Source: Office.dll.0.dr, Office.Core/SharedWorkspaceTask.csTask registration methods: 'get_CreatedDate', 'get_CreatedBy'
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4132:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5664:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4760:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2472:120:WilError_01
            Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.desktop-integration.service
            Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.dispatcher
            Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.watchdog
            Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.updater
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2848:120:WilError_01
            Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WIS
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5236:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4356:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4504:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5356:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5264:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5016:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5712:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3804:120:WilError_01
            Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.svchost
            Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.desktop-integration.proxyex
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3636:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5816:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4640:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:524:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2856:120:WilError_01
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\WildixJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe
            Source: unknownProcess created: C:\Windows\explorer.exe
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exeJump to behavior
            Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\SetupWIService.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\Wildix.AddInJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIServiceJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeFile opened: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
            Source: SetupWIService.exeStatic file information: File size 13876464 > 1048576
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\WildixJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIServiceJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xmlJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix.icoJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wiservice.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\faxJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDLJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDNAMES.GPDJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDLJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDLJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.HLPJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\imgprint.gpdJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwaresJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtBase0x5642.dfuJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtHeadset0x5642.dfuJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resourcesJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resources\cdr.dbJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook IntegrationJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Office.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\UC.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\wildix-oi.icoJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dll.manifestJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dllJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.vstoJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exe.configJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\proxyex.lnkJump to behavior
            Source: C:\Program Files\Wildix\WIService\wiservice.exeDirectory created: C:\Program Files\Wildix\updates
            Source: SetupWIService.exeStatic PE information: certificate valid
            Source: SetupWIService.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: C:\design\wiservice\deploy\win-x64-release\wiservice.pdb source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp
            Source: Binary string: C:\design\wiservice\deploy\win-x64-release\wiservice.pdbg source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\rand\randfile.cFilename=RANDFILESYSTEMROOT.rnd` source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp
            Source: Binary string: C:\design\wiservice\deploy\win-x64-release\fax\wfaxport.pdb``. source: spoolsv.exe, 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmp
            Source: Binary string: C:\design\wiservice\deploy\win-x64-release\fax\wfaxport.pdb source: spoolsv.exe, 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmp

            Data Obfuscation

            barindex
            Yara detected GuLoader
            Source: Yara matchFile source: 00000000.00000003.547551815.00000000006C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.550313217.00000000006C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.546819473.00000000006C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.546214148.0000000000696000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.549911172.000000000069A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.547302408.0000000000696000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SetupWIService.exe PID: 5396, type: MEMORYSTR
            Source: C:\Windows\System32\spoolsv.exeCode function: 24_2_00007FFA12712885 push rdi; ret 24_2_00007FFA12712886
            Source: Newtonsoft.Json.dll.0.drStatic PE information: 0xDFF1C7F1 [Fri Jan 21 16:48:49 2089 UTC]
            Source: initial sampleStatic PE information: section name: .text entropy: 6.892055007396566
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exeJump to dropped file
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to dropped file
            Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dllJump to dropped file
            Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dllJump to dropped file
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
            Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\nsDialogs.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Office.dllJump to dropped file
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\wfaxport.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Serilog.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exeJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\wiservice.exeJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\nsExec.dllJump to dropped file
            Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dllJump to dropped file
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to dropped file
            Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to dropped file
            Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\UC.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to dropped file
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to dropped file
            Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
            Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dllJump to dropped file
            Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dllJump to dropped file
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
            Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
            Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)Jump to dropped file
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\wfaxport.dllJump to dropped file
            Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)Jump to dropped file

            Boot Survival

            barindex
            Sets file extension default program settings to executables
            Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\callto\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sip\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wildix\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_CURRENT_USER_Classes\callto\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_CURRENT_USER_Classes\sip\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_CURRENT_USER_Classes\tel\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_CURRENT_USER_Classes\wildix\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tel\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
            Uses schtasks.exe or at.exe to add and modify task schedules
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildixJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIServiceJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnkJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WIServiceJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WIServiceJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Tries to delay execution (extensive OutputDebugStringW loop)
            Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: OutputDebugStringW count: 233
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5344Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5936Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\System32\svchost.exe TID: 5484Thread sleep time: -150000s >= -30000s
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5464Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5740Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5788Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 6000Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5412Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 1440Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\System32\spoolsv.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_24-17448
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exeJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to dropped file
            Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to dropped file
            Source: C:\Program Files\Wildix\WIService\wiservice.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
            Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Office.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exeJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Serilog.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\UC.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to dropped file
            Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to dropped file
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\spoolsv.exeAPI coverage: 4.3 %
            Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information queried: ProcessInformation
            Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00402765 FindFirstFileA,0_2_00402765
            Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00406313 FindFirstFileA,FindClose,0_2_00406313
            Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_004057D8 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004057D8
            Source: C:\Windows\System32\spoolsv.exeCode function: 24_2_00007FFA126F3F10 FindFirstFileW,_invalid_parameter_noinfo_noreturn,FindClose,24_2_00007FFA126F3F10
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\user\Desktop\SetupWIService.exeAPI call chain: ExitProcess graph end nodegraph_0-3236
            Source: svchost.exe, 0000001F.00000002.430951987.000002BC8EAFA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @Hyper-V RAW
            Source: svchost.exe, 0000001F.00000002.430573675.000002BC8EAA5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.430836706.000002BC8EAE6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: wiservice.exe, 00000013.00000003.337330808.00000244D2582000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000013.00000002.338786054.00000244D2584000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000013.00000003.337131906.00000244D2579000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000015.00000003.375062346.000001CE7CE6F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000015.00000002.375590204.000001CE7CE71000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000015.00000003.374508535.000001CE7CE67000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.468071215.0000025192FCD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467302337.0000025192FBB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000003.465466309.00000154F7D78000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000002.466808920.00000154F7D7A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: spoolsv.exe, 00000017.00000002.357533265.0000000000C9A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllnn
            Source: spoolsv.exe, 00000018.00000002.561483481.0000000000CD8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll{{
            Source: C:\Windows\System32\spoolsv.exeCode function: 24_2_00007FFA12706758 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,24_2_00007FFA12706758
            Source: C:\Windows\System32\spoolsv.exeCode function: 24_2_00007FFA12715320 GetProcessHeap,HeapFree,24_2_00007FFA12715320
            Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: page read and write | page guard
            Source: C:\Windows\System32\spoolsv.exeCode function: 24_2_00007FFA12706758 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,24_2_00007FFA12706758
            Source: C:\Windows\System32\spoolsv.exeCode function: 24_2_00007FFA12705ED0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,24_2_00007FFA12705ED0

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Modifies the hosts file
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
            DLL side loading technique detected
            Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\wfaxport.dllJump to behavior
            Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to behavior
            Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to behavior
            Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\3\unidrvui.dllJump to behavior
            Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\3\unidrv.dllJump to behavior
            Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\3\unidrvui.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebaseJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebaseJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebaseJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebaseJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebaseJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebaseJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebaseJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /FJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenableJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
            Source: wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: couldn't join streamer iteration threadjoin streamer iteration threadstreamerc:\design\wiservice\wiservice\integrations\screen-sharing\Streamer.cppcouldn't create streamer iteration threadinvalid wildix auth replywildix auth reply '{}' receivedwildix auth marker '{}' sentXWD_REFM_OKWD_REFM_01streamer's pending connection couldn't complete in {}mswaiting for all connections to resolvexinvalid peer '{}'%dserver connectedauth failedcouldn't create socketconnecting to {}:{}seqid {:#x} does not match last sent PING request ({:#x})couldn't reconnectE_SCREEN_SHARINGdisplaysconfigprimaryheightwidthysetting 'app' parameter to '{}'setting 'control' parameter to '{}'setting 'display' parameter to '{}'put message on hold because user does not allow remote controlpongR_SCREEN_SHARINGSHUTDOWNdisconnectedgetconfigsetparameterspinginvalid commandseqidinvalid msgdatacouldn't parse message JSONlaunching system process toolfirst lock took {}mslast iteration took {}ms{}:{}recreating desktop objectdesktop recording is restrictedprocess pending parameters change requestunrecognized command '{}'showprocesstoolsize: {}x{}, desktop size: {}x{}sleep took {}msthird lock took {}msframebuffer update took {}msdesktop resize took {}mssecond lock took {}msdesktop update took {}msdesktop target check took {}msexit loopreconnecting due to error, {} attempts left{}ms without PONG replies from clientconnection goneconnectedserver screenupdate took {} msclosing server due to screen resizeFinishing desktop notifications loopDesktop configuration changedCouldn't create desktop notification window. CreateWindowExW() failed with error {}WIService.DesktopNotifyc:\design\wiservice\wiservice\integrations\screen-sharing\utils\win\WinDesktopConfiguration.cppStarting desktop notifications loopNo HMONITOR found for supplied device index {}Generic PnP MonitorRefreshing desktop configurationRefreshing window configurationButtonProgmanX
            Source: C:\Users\user\Desktop\SetupWIService.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SetupWIService.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
            Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\spoolsv.exeCode function: 24_2_00007FFA126E14A0 cpuid 24_2_00007FFA126E14A0
            Source: C:\Program Files\Wildix\WIService\wiservice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
            Source: C:\Windows\System32\spoolsv.exeCode function: 24_2_00007FFA126FC7C0 GetSystemTimeAsFileTime,24_2_00007FFA126FC7C0
            Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_0040326B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326B

            Lowering of HIPS / PFW / Operating System Security Settings

            barindex
            Uses netsh to modify the Windows network and firewall settings
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
            Modifies the hosts file
            Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
            Modifies the windows firewall
            Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid Accounts1
            Windows Management Instrumentation            		11
            DLL Side-Loading            		11
            DLL Side-Loading            		1
            File and Directory Permissions Modification            		OS Credential Dumping1
            System Time Discovery            		Remote Services11
            Archive Collected Data            		Exfiltration Over Other Network Medium1
            Ingress Tool Transfer            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
            System Shutdown/Reboot
            Default Accounts1
            Native API            		1
            DLL Search Order Hijacking            		1
            DLL Search Order Hijacking            		211
            Disable or Modify Tools            		LSASS Memory2
            File and Directory Discovery            		Remote Desktop Protocol1
            Clipboard Data            		Exfiltration Over Bluetooth11
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain Accounts11
            Scheduled Task/Job            		1
            Windows Service            		1
            Access Token Manipulation            		1
            Deobfuscate/Decode Files or Information            		Security Account Manager27
            System Information Discovery            		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
            Non-Application Layer Protocol            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)11
            Scheduled Task/Job            		1
            Windows Service            		3
            Obfuscated Files or Information            		NTDS21
            Security Software Discovery            		Distributed Component Object ModelInput CaptureScheduled Transfer4
            Application Layer Protocol            		SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCron11
            Registry Run Keys / Startup Folder            		12
            Process Injection            		1
            Software Packing            		LSA Secrets2
            Process Discovery            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.common11
            Scheduled Task/Job            		1
            Timestomp            		Cached Domain Credentials121
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup Items11
            Registry Run Keys / Startup Folder            		11
            DLL Side-Loading            		DCSync1
            Remote System Discovery            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
            DLL Search Order Hijacking            		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
            File Deletion            		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
            Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)123
            Masquerading            		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
            Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron121
            Virtualization/Sandbox Evasion            		Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
            Compromise Software Supply ChainUnix ShellLaunchdLaunchd1
            Access Token Manipulation            		KeyloggingLocal GroupsComponent Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery
            Compromise Hardware Supply ChainVisual BasicScheduled TaskScheduled Task12
            Process Injection            		GUI Input CaptureDomain GroupsExploitation of Remote ServicesEmail CollectionCommonly Used PortProxyDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 763396 Sample: SetupWIService.exe Startdate: 08/12/2022 Architecture: WINDOWS Score: 57 83 Yara detected GuLoader 2->83 85 Tries to delay execution (extensive OutputDebugStringW loop) 2->85 8 SetupWIService.exe 43 86 2->8         started        12 spoolsv.exe 109 45 2->12         started        14 wiservice.exe 2->14         started        17 7 other processes 2->17 process3 dnsIp4 59 C:\Program Files\Wildix\...\wiservice.exe, PE32+ 8->59 dropped 61 C:\...\WisUpdateCheckerTaskX64.xml, XML 8->61 dropped 63 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 8->63 dropped 71 29 other files (none is malicious) 8->71 dropped 93 Sets file extension default program settings to executables 8->93 95 Modifies the windows firewall 8->95 19 wiservice.exe 2 19 8->19         started        22 cmd.exe 8->22         started        25 wiservice.exe 8->25         started        33 20 other processes 8->33 65 C:\Windows\system32\...\unires.dll (copy), PE32+ 12->65 dropped 67 C:\Windows\system32\...\unidrvui.dll (copy), PE32+ 12->67 dropped 69 C:\Windows\system32\...\unidrv.dll (copy), PE32+ 12->69 dropped 73 3 other files (none is malicious) 12->73 dropped 97 DLL side loading technique detected 12->97 75 files.wildix.com 52.213.62.3, 443, 49757, 49758 AMAZON-02US United States 14->75 77 feedback.wildix.com 54.93.167.246, 443, 49761, 49763 AMAZON-02US United States 17->77 79 127.0.0.1 unknown unknown 17->79 81 192.168.2.1 unknown unknown 17->81 27 wiservice.exe 17->27         started        29 wiservice.exe 17->29         started        31 wiservice.exe 17->31         started        file5 signatures6 process7 file8 49 C:\Windows\System32\wfaxport.dll, PE32+ 19->49 dropped 51 C:\Windows\System32\spool\...\unidrvui.dll, PE32+ 19->51 dropped 53 C:\Windows\System32\spool\...\unidrv.dll, PE32+ 19->53 dropped 55 C:\Windows\System32\spool\...\unires.dll, PE32+ 19->55 dropped 87 Uses schtasks.exe or at.exe to add and modify task schedules 22->87 89 Uses netsh to modify the Windows network and firewall settings 22->89 35 conhost.exe 22->35         started        37 schtasks.exe 22->37         started        57 C:\Windows\System32\drivers\etc\hosts, ASCII 25->57 dropped 91 Modifies the hosts file 25->91 39 conhost.exe 33->39         started        41 taskkill.exe 1 33->41         started        43 taskkill.exe 1 33->43         started        45 22 other processes 33->45 signatures9 process10 process11 47 Conhost.exe 39->47         started       

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            SetupWIService.exe0%ReversingLabs
            SetupWIService.exe0%VirustotalBrowse

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dll0%ReversingLabs
            C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dll0%ReversingLabs
            C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dll0%ReversingLabs
            C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dll0%ReversingLabs
            C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dll0%ReversingLabs
            C:\Program Files\Wildix\Outlook Integration\Office.dll0%ReversingLabs
            C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dll0%ReversingLabs
            C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dll0%ReversingLabs
            C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dll0%ReversingLabs
            C:\Program Files\Wildix\Outlook Integration\Serilog.dll0%ReversingLabs
            C:\Program Files\Wildix\Outlook Integration\UC.dll0%ReversingLabs
            C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dll0%ReversingLabs
            C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dll0%ReversingLabs
            C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exe0%ReversingLabs
            C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exe0%ReversingLabs
            C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dll0%ReversingLabs
            C:\Program Files\Wildix\WIService\UninstallWIService.exe0%ReversingLabs
            C:\Program Files\Wildix\WIService\fax\UNIDRV.DLL0%ReversingLabs
            C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLL0%ReversingLabs
            C:\Program Files\Wildix\WIService\fax\UNIRES.DLL0%ReversingLabs
            C:\Program Files\Wildix\WIService\fax\wfaxport.dll0%ReversingLabs
            C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dll0%ReversingLabs
            C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exe0%ReversingLabs
            C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dll0%ReversingLabs
            C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dll0%ReversingLabs
            C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dll0%ReversingLabs
            C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dll0%ReversingLabs
            C:\Program Files\Wildix\WIService\wiservice.exe0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\nstFA32.tmp\System.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\nstFA32.tmp\nsDialogs.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\nstFA32.tmp\nsExec.dll0%ReversingLabs
            C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dll0%ReversingLabs
            C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dll0%ReversingLabs
            C:\Windows\System32\spool\drivers\x64\3\New\unires.dll0%ReversingLabs
            C:\Windows\System32\spool\drivers\x64\unidrv.dll0%ReversingLabs
            C:\Windows\System32\spool\drivers\x64\unidrvui.dll0%ReversingLabs
            C:\Windows\System32\spool\drivers\x64\unires.dll0%ReversingLabs
            C:\Windows\System32\wfaxport.dll0%ReversingLabs
            C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)0%ReversingLabs
            C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)0%ReversingLabs
            C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)0%ReversingLabs

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            0.2.SetupWIService.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
            0.0.SetupWIService.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
            http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
            http://ocsp.sectigo.com00%URL Reputationsafe
            http://ocsp.sectigo.com00%URL Reputationsafe
            http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
            http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
            https://www.disneyplus.com/legal/your-california-privacy-rights0%URL Reputationsafe
            https://sectigo.com/CPS00%URL Reputationsafe
            http://www.gimp.orgg0%URL Reputationsafe
            http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%URL Reputationsafe
            https://www.tiktok.com/legal/report/feedback0%URL Reputationsafe
            http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
            https://www.disneyplus.com/legal/privacy-policy0%URL Reputationsafe
            http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%URL Reputationsafe
            http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
            http://jimmac.musichall.cz0%URL Reputationsafe
            https://disneyplus.com/legal/subscriber-agreement0%Avira URL Cloudsafe
            https://www.wildix.comext_openfolder()0%Avira URL Cloudsafe
            http://help.disneyplus.com0%Avira URL Cloudsafe
            https://x-bees.biz0%Avira URL Cloudsafe
            http://pbx.wildix.comDisplayIcon0%Avira URL Cloudsafe
            http://ocsp.sectigo.com090%Avira URL Cloudsafe
            https://x-bees.bizisSecureporttype0%Avira URL Cloudsafe
            https://x-bees.biz2%VirustotalBrowse
            http://crl.ver)0%Avira URL Cloudsafe
            http://help.disneyplus.com0%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            files.wildix.com
            		52.213.62.3
            		truefalse
              		high
              feedback.wildix.com
              		54.93.167.246
              		truefalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://files.wildix.com/integrations/applications.jsonfalse
                  		high
                  https://files.wildix.com/integrations/integrations.jsonfalse
                    		high
                    https://files.wildix.com/integrations/x-beesNativeApp.jsonfalse
                      		high
                      https://feedback.wildix.com/api/v1/Analytics/wiservicefalse
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://disneyplus.com/legal/subscriber-agreementsvchost.exe, 0000001F.00000003.403015937.000002BC8F59C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403193816.000002BC8F5A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403163507.000002BC8F58A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403100725.000002BC8F579000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://wildix.atlassian.net/wiki/x/HgfOAQ&Logsuserwiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpfalse
                          		high
                          https://www.wildix.comext_openfolder()wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000015.00000003.370813987.000001CE7CEB6000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://ocsp.sectigo.com0SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000015.00000003.370813987.000001CE7CEB6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 00000018.00000003.363118461.0000000001A62000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://files.wildix.com/integrations/integrations.jsone.dllwiservice.exe, 00000015.00000002.375509820.000001CE7CE38000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://files.wildix.com/integrations/osx/x-bees/x-bees.pkgdateswiservice.exe, 00000036.00000002.470108834.0000025193000000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467243444.0000025192FFF000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://www.wildix.comwiservice.exe, 0000003D.00000003.478618885.0000026149E8C000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000015.00000003.370813987.000001CE7CEB6000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://feedback.wildix.com/api/v1/Feedback/Wiserviceewiservice.exe, 00000013.00000002.338614183.00000244D2548000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000002.466508765.00000154F7D48000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://files.wildix.comwiservice.exe, 00000036.00000003.465717602.0000025193063000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://feedback.wildix.com/api/v1/Feedback/Wiservicewiservice.exe, 00000013.00000002.338614183.00000244D2548000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000002.375509820.000001CE7CE38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469260343.0000025192FAF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.466508765.00000154F7D48000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpfalse
                                      		high
                                      https://files.wildix.com/integrations/wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000003.468204748.0000025192FD3000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.468071215.0000025192FCD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467302337.0000025192FBB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.469810859.0000025192FD5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpfalse
                                        		high
                                        https://x-bees.bizwiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpfalse
                                        • 2%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://github.com/opencv/opencv/issues/16739wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpfalse
                                          		high
                                          https://curl.haxx.se/docs/http-cookies.htmlwiservice.exe, 00000013.00000000.335171288.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000013.00000002.342744442.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350355369.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000002.379917191.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000000.458460174.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.481251885.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.461919295.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.473639808.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmpfalse
                                            		high
                                            https://firmwares.wildix.com/app/integrations/vc_redist.x64.exegetOKErrorSetupWIService.exe, 00000000.00000002.549647948.0000000000672000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000003.545649630.000000000066E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://wildix.atlassian.net/wiki/x/HgfOAQwiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000003.476893151.0000026149E0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://files.wildix.com/integrations/osx/x-bees/x-bees.pkgwiservice.exe, 00000036.00000002.470108834.0000025193000000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465874174.000002519307E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467243444.0000025192FFF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464237105.000002519303D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464145729.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.466398514.0000025193011000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467302337.0000025192FBB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.470232397.0000025193011000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469373608.0000025192FC0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465717602.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464223781.000002519307E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.468232893.0000025192FBF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464123773.000002519307E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://files.wildix.com/integrations/win/x-bees/x-bees.exewiservice.exe, 00000036.00000003.465874174.000002519307E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464237105.000002519303D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464145729.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467302337.0000025192FBB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469373608.0000025192FC0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465717602.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464223781.000002519307E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.468232893.0000025192FBF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464123773.000002519307E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://files.wildix.com/integrations/integrations.json(3wiservice.exe, 0000003C.00000002.466508765.00000154F7D48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://files.wildix.com/integrations/osx/wiservice/WIService.pkg3&n=wiservice.exe, 00000036.00000003.467034842.0000025193061000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465924253.0000025193060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://files.wildix.com/integrations/osx/collaboratiowiservice.exe, 00000036.00000003.466262887.0000025193006000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.470174820.0000025193008000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://help.disneyplus.comsvchost.exe, 0000001F.00000003.403015937.000002BC8F59C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403193816.000002BC8F5A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403163507.000002BC8F58A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403100725.000002BC8F579000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • 0%, Virustotal, Browse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://files.wildix.com/integrations/win/collaboration/Collaboration-x64.exewiservice.exe, 00000036.00000003.466262887.0000025193006000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.470174820.0000025193008000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465924253.0000025193060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://chrome.google.com/webstore/detail/x-bees/olejekejjhgimnlliplaiodgmbpcflhiwiservice.exe, 00000036.00000003.461972715.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469096792.0000025192F99000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469964690.0000025192FE5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467243444.0000025192FFF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464145729.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461856499.0000025193049000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.463102109.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461653010.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465952581.0000025192FE1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465717602.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461718807.0000025193043000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://files.wildix.com/integrations/osx/wiservice/WIService.pkgwiservice.exe, 00000036.00000003.463102109.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461653010.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465717602.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467034842.0000025193061000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461718807.0000025193043000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465924253.0000025193060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkgO&wiservice.exe, 00000036.00000003.467034842.0000025193061000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465924253.0000025193060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://feedback.wildix.com/api/v1/Analytics/wiserviceext_getsid()wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                    		high
                                                                    https://files.wildix.com/integrations/win/wiservice/SetupWIService.exewiservice.exe, 00000036.00000003.463102109.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461653010.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465717602.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467034842.0000025193061000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461718807.0000025193043000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465924253.0000025193060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://files.wildix.com/integrations/applications.jsonintegrations.jsonx-beesNativeApp.jsonC:wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                        		high
                                                                        http://pbx.wildix.comDisplayIconSetupWIService.exe, 00000000.00000002.549647948.0000000000672000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000003.545649630.000000000066E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://backtrace.wildix.com/api/v1/IntegrationService/Trace/wiservice.exe, 00000013.00000002.338614183.00000244D2548000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000002.375509820.000001CE7CE38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469260343.0000025192FAF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.466508765.00000154F7D48000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                          		high
                                                                          http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#wiservice.exe, 0000003D.00000002.566952484.0000026149E53000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.564065548.000001A21B879000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://feedback.wildix.com/api/v1/Feedback/Wiservicer$wiservice.exe, 00000036.00000002.469260343.0000025192FAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.disneyplus.com/legal/your-california-privacy-rightssvchost.exe, 0000001F.00000003.403015937.000002BC8F59C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403193816.000002BC8F5A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403163507.000002BC8F58A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403100725.000002BC8F579000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://firmwares.wildix.com/app/integrations/vc_redist.x64.exeSetupWIService.exe, 00000000.00000002.549647948.0000000000672000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000003.545649630.000000000066E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://files.wildix.com/integrations/integrations.jsonhttps://backtrace.wildix.com/api/v1/Integratiwiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                		high
                                                                                https://sectigo.com/CPS0SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000015.00000003.370813987.000001CE7CEB6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 00000018.00000003.363118461.0000000001A62000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003D.00000002.566952484.0000026149E53000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.564065548.000001A21B879000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://feedback.wildix.com/api/v1/Feedback/WiserviceemailothersendLogssizestypemessagecontextfeedbawiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                  		high
                                                                                  https://files.wildix.com/integrations/osx/wiservice/WIService.pkgS#wiservice.exe, 00000036.00000003.464145729.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.463102109.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465717602.0000025193063000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://ocsp.sectigo.com09wiservice.exe, 0000003D.00000002.566952484.0000026149E53000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.564065548.000001A21B879000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://www.gimp.orggwiservice.exe, 00000013.00000000.335171288.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000013.00000002.342744442.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350355369.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000002.379917191.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000000.458460174.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.481251885.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.461919295.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.473639808.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000015.00000003.370813987.000001CE7CEB6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://x-bees.bizisSecureporttypewiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://crl.ver)svchost.exe, 0000001F.00000002.430836706.000002BC8EAE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		low
                                                                                    https://www.tiktok.com/legal/report/feedbacksvchost.exe, 0000001F.00000003.404662343.000002BC8F5AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.404706434.000002BC8F598000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.405065942.000002BC8F583000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.404545643.000002BC8F5AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.404781198.000002BC8FA02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://nsis.sf.net/NSIS_ErrorErrorSetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000000.294309687.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                                                                                      		high
                                                                                      http://pbx.wildix.comSetupWIService.exe, 00000000.00000002.549647948.0000000000672000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000003.545649630.000000000066E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://chrome.google.com/webstore/detail/wildix-collaboration/lobgohpoobpijgfegnlhdnppegdbomknwiservice.exe, 00000036.00000003.461972715.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469964690.0000025192FE5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467243444.0000025192FFF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.463102109.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461653010.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465952581.0000025192FE1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461718807.0000025193043000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.462040358.0000025193043000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://backtrace.wildix.com/api/v1/IntegrationService/Trace/dll3wiservice.exe, 0000003C.00000002.466508765.00000154F7D48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tSetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000015.00000003.370813987.000001CE7CEB6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 00000018.00000003.363118461.0000000001A62000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://files.wildix.com/integrations/integrations.jsonWwiservice.exe, 00000013.00000002.338614183.00000244D2548000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.disneyplus.com/legal/privacy-policysvchost.exe, 0000001F.00000003.403015937.000002BC8F59C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403193816.000002BC8F5A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403163507.000002BC8F58A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.403100725.000002BC8F579000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://nsis.sf.net/NSIS_ErrorSetupWIService.exe, SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000000.294309687.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                                                                                                		high
                                                                                                https://files.wildix.com/integrations/win/x-bees/x-bees.exeQwiservice.exe, 00000036.00000003.467302337.0000025192FBB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469373608.0000025192FC0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.468232893.0000025192FBF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0ySetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000015.00000003.370813987.000001CE7CEB6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://files.wildix.com/integrations/win/tapi/WildixTAPI.exewiservice.exe, 00000036.00000003.461972715.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.464145729.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461856499.0000025193049000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467302337.0000025192FBB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.463102109.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461653010.0000025193062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469373608.0000025192FC0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465717602.0000025193063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.461718807.0000025193043000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.468232893.0000025192FBF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#SetupWIService.exe, 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000015.00000003.370813987.000001CE7CEB6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 00000018.00000003.363118461.0000000001A62000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://jimmac.musichall.czwiservice.exe, 00000013.00000000.335171288.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000013.00000002.342744442.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350355369.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000002.379917191.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000000.458460174.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.481251885.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.461919295.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.473639808.00007FF6A3E22000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkgwiservice.exe, 00000036.00000003.464479574.000002519300A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.463343581.000002519300A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.463089405.0000025193058000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.466262887.0000025193006000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467034842.0000025193061000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465924253.0000025193060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://files.wildix.com/integrations/win/wiservice/SetupWIService.exeW&J=(wiservice.exe, 00000036.00000003.467034842.0000025193061000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.465924253.0000025193060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assignwiservice.exe, 00000013.00000002.343004011.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000015.00000000.350819997.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000036.00000002.482773828.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.463121460.00007FF6A3F76000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                          		high
                                                                                                          https://chrome.google.com/webstore/detail/wildix-collaboration/lobgohpoobpijgfegnlhdnppegdbomknPwiservice.exe, 00000036.00000003.467243444.0000025192FFF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://files.wildix.com/integrations/integrations.jsonQwiservice.exe, 00000036.00000003.468204748.0000025192FD3000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.468071215.0000025192FCD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000003.467302337.0000025192FBB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000036.00000002.469810859.0000025192FD5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high

                                                                                                              World Map of Contacted IPs

                                                                                                              • No. of IPs < 25%
                                                                                                              • 25% < No. of IPs < 50%
                                                                                                              • 50% < No. of IPs < 75%
                                                                                                              • 75% < No. of IPs

                                                                                                              Public IPs

                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                              54.93.167.246
                                                                                                              		feedback.wildix.comUnited States
                                                                                                              		16509AMAZON-02USfalse
                                                                                                              52.213.62.3
                                                                                                              		files.wildix.comUnited States
                                                                                                              		16509AMAZON-02USfalse

                                                                                                              Private

                                                                                                              IP
                                                                                                              192.168.2.1
                                                                                                              127.0.0.1

                                                                                                              General Information

                                                                                                              Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                              Analysis ID:763396
                                                                                                              Start date and time:2022-12-08 12:46:11 +01:00
                                                                                                              Joe Sandbox Product:CloudBasic
                                                                                                              Overall analysis duration:0h 13m 35s
                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                              Report type:full
                                                                                                              Sample file name:SetupWIService.exe
                                                                                                              Cookbook file name:default.jbs
                                                                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                              Number of analysed new started processes analysed:70
                                                                                                              Number of new started drivers analysed:0
                                                                                                              Number of existing processes analysed:0
                                                                                                              Number of existing drivers analysed:0
                                                                                                              Number of injected processes analysed:0
                                                                                                              Technologies:
                                                                                                              • HCA enabled
                                                                                                              • EGA enabled
                                                                                                              • HDC enabled
                                                                                                              • AMSI enabled
                                                                                                              Analysis Mode:default
                                                                                                              Analysis stop reason:Timeout
                                                                                                              Detection:MAL
                                                                                                              Classification:mal57.troj.adwa.evad.winEXE@102/87@5/4
                                                                                                              EGA Information:
                                                                                                              • Successful, ratio: 100%
                                                                                                              HDC Information:
                                                                                                              • Successful, ratio: 100% (good quality ratio 68.6%)
                                                                                                              • Quality average: 50.5%
                                                                                                              • Quality standard deviation: 41.8%
                                                                                                              HCA Information:
                                                                                                              • Successful, ratio: 100%
                                                                                                              • Number of executed functions: 92
                                                                                                              • Number of non-executed functions: 132
                                                                                                              Cookbook Comments:
                                                                                                              • Found application associated with file extension: .exe

                                                                                                              Warnings

                                                                                                              • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, wuapihost.exe
                                                                                                              • Excluded IPs from analysis (whitelisted): 20.82.228.9, 20.82.154.241
                                                                                                              • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, eudb.ris.api.iris.microsoft.com, ctldl.windowsupdate.com, arc.msn.com, neus1c-displaycatalog.frontdoor.bigcatalog.commerce.microsoft.com, ris.api.iris.microsoft.com, rp-consumer-prod-displaycatalog-geomap.trafficmanager.net, login.live.com, neus2c-displaycatalog.frontdoor.bigcatalog.commerce.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                              Simulations

                                                                                                              Behavior and APIs

                                                                                                              TimeTypeDescription
                                                                                                              12:47:54API Interceptor8x Sleep call for process: svchost.exe modified
                                                                                                              12:48:01API Interceptor1x Sleep call for process: MpCmdRun.exe modified
                                                                                                              12:48:13Task SchedulerRun new task: WIService update checker path: C:\Program Files\Wildix\WIService\wiservice.exe s>--update
                                                                                                              12:48:15AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run WIService C:\Program Files\Wildix\WIService\WIService.exe

                                                                                                              Joe Sandbox View / Context

                                                                                                              IPs

                                                                                                              No context

                                                                                                              Domains

                                                                                                              No context

                                                                                                              ASNs

                                                                                                              No context

                                                                                                              JA3 Fingerprints

                                                                                                              No context

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):985392
                                                                                                              Entropy (8bit):5.550542405629574
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24576:hmPj0ZKH4lODcxSgo5Gn8WuMRIn+N3gN+zs5KPIVmkXiGzcJy3gt2LER6GvK9HwK:hmb0ZKH4lODcxSgo5Gn8WuMRIn+N3gNj
                                                                                                              MD5:F669B20C330254249CB110E19708F4F7
                                                                                                              SHA1:8DC3588BF18F9E5C72E214DA7BA79ACA4908D0D6
                                                                                                              SHA-256:184033CD4DC43E73A06345947A01BA7A83EAE72A3721DC0A4E20A9831DE3F898
                                                                                                              SHA-512:D64AC85C2F55DA13C8FE5AAD2F4700EFDD619E7ED7336E2CB58416B4506D4DD2000386EE11A5C899BFF9B147D1F9FE8706654D35018C8322E435F80EE061C436
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2.V...........!......... ........... ........@.. ....................... ......./....@.....................................K.......................0)........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):37168
                                                                                                              Entropy (8bit):6.392736842289952
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:GWw7k8otmBsHC+w4TEn4jo+qMzEeBoOR/VEPY+GQ4A4agQS6Lc7DQWgyxmYi/Tjk:LwJTwYB4E5n/xe5arDkTC8PpyiRF
                                                                                                              MD5:512F3F6B243FE82C741BF14261ACDB99
                                                                                                              SHA1:5241EF31980F6FBF7DDC248A932AFCA7851AC21A
                                                                                                              SHA-256:D3FB4CD4E99C07302880571C04D55942FEB323F892CA0758BF39A214FACC88F3
                                                                                                              SHA-512:4C1D9CDC2AFF1220A8FA42AAFEA5632E8D2A71C03E80B59E8FD6706ED83364553B269BCF94351E0F4D2DA3D0C46ADFF53BC7F8785A4C121CFE5AC335CBC26012
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..K...........!.....X..........nv... ........... .............................._.....@..................................v..O.......d............h..0)..........tu............................................... ............... ..H............text...tV... ...X.................. ..`.rsrc...d............Z..............@..@.reloc...............f..............@..B................Pv......H....... &..TO..................P .......................................2...B..5....vO{:R.G.._(P%+.....|cn.A..@.E.#.....w.....?o......."[......6...|..z...:,.L.......A..|.T^k.A....R-...N.......(/............o~...}......{....op...}....*..{....*v.{....ox.....o....u.........*2.{....ov...*2.{....ow...*2.{....ox...*6.{.....or...*6.{.....os...*6.{.....ot...*6.{.....ou...*2.{....on...*2.{....oe...*2.{....of...*2.{....oo...*2.{....ok...*2.{....oi...*2.{....oj...*2.{....om...

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):53552
                                                                                                              Entropy (8bit):6.185009091374916
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:q7vV5z3+6KTqUPtLnPDiQ0fWST41mocNAwkEGjhl2BOBaBnD/4xFsOKkTGyiRJw:8Vs6c3dKkTGyio
                                                                                                              MD5:6AE79ACCFFE1B283F3912211F7BC415B
                                                                                                              SHA1:72B9F7C854DE4DFB887E34FAE7BA391918652DEA
                                                                                                              SHA-256:646E6ECABC1EDAEE0AEF80087A1EA09DD960E0F531DB2E1E1478CA47812BC048
                                                                                                              SHA-512:34A809235FE46718C2A0394E2075ADC5F1340070D7165D0C9BC4DC1EC9BFA061A31D37E94B2C088027B83ADA2672C23BCF83127573421575DAC3AB644BE2B09C
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S..K...........!................~.... ........... ....................................@.................................0...K.......@...............0)........................................................... ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B................`.......H........#......................P ......................................oM.?~!...g.h+...$.w....6]...3.U.9.8.!..d)r<....wV...OE!..NB...W.....k..,....h...@.......K.\6.<......6.<d.Y.A`.S..J.Q?..*..((.......oI...}......{....t....}....*..{....*N.{....o*.....(+...*..{....*2.{....oB...*6.{.....oC...*2.{....oD...*6.{.....oE...*2.{....oF...*2.{....oG...*6.{.....o>...*6.{.....o?...*6.{.....o@...*6.{.....oA...*2.{....o:...*2.{....o;...*:.(6.....}....*..{....*..{....*6.{.....o...

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):483120
                                                                                                              Entropy (8bit):5.885150764081547
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:da9ps9y+hl8hyfItfqNWtkT4yzIDUCEheLQta3spminCi5W3EKjWFY4A7+BkvCZP:da9ps9y+hl8hyfItfqNWtkT4yzIDUCEv
                                                                                                              MD5:3FFCBBC48ECEF85F000BE1571894A314
                                                                                                              SHA1:E9EE40AC445C0BD4CD2DAC455C7C2EA590F15D7C
                                                                                                              SHA-256:CE9511F053E04E00D5C7EB41DC4B6116C3EC76703D2F8E5216CA66F5789BEE3C
                                                                                                              SHA-512:256C5624186DC12969709A3989667B8F1F2A7D1CAEE82DF17B6AC01015B46E0D88D73A9EE56083BE297AE8B3C3A9D39FF50EB8AA3DEDC5241FF7C81CAC74FF2C
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!................~L... ...`....@.. ..............................u.....@.................................(L..S....`...............6..0)........................................................... ............... ..H............text....,... ...................... ..`.rsrc........`.......0..............@..@.reloc...............4..............@..B................`L......H........^..(....................].......................................0..&...........{....9........{............o....**...0..&...........{....9........{............o....**...0..&...........{....9........{............o....**...0..6...........(........ ....}.........}.........}.........}....*...0............ ....."..... .... ...... .... n..... .... ...... .... P..... .... ...... .... (..... .... ...... .... D..... .... ...... .... D..... .... i..... .... ...... .... ...... .

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):702768
                                                                                                              Entropy (8bit):5.942507507591287
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:wf9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cHDj:uXNL2PVh6B+Bzjmcjj
                                                                                                              MD5:6F5A358C5671C7758465A2CAA4797D03
                                                                                                              SHA1:CCDBA787447BD22401228E08B17E73D95CEED22E
                                                                                                              SHA-256:80ED76321FF84B3FF06ABD60D431CE4EDEF424480A6B0A1AC28E7308A7095A24
                                                                                                              SHA-512:047E5AB0993A552E7AE07666D89BF3CABDDE8EF38F7A1317182403212D89A6B73B3A13F54DE1444D0D26AA27FD427AB4EC3E25773F219C2D1674C8959565C94E
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ...............................$....`.....................................O.......................0)..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........z..<&..................<.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{[....3...{Z......(....,...{Z...*..{\.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Office.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):420144
                                                                                                              Entropy (8bit):5.8566127281795115
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:To4vyP2a+zKZsxgkE0PTpFh/2f7rvmcyjlSjnqbp:To4vyP2a+zKZsDr52f7rvkp
                                                                                                              MD5:1097D8DEF9E3BD16B3D775AE4E12A36C
                                                                                                              SHA1:049BEB6B3CC2978AD3CC1D61631EAF25C1304BDC
                                                                                                              SHA-256:99B354D8051A9ABBA806B26D44D3046CAED06D234FEAB8D38BFA8CA185BD2EB1
                                                                                                              SHA-512:271D8C801EF6D81DA7282E8D97A516FBA4BB64E8B6ABCE990BB506FDBF54429762FBB743AA1CF09F5093D5E018EFB53C709D21B1B41F11E7D542FC4838108361
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....oAE...........!......... ......."... ...@....@.. ..............................^........................................!..W....@..L............@..0)...`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...L....@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):42800
                                                                                                              Entropy (8bit):6.289183757541825
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:3bd/GivDfRbUqX+pMA84UfYN7hzWrJ7HFjA7Avraq9E6ZAlJrKanrLCyaz/JllAZ:rx+pe4L10ajxHJl7u4WHjWPkToyiRHx
                                                                                                              MD5:EC08A81A39498767269F717B3E39C882
                                                                                                              SHA1:792346DEEEFF42DFE4F086090C1450DE01AEEF87
                                                                                                              SHA-256:DEBFEA0039B372385E5F7CADFCE05119417562F68D841DDF00FA4772EDDE472B
                                                                                                              SHA-512:B33C2BF9A5910F6A72B749E50CE67C35C35E6B36A58CD814BBB6B5A9720A8BB3BC2278D25D341F319107BB063C69BB0DA3DB756AF8667D265D72BA3203189110
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.P..........." ..0..t..........z.... ........... ...............................J....`.................................(...O.......L............~..0)..........p...8............................................ ............... ..H............text....s... ...t.................. ..`.rsrc...L............v..............@..@.reloc...............|..............@..B................\.......H.......|R..t?..........................................................0..Y........-.r...ps....z.-.r%..ps....z(....-.(....-...%-.&(-...+.(........sN.........s.......o....*..-.r...ps....z.-.rC..ps....z.(.......s......o....*.(<...*..s....}.....(......}......%-.&rW..ps....z}......}....*...0............o....(......{....o....,L ....s....s......{......o.....{..........(......o....o.....o.....:.,..(......{..........(.....{......o.....o.......,..(.....*.......@..\........o.........

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):17200
                                                                                                              Entropy (8bit):6.79924936197757
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:PrDJKl99Xk8jr8VypwKNsP6vThU3GmGovy8ZpHj8jaQ:Pr20tkT4yiRwR
                                                                                                              MD5:0EFE71C8C8DA2691BFA960E8EB7551A0
                                                                                                              SHA1:B2094C2D81E19A9D917666675E924394FDDF4626
                                                                                                              SHA-256:C994654DF38AE1CD8AE2629242717EFCFEE0B69EB5F4E36DB5405E5840EF8856
                                                                                                              SHA-512:449689BC93D8740038242AC8C2DCE332C82833DA32841816AD9A6B111B70AD7116F126DC59766BBBB59377EA3E9398452888ACC3075BB7EB5F31D6A4B14C72D9
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............^/... ...@....... ...............................J....`................................../..O....@..@...............0)...`......X...8............................................ ............... ..H............text...d.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................>/......H....... !.......................-.......................................0../........-.r...ps....z.-.r%..ps....z..s..........(....*..-.r...ps....z.-.rC..ps....z..s......o....*v.(......%-.&rC..ps....z}....*....0..+.......s......{......o.....o....(.......,..o.....*.......... ......BSJB............v4.0.30319......l...0...#~......\...#Strings........X...#US.P.......#GUID...`...X...#Blob...........W..........3........................................................................

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):36656
                                                                                                              Entropy (8bit):6.395961413955473
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:P2IVwX/kpnTXMcTWpHdD2JRrcfwcynkTCyiRw:lwXcpnTXMwWmJRXVnkTCyim
                                                                                                              MD5:56204AFED9C779829A1A2A60BDF4B06D
                                                                                                              SHA1:0682B73276B3CF39888A2595BC76A9CE51D1096E
                                                                                                              SHA-256:5F57A7AD4AD230217329D4F8FD608B421E0EB1A979D42A5200A5BF71293A9980
                                                                                                              SHA-512:B323E72216EFCE9EFAB76AB5780F1D68BAB0672F0FA2C6C1E1496D4968671EEF7D6AF11E12711074A637DF0B75046522525234CC268612AA61FA06D53157C412
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%>^..........." ..0..\...........{... ........... ....................................`.................................O{..O.......4............f..0)...........z..8............................................ ............... ..H............text....[... ...\.................. ..`.rsrc...4............^..............@..@.reloc...............d..............@..B.................{......H........8..XA.................. z.......................................0.."...................................(....*...0.. .................................(....*.0..O........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s...........................(....*..0..(..............s..........................(....*.0..?........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s...........(....*..0..8.......... ...s..........................................(....*.0..9........-.rM..ps....z.-

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Serilog.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):130352
                                                                                                              Entropy (8bit):6.174667452059595
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:by8BcjSMkNtSR4rkA4Nqnv/BZ8OQNZMpWovqQk0h:ePSMkNtS6rzH7H+wkw
                                                                                                              MD5:4E06BC1C9AB0066FE1653292C372A50F
                                                                                                              SHA1:7E39344AD9813D3A5A463DC4670CFC9C0DFACE6E
                                                                                                              SHA-256:119961966326B123DDFE5C3F21A4DD86966FC5755A9CC37FDE3B9C50A80A2CDB
                                                                                                              SHA-512:8E0016968819CC04FE69B3807ACB8A3BC59A6771F921AA0CAC75205CB052F9D8B1ADA0CDEC5AEC9D04A9B230FA9A8E39D4EB438FBB8ED17E11225AC706482129
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T<..........." ..0.............:.... ........... .......................@.......7....`.....................................O.......................0)... ......X...8............................................ ............... ..H............text...@.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......x...`A............................................................{(...*..{)...*V.(*.....}(.....})...*...0..;........u......,/(+....{(....{(...o,...,.(-....{)....{)...o....*.*. .... )UU.Z(+....{(...o/...X )UU.Z(-....{)...o0...X*.0...........r...p......%..{(....................-.q.............-.&.+.......o1....%..{)....................-.q.............-.&.+.......o1....(2...*..{3...*..{4...*V.(*.....}3.....}4...*...0..;........u......,/(+....{3....{3...o,...,.(-....{4..

                                                                                                              C:\Program Files\Wildix\Outlook Integration\UC.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):461104
                                                                                                              Entropy (8bit):5.252656640961585
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:3w/0k3XAYWQuyOGiUpXWFgXFQIY0EH7+0BJmmDAvQNRplhxy6woW0nFTF9YvORIh:g8KXAy7qy6EOd3w
                                                                                                              MD5:79D7E4A090FE8985FC33199BE3A4DB08
                                                                                                              SHA1:F0609E5FDE08A5F1030737408F9864F88635E229
                                                                                                              SHA-256:945489CCB9456EBF0C12DB2F13DEA7637D78D203812B4F293BC569B57C08A93A
                                                                                                              SHA-512:FAE85698D2E8179125AD658778935A3388124D33A9437D09BFCF1619B9732C68F9B4EE6D1C9275A5001427A541D2534983EB12D0966F93196FC3ED5B5F9A19D7
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......mj..)...)...)....~~.(...)...(....~..(...Rich)...........PE..L...O.|c...........!......................................................................@.......................................... ..................0)..............p............................................................................rdata..P...........................@..@.rsrc........ ......................@..@....O.|c........E...............O.|c........................O.|c........l...............O.|c............................................RSDS^P..=L.E..wf'.......C:\design\wiservice\deploy\oi_release\UC.pdb........................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02............................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):297776
                                                                                                              Entropy (8bit):5.4855843663254555
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:Yi1Aj3zXHQ4WxeuoFlzeytxjQ9XA53HW15xqGODsKWUgCDrP+CbmE3k6vt:UHXnKKjQ9w53HW1fhAgCGCbmgky
                                                                                                              MD5:22A3F5674F8DBB3F5887581DB354708D
                                                                                                              SHA1:2639353F0133A3ABCD5DB358A91265D1B31D4E37
                                                                                                              SHA-256:17FBB039AEEF29EB860CB9E253422C8770DC329033EE1942AF994BA8786BA981
                                                                                                              SHA-512:D093FF8FC64D96FA079E11EB61C9A851CEF20D83B576CF7F31868D5EE8AD476A5FAD08EB8876D13B46D5FD524A01CDE791CA115CB3A1959B28FE380DEDAD59D8
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....|c.........." ..0..X...........v... ........... ..............................R.....`..................................v..O.......@............b..0)..........hu............................................... ............... ..H............text....V... ...X.................. ..`.rsrc...@............Z..............@..@.reloc...............`..............@..B.................v......H........M..4............................................................0...........(......(9...}....(....o ...o!...o".....r...%....o#....($.....s%...}.....{....r...p(...+('...o(....{.......{....(:...o)....{.... .....{....(:...o*....{.... .....{....(:...o+....{.....".{....(:...o,....{.....o-..."...A.s....o/....s%...}.....{....r7..p.........(0...o(....{.....2.{....(:...o)....{.... .....{....(:...o*....{.... .....{....(:...o+....{.......{....(:...o,....{.....o-..."..PA.s....o/

                                                                                                              C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dll.manifest

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (3755)
                                                                                                              Category:dropped
                                                                                                              Size (bytes):18476
                                                                                                              Entropy (8bit):5.397065848692913
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:2yw5tUebz1qEr5M5Q92rbYQujYSQxrjfTr+RLX8uy3i/yI72yWU89fTvkX6F:tw5tUebz1qEr5M5Q92fYQKYSQxrrWtMF
                                                                                                              MD5:A02FED591EF78DB745625FAF3EF406BB
                                                                                                              SHA1:35331F26506B1832CBDD3D336F83C56839B6358D
                                                                                                              SHA-256:329844D8BAAE1D4C585791198A3CAAAA299EE489BE4350BBA5883EC977AF48E8
                                                                                                              SHA-512:F30DAB421C48EBC477A54B84BC75EB1A5398C9FD40A308297AEDE20D0663F085AE93CFED5CB27F5A912508DBFCF15292C3D74728B4AC9996B728E925D0D9E76D
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>.<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">. <asmv1:assemblyIdentity name="WildixOutlookAddin.dll" version="1.0.0.0" publicKeyToken="ba03c384a1328835" language="neutral" processorArchitecture="msil" type="win32" />. <description xmlns="urn:schemas-microsoft-com:asm.v1">WildixOutlookAddin</description>. <application />. <entryPoint>. <co.v1:customHostSpecified />. </entryPoint>. <trustInfo>. <security>. <applicationRequestMinimum>. <PermissionSet Unrestricted="true" ID=

                                                                                                              C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.vsto

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (3784)
                                                                                                              Category:dropped
                                                                                                              Size (bytes):5593
                                                                                                              Entropy (8bit):5.810393629764666
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:0WLwO9Zc9SHnPk+7kV6F8YmOVDZalUEakF8YxzFodo9bBDA:fo+7h4Q7dEA
                                                                                                              MD5:F3D5C6F74B185A807815F8366DD11FA4
                                                                                                              SHA1:04072683620293354ECE85166FFCE26962B2A401
                                                                                                              SHA-256:80D1AC58F60E8292824B205C8B11A181FB8AC6C3E0D1D2C47921A14BA37149F6
                                                                                                              SHA-512:8942C32CE8DF38415750B81C05BCF7B4237BB38CC349FE6144A0C81C693651FAA7D8A25CE9B0D149A92915C01F82C2FEF29A1FB4644FA01909E1426FEF72DB67
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>.<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">. <assemblyIdentity name="WildixOutlookAddin.vsto" version="1.0.0.0" publicKeyToken="ba03c384a1328835" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />. <description asmv2:publisher="WildixOutlookAddin" asmv2:product="WildixOutlookAddin" xmlns="urn:schemas-microsoft-com:asm.v1" />. <deployment install="false" />. <compatibleFrameworks xmlns="urn:schemas-micro

                                                                                                              C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):17200
                                                                                                              Entropy (8bit):6.8020122939637275
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:EMs9ldT8jZ+e2pwKNsP6vTOC56b0VGmGovy8ZpH4s:EH9ldYjfTkTaEyiRR
                                                                                                              MD5:574E8DB307A8CD324BB8FA483C1E0CDE
                                                                                                              SHA1:408794DE58E1FD5C97CEC1807CB70128EB6BF784
                                                                                                              SHA-256:0F7330DE55998BE55DA37CA1ABA05C255EF741A5C332193C4A6177B53892A89A
                                                                                                              SHA-512:F908EBBFA60301CCE46AF6E7451D6E964C7083DA4BEC796C9D0565BE4A6BFE19C19EBF297A41C85120029B572721F7C44195E43701BA8EE187AE49A419C79883
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Zz..........." ..0..............1... ...@....... ...............................]....`..................................1..O....@..................0)...`.......0..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H........!..8.............................................................(....*..{....*"..}....*..(....*..(....*..(....*..{....*"..}....*..(....*..{....*"..}....*..(....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(......( ....r...p("....s....($.....(&...*.BSJB............v4.0.30319......l...P...#~..

                                                                                                              C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):655664
                                                                                                              Entropy (8bit):5.223686849848326
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:BDGMf4+qwS40kwvnNwzlbue9nUpEJY8KKjQ9w53HW1fV/OGKjQte5mHWC0nmkCW:BDGaqx47w/NvwtCKdU3KpH/BCW
                                                                                                              MD5:3F16EF4E86371AAD0B0A40170D0C9A40
                                                                                                              SHA1:FFBEEAD6CDF6A125049C8BD2C0ACF757577A0AD5
                                                                                                              SHA-256:33A469359AB892760148BA0081DB7E6A788EB4BD1764AC8FC665EFE233DC2A5B
                                                                                                              SHA-512:4A8B6CB89712563745727D5B2EAE4DAB1ACD50A27CF5AC69F8C59C1EF8E8AB4B267D8CE2A854AA9421ACA91C4C33DE93591D538A78A3A1E4742D77F07E788160
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....|c..............0..............:... ...@....@.. ....................... ............`.................................h:..O....@..................0)..........09............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc..............................@..B.................:......H........0..@.......H....... +...........................................0..H.........}......s'...}.....((...........s)...s*...}.....{.....o+....{....o,...*.0..........s.......}r...r...p(-....s....%.o/...(0....(1....o2......}s.....s'...}t....{r.......i.......s3....o4...&......%..{t....%..{..... ....(5...&.{s...,..{s...z*...0...........u....,Es.....r#..p(-....s6...%s7...o8...}u..........s+...(.......{u...(....*.u$...,<s....rW..p(-...%.t$...}v.........s+...(....(......s9...(...

                                                                                                              C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exe.config

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):146
                                                                                                              Entropy (8bit):4.983767070197417
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:vFWWMNHUz/cIMOodBQV7VKXRAmIRMNHjFHr0lUfEyhTRLe86AEDDQIMOov:TMV0kInV7VQ7VJdfEyFRLehAqDQIm
                                                                                                              MD5:05BD64DBD44CF1C95236670D3842562F
                                                                                                              SHA1:824B16AD66771809D9BB32001875AA3C372C7C9C
                                                                                                              SHA-256:40859DA4B6DE7510504DD13877345D92B4DF66EA09C6C4F4E72C7AE3610974AA
                                                                                                              SHA-512:85FD03363DCDEF8B2A45C74605E0009249ADCA8BEABE06CBB90F6B1B00761C02B6BEB02B8BBD3DDC6965E98CEA820D5023705584D5B7DA5CD2FA3CB9AAF66E9D
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:<?xml version="1.0"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1"/></startup></configuration>..

                                                                                                              C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):5319464
                                                                                                              Entropy (8bit):6.624309344595477
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:49152:rDTNbgZbsK5pM9TJFppvgKnkt21tgJEyacq0+W3Ua+zxn1OqK:vJbNFF/gV/17sOt
                                                                                                              MD5:F6662D11B70906CBB8181F0CDA7AF70C
                                                                                                              SHA1:8420DB4E552277FEC1E3C96D9C674AB96CCFFC8C
                                                                                                              SHA-256:FC0D9B95F7A20A6D2409560B64025547D4CA1F95EB40AC3DBA6A93C59C0A0546
                                                                                                              SHA-512:78469A9B1D6610BC39AE59B93A8D8512785DEB79F141A657DFFECEA26590910FA3F88193E96C557EA78FA87F2144482D941FCEE148204841A6A4F0E05AD005BF
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........V...V...V.......[.......k.......v..._.W.D...9..._...V..........[......W...RichV...........PE..L......`.................P...................`....@..........................P......3gQ...@.......................................... ................Q.0)...0......p...T...................h...........@............`..(............................text....N.......P.................. ..`.rdata.......`.......T..............@..@.data... ...........................@....rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):260912
                                                                                                              Entropy (8bit):5.833527593287059
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:xLixO6zz8t4OXDegbQy058MP2pZrCmrrDse0ecdfF7b2gqEiyDvSmqtNlVusC517:Kn8nDenoRXoJF3bqEiyzZ5m1FsgUvkq
                                                                                                              MD5:0E7A8B8816B0455898A184052544DEBC
                                                                                                              SHA1:FC9A0D7F4C2106B5C8C0A36AA5EA000FD21BF6E8
                                                                                                              SHA-256:24FA344ECE4912DB4F8AC4B3190C8A02E84F5D730B0761A4F9394F9EC257CC6F
                                                                                                              SHA-512:E7A1AFC5730F253550D76D25F8DD06E145CF4354C6C2371EBB254FEE17E23512A8C095C054B85BBF991AB8ECD682028BDB4CF018D3FC4CF983746160246142C8
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....xW...........!................~.... ........... .......................@......e.....@.................................,...O.......................0)... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................`.......H...........H...................P ...........................................)....[.W......Ok.I.....&.R..m.....I}.t...kf..b!.g....$..C....H..R.:,.L..0.3.....L.R#YP.....IL1.i(...A../G..%........0..9.........o.....j.......-...+ .s......(.............-..o........*............&.......0..q........s......o.....j.......-...+R..jo........s........ ....(......o......~......o.......jo...............-..o........*...........0^.......0..,.........(.......o......o.............-..o.

                                                                                                              C:\Program Files\Wildix\Outlook Integration\wildix-oi.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:MS Windows icon resource - 13 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):175221
                                                                                                              Entropy (8bit):3.6057445859805903
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:Fpznextut/yGjfT8nUa/XIHlbeA5yN6zHW156G6:vzeytxjQ9XA53HW15x6
                                                                                                              MD5:CE4C0FAC424ECDAFD490544CF10593B6
                                                                                                              SHA1:96B32682A928D5A9229B93586478A31E08B423F4
                                                                                                              SHA-256:A9BAE457E58D8BAB5FB10A3A6AE67D4453CECCECBE81C5AD066E86AAFD11A45A
                                                                                                              SHA-512:0F1BBF2C115CB9128594647FB9138B876E896B01CC86237EB00A695E38671955D718C4F9A712B4C0DD6CD40C99ABBC00B0442E5B192562B622EB3B9A660B228F
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:......00.............. ..........~...........h...&......... ..J............ .(....h..``.... .....Ep..@@.... .(B......00.... ..%...G..((.... .h....l.. .... .....%......... .............. .....U......... .h.......(...0...`...................................K...]8..d;..f>..^4!.g@..jD..nH!.rM'.sO*.vR-.pN>.yV2.{X5.|Z6.~\9..^<..Q...V...\...Y...]...^...b...a...e...e...i...h...l...g...j...j...m...f...i...n...n...n...o...u...q...s...u...q...t...u...x...r...t...v...q...u...y...x...|...{...~...}...w...x...y...}.......y...x#..a@..fF..iJ..oP..pR..sV..vX..z^..~c.................!..!..+..+..,.....1..6..3..5..=..7...9..=...g...j...m...l...r...w...|..D..K..I..L..L..@..I..O..T.._..p..u..v......................................................p[...t...................1...Q...q.................../...P"..p0...>...M...[...i...y....1...Q...q..................../...P...p.................... ...>1..\Q..zq...................../...P...p.!...+...6...@...I...Z..1p..Q

                                                                                                              C:\Program Files\Wildix\WIService\UninstallWIService.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                              Category:dropped
                                                                                                              Size (bytes):158960
                                                                                                              Entropy (8bit):7.07208789237512
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:8omnzVincQDKgc27G1GFkTvQnKKjRCCDgqqAuKF5s34FY7nk8O:8tZqi1GF9n6fqjup34Kjk3
                                                                                                              MD5:649ECEE52923712B53DAB4107860D891
                                                                                                              SHA1:3FAF02659C3BE5D3B0AE5BB2FA0239145CFE00A4
                                                                                                              SHA-256:011DB7DC135BFABD8713915D36BB66839975B9A467E8E8F72071748A2FCC63BD
                                                                                                              SHA-512:E7ADC635185FC17E5390E1FD53A683360422B9F563A05D12519A31FDCB9CC3EC6B3346A6C5AF6632842440EE340BA110920FBA9E7BC7E1E76A2571DE6AC09DCE
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..F..F..F.*....F..G.w.F.*....F..v..F...@..F.Rich.F.........PE..L......].................d...|......k2............@..................................h....@.................................<........................C..0)...........................................................................................text....b.......d.................. ..`.rdata..J............h..............@..@.data....U...........|..............@....ndata...................................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):3430
                                                                                                              Entropy (8bit):3.577875788113156
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:yei1q97/qlLaq4i77cMUF39Qg9c9V9Lvara+iaiusupRCRf9ufAuRa7T5XhPsV8n:t2ll4i77h4iGdiaipV9ll7dhFF6+
                                                                                                              MD5:9E02EAF2592DE18E8058FD254C89FAD5
                                                                                                              SHA1:EB5FCE36FC938929D27348CA9B0040CFED0FF8B4
                                                                                                              SHA-256:870D3C739BEB158446DEEED2B5C92854C2726A92B3294F0C07C52AE65CD51ED1
                                                                                                              SHA-512:5C82E7D21BA6D828EED7BF9F313C864AB59DE695DF4B62D31DD2CCB838B60E65C7EEAB56606CBBBE8FBB11A4D70ED42D1D10F3EA9834B5203BBD5B6067648226
                                                                                                              Malicious:true
                                                                                                              Reputation:unknown
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.T.a.s.k. .v.e.r.s.i.o.n.=.".1...2.". .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s./.2.0.0.4./.0.2./.m.i.t./.t.a.s.k.".>..... . .<.R.e.g.i.s.t.r.a.t.i.o.n.I.n.f.o.>..... . . . .<.D.a.t.e.>.2.0.2.0.-.1.1.-.0.4.T.1.1.:.5.9.:.4.6.<./.D.a.t.e.>..... . . . .<.A.u.t.h.o.r.>.W.i.l.d.i.x. .s...r...l...<./.A.u.t.h.o.r.>..... . . . .<.U.R.I.>.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e. .u.p.d.a.t.e. .c.h.e.c.k.e.r.<./.U.R.I.>..... . .<./.R.e.g.i.s.t.r.a.t.i.o.n.I.n.f.o.>..... . .<.T.r.i.g.g.e.r.s.>..... . . . .<.C.a.l.e.n.d.a.r.T.r.i.g.g.e.r.>..... . . . . . .<.S.t.a.r.t.B.o.u.n.d.a.r.y.>.2.0.2.0.-.1.1.-.0.4.T.0.1.:.0.0.:.0.0.<./.S.t.a.r.t.B.o.u.n.d.a.r.y.>..... . . . . . .<.E.n.a.b.l.e.d.>.t.r.u.e.<./.E.n.a.b.l.e.d.>..... . . . . . .<.R.a.n.d.o.m.D.e.l.a.y.>.P.T.5.H.<./.R.a.n.d.o.m.D.e.l.a.y.>..... . . . . . .<.S.c.h.e.d.u.l.e.B.y.D.a.y.>..... . . . . . . . .<.D.a.y.s.I.n.t.e.r.

                                                                                                              C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDL

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):23812
                                                                                                              Entropy (8bit):5.102231290969022
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                              MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                              SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                              SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                              SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                              C:\Program Files\Wildix\WIService\fax\STDNAMES.GPD

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14362
                                                                                                              Entropy (8bit):4.18034476253744
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                              MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                              SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                              SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                              SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                              C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDL

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):59116
                                                                                                              Entropy (8bit):5.051886370413466
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                              MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                              SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                              SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                              SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                              C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDL

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2278
                                                                                                              Entropy (8bit):4.581866117244519
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                              MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                              SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                              SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                              SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                              C:\Program Files\Wildix\WIService\fax\UNIDRV.DLL

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):531760
                                                                                                              Entropy (8bit):6.367894640776266
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:GTIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzIGH:GUJ/Cq2IT/PiP4dapV7LDU+
                                                                                                              MD5:FD8F8764FF7C181B9C4F125C7866E186
                                                                                                              SHA1:A95845BD24863735A63C2BD4EEBD07B24001046B
                                                                                                              SHA-256:B2124E894640CE7F440B2DC2CD4B095BDC1213806FA37BDB13068650654395B8
                                                                                                              SHA-512:AACD85BC9889A3AF116640A1F06F3D85F9844CFDBECC5F29364568B7DBA0F6BC96B7CC42FC4EF10E78AFEB9B44B38ED1F038E337D1F638C31CCF9EE4BF4B4846
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0.......$....`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\fax\UNIDRV.HLP

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:MS Windows 3.1 help, Tue Apr 17 13:11:56 2001, 21225 bytes
                                                                                                              Category:dropped
                                                                                                              Size (bytes):21225
                                                                                                              Entropy (8bit):3.9923245636306675
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:g8qo9MqLEGX9WkaNWvbAsmrEGckkwy95/HLQdu:g8rMqLwkW8AsqEHkkwy7N
                                                                                                              MD5:6798F64959C913673BD66CD4E47F4A65
                                                                                                              SHA1:C50FAA64C8267AC7106401E69DA5C15FC3F2034C
                                                                                                              SHA-256:0C02B226BE4E7397F8C98799E58B0A512515E462CCDAAC04EDC10E3E1091C011
                                                                                                              SHA-512:8D208306B6D0F892A2F16F8070A89D8EDB968589896CB70CF46F43BF4BEFB7C4CA6A278C35FE8A2685CC784505EFB77C32B0AABF80D13BCC0D10A39AE8AFB55A
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:?_...........R..r...i.....(),.aabo.utadvanc.edAllows.andareas.assigned.availabl.ebebookl.etc-.hang.e..racter@Clickc. o.de..sColo.rc.0..scon.taindefa.ultdepth.directlyi.0or..sh..PD.isplaysd.ocument.P.sdraftse.n, ex..nal.featuref.ilesfl.....PrFor..m..-.to-trayf.romgraph$ic.@sh@.to.neH.@dhig.herIfima.gesininE..atio..sta.ll.@..itLe.t..Listsl.o..*.nualm.em..meta..2mS.tM!...enhoto..Oy.w.o.per\.ngop.timizh ...@.nsor..p.......spa3.Pri.ntp.0..ed.0..0er.@-spe.cific.@s1 .m.q..ityQ.0.relaB.RET.k.ghseese.l..edsets.oftSomes0ourc}.P ed.S.@sb.'.poo...gsuchsu.pporttak.est..tha...eT..'.oTo...TrueType...l.usevie@wWhenw. e.1.rw..hwil.lyouyour.;bynewof.fs/...&....;)....z4..............................N.......|CF0.lR..|CF1..R..|CF2..R..|CF4..R..|CF5..R..|CONTEXT..)..|CTXOMAP.. ..|FONT.. ..|Petra..2..|PhrImage.....|PhrIndex.....|SYSTEM.2...|TOPIC.....|TTLBTREE..!..|TopicId.=J.......................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLL

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):919344
                                                                                                              Entropy (8bit):5.989957262549423
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:1H0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+MU:17Hdv3DyfhP2QgYPwo3ArgU
                                                                                                              MD5:109D6635D97BD3755BBC17A39FA2A00E
                                                                                                              SHA1:A1BA018129134A5B7889CCBB9F822DF97F142C81
                                                                                                              SHA-256:EF69FD07E02C7D8CB3ECF31836440264E0D81C22753D1666B7818D9EC46FD060
                                                                                                              SHA-512:EF99293116CC75749BF136F50EA8410ACC4474FAE354C66D17A884EC6519319B9BCD05F14AFE4CE66E1DB1419149355E413E0795EE440E3B9FC6575E18381024
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ .......J....`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\fax\UNIRES.DLL

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):856368
                                                                                                              Entropy (8bit):5.595352052416589
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:79aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhZ:5aBEGbL4Np84TQazCSiRhZ
                                                                                                              MD5:E53389EF9A73C1B212A8D0C202E561BD
                                                                                                              SHA1:0F84190B8FF18D07490E38FC46567F81D66D32D7
                                                                                                              SHA-256:88F7FCF7C2EE6DC91A689F689C24214D9D6371E593B609E85B2117D46055C77E
                                                                                                              SHA-512:956598397F95DD1CC84E27A4DBE09F8C8D35F3FE6EE3FF333AFE94A700385D47A4439D45599035B7EF0646ACBCEA660CB7B96452D9524C331AAB97CFD1D6C7A4
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." .................................................................*....`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                              C:\Program Files\Wildix\WIService\fax\imgprint.gpd

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):7996
                                                                                                              Entropy (8bit):5.128824009655858
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                              MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                              SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                              SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                              SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                              C:\Program Files\Wildix\WIService\fax\wfaxport.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):357680
                                                                                                              Entropy (8bit):6.335690120350878
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:oVCKF+tmU+nEcmcW3Ke3+Lr+3fqKqfn4v4VC6n8VfcYkQ:zPDcW3R3Mq3ET8huQ
                                                                                                              MD5:D42FAA306B39E5B1F2980958FFC6A908
                                                                                                              SHA1:388B4A883610937D35090969DF2C5A2194767740
                                                                                                              SHA-256:F202C94086527E8F077C23A3079CD951511E89ACB95B1E6360D948066336D63B
                                                                                                              SHA-512:90477DE265E5019DA97EF711D5CC14B888D08E8848125F5F2DDD095797E6BE6622CC4A1787FCA0542096F4BA5CEEB9B630111AC37AD72627B3F0EAC43305407B
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........^N~.? -.? -.? -.G.-.? -_N%,.? -.J$,.? -.J#,.? -.J%,.? -.J!,.? -.T$,.? -.T&,.? -.T!,.? -.?!-.> -&J%,.? -%J$,.? -%J%,.? -%J ,.? -%J.-.? -%J",.? -Rich.? -........................PE..d.....|c.........." .................e..............................................m.....`.............................................p......|....p..p....0...8...L..0)......x...t...T.......................(.......8............................................text............................... ..`.rdata..R'.......(..................@..@.data....D.......<..................@....pdata...8...0...:..................@..@.rsrc...p....p.......@..............@..@.reloc..x............D..............@..B................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtBase0x5642.dfu

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):306068
                                                                                                              Entropy (8bit):6.142744579594501
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:UgwRUnZJgqtQ4pVbo2Vpm0Uf0iTVemM7EV5bg9B7092m9k4bG36F8IhJK/:VzZD0X15NuI29B709O446iIC/
                                                                                                              MD5:4D653E2BE456AFB979BEFF9FE2A26669
                                                                                                              SHA1:F1FD636F7BECC64A21F7FB9DDD2A32ABE1D43899
                                                                                                              SHA-256:4C0CFB74E6A67DEB2D8F8AE035CFAAF77D5D9317C9EF5937A9B8F5EBC9E65C8C
                                                                                                              SHA-512:6ADF70916CEB9942F9554A8176444CC6ECD43A63248C1C0225C29608D189765699BC91350017741EFF280B160D30171140D1E59DD6ED166351B02D606D9D39FF
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:CSR-dfu2........signed stack+app ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................2C...........................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtHeadset0x5642.dfu

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):891182
                                                                                                              Entropy (8bit):6.411281805519251
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24576:Qr1E+JMycGniyGAdpK0I7LxcKixm76NHu7:QrrJMy0xJ76No
                                                                                                              MD5:D10B5335C00810B5FFA708831C784B2F
                                                                                                              SHA1:8F2414F23E998D59EC9E8AEAD39423FB79748B5C
                                                                                                              SHA-256:4697C9DEA70D0B5AC4212F55E305C1C0A30BAD05DB88B2E30D5DD7480BA8F984
                                                                                                              SHA-512:1728BD1AF1777C7F99797A07303C2B2D4E03113383418DAC40820DB69E17E3481CD8A72D83FC8674F63C6AF86459CBA3EA52D9FF75DEE50C9FC18064649367F1
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:CSR-dfu2........signed stack+app ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................2G...N...0...................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):71984
                                                                                                              Entropy (8bit):5.533620998311782
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:v8rk/UsobMzpgZtkh8jZvCwjSa5BOgUVpj1MwolkTuFyiRNa:vm17Ztk6tdWavOgwfMwolkT6yim
                                                                                                              MD5:CA019F98278672B47A8B5109C2F5810D
                                                                                                              SHA1:77F12C0ADA4029903F8EBAE9EBB59F135BE3EFE4
                                                                                                              SHA-256:15DA9607F195F43F8644B72C54BF81E697FF69FDA254EAAB5F54D2F8618D7F19
                                                                                                              SHA-512:0E48291099E118F5EF6DB490D360B92975F4118873DAEEF89A6C6A9614AD5EFC2EC982C2D72F4FE5281B490984584AA3E9361BE56354692DD2BD9C707E196160
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........G...&...&...&......&......&......&...^;..&...&...&......&......&......&......&......&......&..Rich.&..........PE..L.....kQ...........!.....P...........Q.......`......................................z...................................;...pu..x.......d<..............0)..........................................0k..@............`...............................text....M.......P.................. ..`.rdata...%...`...0...`..............@..@.data...(...........................@....rsrc...d<.......@..................@..@.reloc..2...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):24368
                                                                                                              Entropy (8bit):6.897697414157765
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:F47QrEnds+4wmIm0SRAMTJs65jaRpwKNsP6vTvAw2hYrGmGovy8ZpHxZ:FjEds+4wmIm0eAkfkT+4yiRj
                                                                                                              MD5:75054B2FE6C28D1C5F493BCBE3E945EF
                                                                                                              SHA1:6E446580F4FAFF6CCD891D8394904BAB20DF652F
                                                                                                              SHA-256:A909F17705B91FCD9A79FF5DFEEBEBF7C5087E214A7E4D2920B5BDE6EAFF48A9
                                                                                                              SHA-512:787F1C051BD44F8DA94FB67C411077C24578C1146D31E6B8D6D6C248323D98B3AAC62B80EDC3961A47DE7223FB529C8DC3147AD1BD502FE5CF2EBCB170D05943
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P......]...]...]3$.]...]3$.]...]..]...]3$.]...]...]I..]3$.]...]3$.]...]3$.]...]3$.]...]Rich...]........PE..L.....kQ.....................................0....@..........................p...............................................6..d....`...............6..0)..........................................85..@............0..0............................text............................... ..`.rdata.......0......................@..@.data........P......................@....rsrc........`.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):489776
                                                                                                              Entropy (8bit):6.081789325534871
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:D6KTZsHDwx0TCAQpFTfnPyFVrCqq/KrnahQ+Nnq0B/aNOjMQpynTkD+:RsHDG0TM6sKGhQ2nq0iQPD+
                                                                                                              MD5:4163D15279D0582AAE8D984FFB45B09A
                                                                                                              SHA1:5642BCA61CA24FE66FECB5CD45BD8CEA3345D5B9
                                                                                                              SHA-256:0A150846A56EB684D356F6FC8DD1D4F9DC7A117B9817F63B506E03842E176458
                                                                                                              SHA-512:8AA8D6C2AF3252BC832DF801E12A8FD384A5A18764E06C0F50F5DAB39BC31F355990EAA4A9123FE9A64A42913D95C235BAEE0A79EDE893B21B21EEA8460E37F7
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-9/.iXA.iXA.iXA..W..mXA.iX@..XA.N.:.lXA...?.hXA.N.<.hXA.N.,.fXA.N./..XA.N.;.hXA.N.=.hXA.N.9.hXA.RichiXA.........PE..L...I..M...........!.........@......DT............L|................................n.....@.............................c ..d...d....................P..0).............................................@...............................H............text....x.......................... ..`.rdata..cX.......`..................@..@.data............ ..................@....rsrc...............................@..@.reloc..N$.......0... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):559408
                                                                                                              Entropy (8bit):6.450110743059533
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:UZY4lOHMwLwXBt+iaKst/Ua/hUgiW6QR7t5j3Ooc8NHkC2eWeFU:UZY4lOHMM8wifstjj3Ooc8NHkC2e1FU
                                                                                                              MD5:44C00F10695DCE37B0C9F1FC3D52A846
                                                                                                              SHA1:EACD49EE07C98056BC40FA3B38BC8B110BEEBDCA
                                                                                                              SHA-256:3355A92255D18968091A949C5140E2E886B57568683526B45DC7E79532887613
                                                                                                              SHA-512:DC3E66090644BB622DA56B2984A1482C89821B7E2F842E908F62BC88FF3A97F50B9BC132265E8E5216A03794E942E503A8266A02038DED2A6B9F858C61CD28DB
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............y..y..y..fv..y..y..#y.....y..2...y.....y.....y......y.....y.....y.....y..Rich.y..........PE..L...l..M...........!.....@... ...............P....B|.........................p......Pa....@.............................L...T...<....................`..0)... ..H2...S..............................Pe..@............P.. ............................text...V>.......@.................. ..`.rdata......P.......P..............@..@.data...l&....... ..................@....rsrc...............................@..@.reloc..NA... ...P..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):637232
                                                                                                              Entropy (8bit):6.867016686229303
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:nxzh9hH5RVKTp0G+vphr46CIFt0yZmGyYGWihK:nph9hHzVKOpRFHmGyYRi8
                                                                                                              MD5:AD6FC17CA927B04C08FB07FD853AB3B4
                                                                                                              SHA1:93D331740E4D0F34C102679816175BD4BC29F027
                                                                                                              SHA-256:1F04378A078678204A8CEFD830F03E48B9469D2D3D3182BCDC7FB87ED45A63CB
                                                                                                              SHA-512:3C1FCC00A9328FF11318EB69D0D7BC33A86B4F67F4A4EFCDAD5066891196D69E0E53881658B3CF16EA57CB7AB888EA50CBCB647A2127283176108FEA05979F1D
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L.........@................!......;.............d.......................Rich...................PE..L......M...........!.....0...p......+#.......@.....x................................2.....@..........................q...~..Pc..<....`..................0)...p..P3...B...............................F..@............@...............................text....'.......0.................. ..`.rdata......@.......@..............@..@.data...Li.......P..................@....rsrc........`.......@..............@..@.reloc...7...p...@...P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):701232
                                                                                                              Entropy (8bit):6.834556330937822
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:Kh1wtmDyLuDTFn3nLjTwDFbT82hs8mVY/P3WaNi6nS4zAEgMWPznF9SHanvlJ:k1wtmDyLghn3nLjYFbIv8d/fs6S4zA/5
                                                                                                              MD5:69C11383B75918D25F1AADC24436133F
                                                                                                              SHA1:98DA8B221F713312813C4CF10A5DB5F47598F277
                                                                                                              SHA-256:3FD38CB07B9B656CF917936B9453895E4CD0215A132F173A0D2EFD6D2A71CF3D
                                                                                                              SHA-512:12590039CABE1E1FA83597CC9E5138260E17431B6926CFD011C908492ACC771B9C1A77FC4A741F6FF7165DA6BC8EAEB447E6F23232A630EC1328CE466F17EB2C
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........gR.......................W.............#.............u.................Rich............PE..L..."..N...........!................r..............o.................................\....@.........................H ...t...........p..................0).......2..X...8...........................p...@...x........................................text............................... ..`.data....h.......d..................@....rsrc........p.......R..............@..@.reloc...2.......4...V..............@..Bb..N.......N....a..N....a..N$...b..NH...a..Ni...b..N....a..N....a..N....b..N.......N....b..N....b..N=...b..Ne...b..N....b..N....b..N....b..N....a..N#......N....b..NM......N....b..Np...a..N.......N....b..N....a..N.......N............KERNELBASE.dll.ntdll.dll.API-MS-Win-Core-Console-L1-1-0.dll.API-MS-Win-Core-DateTime-L1-1-0.dll.API-MS-Win-Core-Debug-L1-1-0.dll.API-MS-

                                                                                                              C:\Program Files\Wildix\WIService\proxyex.lnk

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Tue Nov 22 10:48:36 2022, mtime=Thu Dec 8 19:48:47 2022, atime=Tue Nov 22 10:48:36 2022, length=14791984, window=hide
                                                                                                              Category:dropped
                                                                                                              Size (bytes):928
                                                                                                              Entropy (8bit):4.630902311791992
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:8RgEtl6C0YXThc70dpF44QBhEs/y+ekeJp/jAb3lPDRbbdpo8WDFDhm:8S0dUB7dgARBdgJhm
                                                                                                              MD5:9E7E80739AA45CA384FABAFBF48AE941
                                                                                                              SHA1:602DE44DD204C0E2C82CC37C97C733A0E4E5054A
                                                                                                              SHA-256:B3A7026E4C73508EA602376E60A089C6A03B3FBF98A237F4B08739F57C8759E3
                                                                                                              SHA-512:0B3BE046868CFFEDE8DC0F1599F29DA80B89BABC7E93D3B795D40A52DC7A770364A3EAC87E56F480D89E44CF0675C658F3CC065853814DF597D4AF399DAD7F0C
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:L..................F.... .....Zh......xF.....Zh...0............................P.O. .:i.....+00.../C:\.....................1......U...PROGRA~1..t......L..U.....E...............J.....k..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1......U....Wildix..>......U.U......A.....................0...W.i.l.d.i.x.....\.1......U....WISERV~1..D......U.U............................./.W.I.S.e.r.v.i.c.e.....h.2.0...vU.^ .WISERV~1.EXE..L......vU.^.U.....e.........................w.i.s.e.r.v.i.c.e...e.x.e.......^...............-.......]............v.......C:\Program Files\Wildix\WIService\wiservice.exe......\.w.i.s.e.r.v.i.c.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e...-.-.p.r.o.x.y.e.x.`.......X.......347688...........!a..%.H.VZAj....F...........W...!a..%.H.VZAj....F...........W..E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............

                                                                                                              C:\Program Files\Wildix\WIService\resources\cdr.db

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3027002, page size 1024, file counter 3239, database pages 1083, cookie 0x1c0, schema 4, UTF-8, version-valid-for 3239
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1108992
                                                                                                              Entropy (8bit):6.239420122827104
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:s012KYTfqBoW+X3wUfJ0HORmsi18vFZrutsPdBx5G59IdYb6Vb38sZOOdFkUtetp:STSoW+68Wkdl3CcbsROdF2w8dfvqJY/
                                                                                                              MD5:D4604E2E0D76A101BECAE84ECD1EF720
                                                                                                              SHA1:27843D4C2FCF94BBDFDC9CF4057E25F523665D24
                                                                                                              SHA-256:76D199BBE65D4DBBDD614C0336D2C1164E3221B7C10FCA840901152CC5C79B42
                                                                                                              SHA-512:925CB8D08A4FD7815882BE21AC908B21099309F2EE41A47AF86954F4412E1949E4E65B0CAB1453C98F9EDAF92A7001949C5134275EEF0B9AA6D73E3E825DAF83
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:SQLite format 3......@ .......;..................................................................0:...........9...............................................................................................................n...%%...tableEVENTS_STATSEVENTS_STATS.CREATE TABLE EVENTS_STATS (...ID INTEGER NOT NULL,...DAY INTEGER NOT NULL,...DATE DATE NOT NULL,...MIN_ID INTEGER NOT NULL,...MAX_ID INTEGER NOT NULL,...COMPLETE TINYINT NOT NULL,...PRIMARY KEY (ID)..).f...++...tableCOUNTRIES_AREASCOUNTRIES_AREAS.CREATE TABLE COUNTRIES_AREAS (...ID INTEGER NOT NULL,...COUNTRY_ID SMALLINT NOT NULL,...NAME VARCHAR(255) NOT NULL,...NUMBER VARCHAR(255) NOT NULL,...LENGTH TINYINT,...PRIMARY KEY (ID)..)."........tableCOUNTRIESCOUNTRIES.CREATE TABLE COUNTRIES (...ID INTEGER NOT NULL,...NAME VARCHAR(255) NOT NULL,...NUMBER VARCHAR(255) NOT NULL,...PRIMARY KEY (ID)..). ........tableCLASSESCLASSES.CREATE TABLE CLASSES (...ID INTEGER NOT NULL,...NAME VARCHAR(255) NOT NULL,...NAME_LOWER VARC...D;...87...+,.

                                                                                                              C:\Program Files\Wildix\WIService\wildix.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:MS Windows icon resource - 13 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):99667
                                                                                                              Entropy (8bit):6.776502745804188
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:RcfWrQG1GFkTvQnKKjRCFpgqmKN5+x3pJY:ufct1GF9n6FKqmrx3pi
                                                                                                              MD5:8F898251C85EE83FE4CEF753AD127FEE
                                                                                                              SHA1:965419910C1929CF695C530456950616B85596C5
                                                                                                              SHA-256:31DEE18EA1C5E7723DB0C13C630517963E79930474B275322A0CDE686C5953B5
                                                                                                              SHA-512:4397158E3EBA45B7CD27E931F353D72042B154416036874824CC1469FA9D533C4E67B7ED81A0A9EDB480F667A9716AE999D54B3F36EA1375344BB0E944AC8102
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:...... ......................(.......00.............. ......................h...6......... .-....!..@@.... .(B......00.... ..%......((.... .h....E.. .... ......`........ ......p........ .....3z........ .h......(... ...@...........................................................................................................................................................................`....o...................o...l..........lo....................o..........................................h....h....................................o...o...........o...............o...............o...........................o..........................l.......................`...............o.....h....|.....................................o..........................`......................h................h.................|g......................?...................................................................................................?............(....... .................................

                                                                                                              C:\Program Files\Wildix\WIService\wiservice.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14791984
                                                                                                              Entropy (8bit):6.674413304708405
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:196608:7EiLijFt+7kVFR0sB9/glCEwqA383xcu7rgxdTn5LH:7cT+6F/glCEwob7OnVH
                                                                                                              MD5:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              SHA1:D8E2ABDDE81B050261A9635B52D9E3288E4EA43E
                                                                                                              SHA-256:4BBE3EFA982ADDC1066745441C1C31B62993836C843C7E0AF6712DE9858DE2DC
                                                                                                              SHA-512:0033AA07CF96D52F80120553EA4EC93C6D6061717DB173FC921D8E20E0854A75B7455815AFA1E6CF4BD310B98165D59A91F5C98A1E992F1462FC16C0EDE3B160
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........@..........................*.......-....R.+......+....../......*....../...../...........+.*.....(.*....(.+.....+.+.....(.'.w...(..........(.,....Rich...........................PE..d.....|c.........."...........J.....`H.........@.....................................e....`..................................................u..p....0..h....p..........0)........... ..p....................#..(...P!..8............ ...$...........................text............................... ..`.rdata....4.. ....4.................@..@.data....R.......B..................@....pdata.......p.......>..............@..@.rsrc...h....0......................@..@.reloc..............................@..B........................................................................................................................................................................

                                                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnk

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Nov 22 10:48:46 2022, mtime=Thu Dec 8 19:48:12 2022, atime=Tue Nov 22 10:48:46 2022, length=158960, window=hide
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1955
                                                                                                              Entropy (8bit):3.434992520815268
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:8wRGcd9u4iGmUEyAYhdahidVdahBufdahfiCihm:8IXd9u4iGmUERYhdahidVdahB2dahE
                                                                                                              MD5:7F1B2F5A93D587103B212D895CC76B65
                                                                                                              SHA1:5991B17367D753E81930FB8B0E6E052AB17035E5
                                                                                                              SHA-256:F1FC0EF266421BCD8178909F44645A9B16242AADB81889B28891B6B85C76A0D0
                                                                                                              SHA-512:5D18E62D934F529EF2513E36F7D1A1B6D9D6ED6E901D9BB95C4C983B2F1A12D9C9E072B5C7FA6A0B387E3814992817D2236A063B0D5C08E553D8E6AB54493E37
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:L..................F.@.. ......`h...z..bF......`h....l...........................P.O. .:i.....+00.../C:\.....................1......U...PROGRA~1..t......L..U.....E...............J.....k..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1......U....Wildix..>......U.U......A......................z..W.i.l.d.i.x.....\.1......U....WISERV~1..D......U.U............................./.W.I.S.e.r.v.i.c.e.....z.2..l..vU.^ .UNINST~1.EXE..^......vU.^.U................................U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e.......g...............-.......f............v.......C:\Program Files\Wildix\WIService\UninstallWIService.exe..J.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.8.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e...

                                                                                                              C:\ProgramData\Wildix\WIService\dissettings.json

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):56
                                                                                                              Entropy (8bit):4.355851127144314
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                                                              MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                                                              SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                                                              SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                                                              SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                                                              C:\ProgramData\Wildix\WIService\dissettings.json.backup

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):56
                                                                                                              Entropy (8bit):4.355851127144314
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                                                              MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                                                              SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                                                              SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                                                              SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                                                              C:\ProgramData\Wildix\WIService\updater.txt

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1118
                                                                                                              Entropy (8bit):4.867717911882944
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:1K5t0GpKNuNxDzM7NuNxTzWNuNxLxGztNyZuEtHtNyxNp6JGWgNRUy9OXZEv38UW:1i0SzMoktNQdtNEpWgNyvZE0x
                                                                                                              MD5:D4BE6CD79E0FD51D27BD96053A55625F
                                                                                                              SHA1:75D66FF71E999B4669E7E1ED8265BB7B59E367A6
                                                                                                              SHA-256:535622C99D214DEEFB9B92245F863F02E25C2085C9C2E50D83EFA5CDDDBF491D
                                                                                                              SHA-512:AABD0465F8868E97AEEC46062E5ED087906671341ED328D09BB0E26414A2A054350DB1684ACA7F71B2704FD585E87033671814DE626AC62B0F67A9902B44A4B0
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:08/12/2022 12:48:22.007956|00001|info |Updater.cpp:31 (Updater) Starting updater... Update dir: C:\Program Files\Wildix\updates..08/12/2022 12:48:22.007956|00001|info |Updater.cpp:112 (Updater) Checking update data https://files.wildix.com/integrations/integrations.json..08/12/2022 12:48:22.804814|00001|info |Updater.cpp:112 (Updater) Checking update data https://files.wildix.com/integrations/applications.json..08/12/2022 12:48:23.211064|00001|info |Updater.cpp:112 (Updater) Checking update data https://files.wildix.com/integrations/x-beesNativeApp.json..08/12/2022 12:48:23.961075|00001|info |Updater.cpp:40 (Updater) Checking is update available. isAutoUpdateAllowed=false..08/12/2022 12:48:23.961075|00001|info |WisUpdate.cpp:74 (Updater) Wiservice installed version: 3.11.3, available version: 3.11.3..08/12/2022 12:48:24.054825|00001|info |Updater.cpp:45 (Updater) The

                                                                                                              C:\ProgramData\Wildix\WIService\wwdsettings.json

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):56
                                                                                                              Entropy (8bit):4.355851127144314
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                                                              MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                                                              SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                                                              SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                                                              SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                                                              C:\ProgramData\Wildix\WIService\wwdsettings.json.backup

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):56
                                                                                                              Entropy (8bit):4.355851127144314
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                                                              MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                                                              SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                                                              SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                                                              SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RegAsm.exe.log

                                                                                                              Download File
                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):42
                                                                                                              Entropy (8bit):4.0050635535766075
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                                                              MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                                                              SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                                                              SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                                                              SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                                                              C:\Users\user\AppData\Local\Temp\nstFA32.tmp\System.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):11776
                                                                                                              Entropy (8bit):5.854901984552606
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:qPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4U:F7VpNo8gmOyRsVc4
                                                                                                              MD5:0063D48AFE5A0CDC02833145667B6641
                                                                                                              SHA1:E7EB614805D183ECB1127C62DECB1A6BE1B4F7A8
                                                                                                              SHA-256:AC9DFE3B35EA4B8932536ED7406C29A432976B685CC5322F94EF93DF920FEDE7
                                                                                                              SHA-512:71CBBCAEB345E09306E368717EA0503FE8DF485BE2E95200FEBC61BCD8BA74FB4211CD263C232F148C0123F6C6F2E3FD4EA20BDECC4070F5208C35C6920240F0
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L......]...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\nstFA32.tmp\modern-header.bmp

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PC bitmap, Windows 3.x format, 165 x 57 x 24, image size 28272, resolution 2835 x 2835 px/m, cbSize 28326, bits offset 54
                                                                                                              Category:dropped
                                                                                                              Size (bytes):28326
                                                                                                              Entropy (8bit):2.5710862958427496
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:R5ZzmIhanXqiRFlbiRoXt7m4ju119MiieiK35JW0U1JIhuauz3A:R5Zz5QX1FtiRytSEu9Miiq5JW9IhuBQ
                                                                                                              MD5:EE5DCD5040C0616D92FA8E7A3344D455
                                                                                                              SHA1:D2A13B9E9965C99E9637FFE0CFDC54A791B0944D
                                                                                                              SHA-256:DAA94974E168B4D92C281BA0B774390C9E052833926E22929CD5A4569A0ECB97
                                                                                                              SHA-512:23CB22368B444E00EE5EAC5D86427801312550A1ACDF5652756A88205A32E862D9D636877323AA6503DA660107305036AFE7E7C79B9586160362E50AD138DB68
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:BM.n......6...(.......9...........pn....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\nstFA32.tmp\modern-wizard.bmp

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
                                                                                                              Category:dropped
                                                                                                              Size (bytes):26494
                                                                                                              Entropy (8bit):1.9568109962493656
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
                                                                                                              MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                                                                              SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                                                                              SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                                                                              SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                                                                              C:\Users\user\AppData\Local\Temp\nstFA32.tmp\nsDialogs.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):9728
                                                                                                              Entropy (8bit):5.127431636878203
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:oWW4JlD3c151V1gQoE8cxM2DjDf3GEst+Nt+jvcx4P8qndYv0PLE:oWp3ggQF8REskpx8dO0PLE
                                                                                                              MD5:6E64E5D5F9498058A300B26B8741D9D5
                                                                                                              SHA1:837CE28E5E02788DA63A7F1D8F20207D2B0BF523
                                                                                                              SHA-256:8D4B1C275FD1CD0782A265080B56D1AEC8D1C93EDCA5EF3B050D1D20D7B61F33
                                                                                                              SHA-512:F53514D36021D79F85DF2494D403F03589B3AD848889B9224F962CC932EF740F127131A914C7171AD8136CA1EF631285EA1C80576DB18CCF8EA56940EB00EA1E
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L......]...........!......... ......Y........0............................................@..........................6..k....0.......`.......................p.......................................................0...............................text............................... ..`.rdata..{....0......................@..@.data........@......................@....rsrc........`....... ..............@..@.reloc..t....p......."..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\nstFA32.tmp\nsExec.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):6656
                                                                                                              Entropy (8bit):5.150852446596736
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:4BNbUVOFvfcxEAxxxJzxLp+eELeoMEskzYzeHd0+uoyVeNSsX4:EUVOFvf9ABJFHE+FkEad0PLVeN
                                                                                                              MD5:293165DB1E46070410B4209519E67494
                                                                                                              SHA1:777B96A4F74B6C34D43A4E7C7E656757D1C97F01
                                                                                                              SHA-256:49B7477DB8DD22F8CF2D41EE2D79CE57797F02E8C7B9E799951A6C710384349A
                                                                                                              SHA-512:97012139F2DA5868FE8731C0B0BCB3CFDA29ED10C2E6E2336B504480C9CD9FB8F4728CCA23F1E0BD577D75DAA542E59F94D1D341F4E8AAEEBC7134BF61288C19
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........PE..L......]...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Roaming\Wildix\WIService\wiscfg.txt

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):38
                                                                                                              Entropy (8bit):3.8924071185928772
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:z0Nc4Ac+q:wNcLc+q
                                                                                                              MD5:79BC2DAD2D6C0232998EF454D71C4DBD
                                                                                                              SHA1:6A026317AC5B65340BA4F744E7DE9631EA25D504
                                                                                                              SHA-256:19C594461EC7DE3526592D1666788F41B5286995BD1BCAE55D05E84714531E1A
                                                                                                              SHA-512:E8BDEF565DB12684DEAC6E98875419056A7BA790228720D87338913C2D871187493AAAC1F8267CC91EE43102419EB8A7792D256C2E89703707C4F0AC89248B78
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:websocket:8888;lotus:9901;oiwss:8888..

                                                                                                              C:\Users\user\AppData\Roaming\Wildix\WIService\wissettings.json

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):398
                                                                                                              Entropy (8bit):4.818202817496333
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:Jh0tW4pUUig/gJE5SpWUUEzBkYtHJdkQbL0KN0p4olUDsVK+A6VmOEIHOHEnKFne:Jh0vpUU2JEGtUwXzkQvoW4VKuUZkK5i
                                                                                                              MD5:F4D4622469A07BF867114CAE21C41B65
                                                                                                              SHA1:43A8013992C001A1020E7490E6D752DF626FBEBC
                                                                                                              SHA-256:C54A7043D6B8DEAADBDC5A130676A13377998E16F33EF648230FD72025E5D344
                                                                                                              SHA-512:F7EB643CC96DB43CF87BFE1F8B1C9B663729C4A879D8238F79086B2C3306C48C352F91EFC6CFB1E97C92A1D774B8F539DFA9C5787FCD264299BD9181F91033D2
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:{. "activityDetection": {. "enable": false,. "interval": 0. },. "activity_detection_force_disable": false,. "authorizedApps": {},. "connection_issue": "none",. "ext": "",. "feedbackEmail": "",. "garbage_lifespan_days": 14,. "http_max_threads": 4,. "log_level": "info",. "log_max_kb": 10240,. "log_str": "1a6efea6-999f-4d8c-bf56-06abea738f8a",. "pbx": "",. "setIconTryCount": 0.}

                                                                                                              C:\Users\user\AppData\Roaming\Wildix\WIService\wissettings.json.backup

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):398
                                                                                                              Entropy (8bit):4.818202817496333
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:Jh0tW4pUUig/gJE5SpWUUEzBkYtHJdkQbL0KN0p4olUDsVK+A6VmOEIHOHEnKFne:Jh0vpUU2JEGtUwXzkQvoW4VKuUZkK5i
                                                                                                              MD5:F4D4622469A07BF867114CAE21C41B65
                                                                                                              SHA1:43A8013992C001A1020E7490E6D752DF626FBEBC
                                                                                                              SHA-256:C54A7043D6B8DEAADBDC5A130676A13377998E16F33EF648230FD72025E5D344
                                                                                                              SHA-512:F7EB643CC96DB43CF87BFE1F8B1C9B663729C4A879D8238F79086B2C3306C48C352F91EFC6CFB1E97C92A1D774B8F539DFA9C5787FCD264299BD9181F91033D2
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:{. "activityDetection": {. "enable": false,. "interval": 0. },. "activity_detection_force_disable": false,. "authorizedApps": {},. "connection_issue": "none",. "ext": "",. "feedbackEmail": "",. "garbage_lifespan_days": 14,. "http_max_threads": 4,. "log_level": "info",. "log_max_kb": 10240,. "log_str": "1a6efea6-999f-4d8c-bf56-06abea738f8a",. "pbx": "",. "setIconTryCount": 0.}

                                                                                                              C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                              Category:modified
                                                                                                              Size (bytes):8156
                                                                                                              Entropy (8bit):3.1667300594475893
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:cEj+AbCEH+AbuEAc+AbhGEA+AbNEe+Ab/Ee+AbPE6w9+Ab1wTEE+Ab5Ea+AbX:cY+38+DJc+iGr+MZ+65+6tg+ECf+YV+q
                                                                                                              MD5:9DDE5C1EA7806BDAE868C06F6785338B
                                                                                                              SHA1:F4061AA88929D60B5E64F67EF4695EAB2CBD9268
                                                                                                              SHA-256:CF24E57F6D1CD3A69F9521CD0F080560CD0E9B8B960F474FA131E96C6E6D0952
                                                                                                              SHA-512:89B89C35D7FE5B89D3AB0A47C417C38EAF3721A9B805FFE81B66355BC79CA52B8295BB62F2FB7AAFCE06EE428D57F56D6042BE9ED1ADAE107A43A738F36D8076
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. T.h.u. .. J.u.n. .. 2.7. .. 2.0.1.9. .0.1.:.2.9.:.4.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....E.R.R.O.R.:. .M.p.W.D.E.n.a.b.l.e.(.T.R.U.E.). .f.a.i.l.e.d. .(.8.0.0.7.0.4.E.C.).....M.p.C.m.d.R.u.n.:. .E.n.d. .T.i.m.e.:. .. T.h.u. .. J.u.n. .. 2.7. .. 2.0.1.9. .0.1.:.2.9.:.4.9.....-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.............-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

                                                                                                              C:\Windows\System32\drivers\etc\hosts

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF, LF line terminators
                                                                                                              Category:modified
                                                                                                              Size (bytes):857
                                                                                                              Entropy (8bit):4.712765723284222
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTto:vDZhyoZWM9rU5fFcr
                                                                                                              MD5:9AC77B45979A66F73EDB70B72908A616
                                                                                                              SHA1:8B22CFA695F10D31B8300C06790B728A4E209324
                                                                                                              SHA-256:A7777E702D4BEAD5529BFC2D026BFA2088BB64A5504DAFB57EF308CE92469E20
                                                                                                              SHA-512:C01644C1C13F7126ED455D76A63CD3CEEB314D74265256B07AC7120F6DA512B1B632D4F21167B9E8C7AD106F75D1F20809A7B129BE6871441F8F3FF6A390CFFF
                                                                                                              Malicious:true
                                                                                                              Reputation:unknown
                                                                                                              Preview:# Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost...127.0.0.1..wildixintegration.eu.

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\imgprint.gpd

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):7996
                                                                                                              Entropy (8bit):5.128824009655858
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                              MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                              SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                              SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                              SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\stddtype.gdl

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):23812
                                                                                                              Entropy (8bit):5.102231290969022
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                              MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                              SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                              SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                              SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\stdnames.gpd

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14362
                                                                                                              Entropy (8bit):4.18034476253744
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                              MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                              SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                              SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                              SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\stdschem.gdl

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):59116
                                                                                                              Entropy (8bit):5.051886370413466
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                              MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                              SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                              SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                              SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\stdschmx.gdl

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2278
                                                                                                              Entropy (8bit):4.581866117244519
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                              MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                              SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                              SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                              SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dll

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):531760
                                                                                                              Entropy (8bit):6.367894640776266
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:GTIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzIGH:GUJ/Cq2IT/PiP4dapV7LDU+
                                                                                                              MD5:FD8F8764FF7C181B9C4F125C7866E186
                                                                                                              SHA1:A95845BD24863735A63C2BD4EEBD07B24001046B
                                                                                                              SHA-256:B2124E894640CE7F440B2DC2CD4B095BDC1213806FA37BDB13068650654395B8
                                                                                                              SHA-512:AACD85BC9889A3AF116640A1F06F3D85F9844CFDBECC5F29364568B7DBA0F6BC96B7CC42FC4EF10E78AFEB9B44B38ED1F038E337D1F638C31CCF9EE4BF4B4846
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0.......$....`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dll

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):919344
                                                                                                              Entropy (8bit):5.989957262549423
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:1H0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+MU:17Hdv3DyfhP2QgYPwo3ArgU
                                                                                                              MD5:109D6635D97BD3755BBC17A39FA2A00E
                                                                                                              SHA1:A1BA018129134A5B7889CCBB9F822DF97F142C81
                                                                                                              SHA-256:EF69FD07E02C7D8CB3ECF31836440264E0D81C22753D1666B7818D9EC46FD060
                                                                                                              SHA-512:EF99293116CC75749BF136F50EA8410ACC4474FAE354C66D17A884EC6519319B9BCD05F14AFE4CE66E1DB1419149355E413E0795EE440E3B9FC6575E18381024
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ .......J....`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\unires.dll

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):856368
                                                                                                              Entropy (8bit):5.595352052416589
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:79aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhZ:5aBEGbL4Np84TQazCSiRhZ
                                                                                                              MD5:E53389EF9A73C1B212A8D0C202E561BD
                                                                                                              SHA1:0F84190B8FF18D07490E38FC46567F81D66D32D7
                                                                                                              SHA-256:88F7FCF7C2EE6DC91A689F689C24214D9D6371E593B609E85B2117D46055C77E
                                                                                                              SHA-512:956598397F95DD1CC84E27A4DBE09F8C8D35F3FE6EE3FF333AFE94A700385D47A4439D45599035B7EF0646ACBCEA660CB7B96452D9524C331AAB97CFD1D6C7A4
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." .................................................................*....`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\imgprint.BUD

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):19336
                                                                                                              Entropy (8bit):4.312288104152102
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:7mXKNT6+Y9QeSU83XGtzdHeQhlJqeB+Pu7HnjtoX2PSuNip:T6+LU832tzd+pM+Pu7HGX2quNu
                                                                                                              MD5:115996B67784E69002E510C37A308236
                                                                                                              SHA1:DBF83174EAE0610626B5E45663B18477255DEA99
                                                                                                              SHA-256:296209C0B41ECE97A7474648C5357D61F0BD7F46DE42598C50A1C48CAA31FD57
                                                                                                              SHA-512:E483C52DC80CEBCEFC277890D2C2AF83B1232716628260AA302229B4EB623A8D77D32DE4ADB039C424F3AE3DB2871DF1370E12718CB3EDD628250CEB3EA4C4B5
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:.K.. DPGr...ta..I..)........................................z........... ...........................c.......@...J........$..4........)...........+..:........-...........-...........-...........-...........-...........6...........6...........6...........6...........6...........7...........WINNT_40.WINNT_50.WINNT_51.WINNT_60.PARSER_VER_1.0.C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.s.p.o.o.l.\.D.R.I.V.E.R.S.\.x.6.4.\.3.\.i.m.g.p.r.i.n.t...g.p.d...StdNames.gpdC.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.s.p.o.o.l.\.D.R.I.V.E.R.S.\.x.6.4.\.3.\.S.t.d.N.a.m.e.s...g.p.d...ORIENTATION_DISPLAY.PAPER_SIZE_DISPLAY.PAPER_SOURCE_DISPLAY.RESOLUTION_DISPLAY.MEDIA_TYPE_DISPLAY.TEXT_QUALITY_DISPLAY.COLOR_PRINTING_MODE_DISPLAY.PRINTER_MEMORY_DISPLAY.TWO_SIDED_PRINTING_DISPLAY.PAGE_PROTECTION_DISPLAY.HALFTONING_DISPLAY.OUTPUTBIN_DISPLAY.IMAGECONTROL_DISPLAY.PRINTDENSITY_DISPLAY.GRAPHICSMODE_DISPLAY.TEXTHALFTONE_DISPLAY.GRAPHICSHALFTONE_DISPLAY.PHOTOHALFTONE_DISPLAY.RCID_DMPAPER_SYSTEM_NAME.LETTER_DISPLAY.LETTERS

                                                                                                              C:\Windows\System32\spool\drivers\x64\imgprint.gpd

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):7996
                                                                                                              Entropy (8bit):5.128824009655858
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                              MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                              SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                              SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                              SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                              C:\Windows\System32\spool\drivers\x64\stddtype.gdl

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):23812
                                                                                                              Entropy (8bit):5.102231290969022
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                              MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                              SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                              SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                              SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                              C:\Windows\System32\spool\drivers\x64\stdnames.gpd

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14362
                                                                                                              Entropy (8bit):4.18034476253744
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                              MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                              SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                              SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                              SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                              C:\Windows\System32\spool\drivers\x64\stdschem.gdl

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):59116
                                                                                                              Entropy (8bit):5.051886370413466
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                              MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                              SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                              SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                              SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                              C:\Windows\System32\spool\drivers\x64\stdschmx.gdl

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2278
                                                                                                              Entropy (8bit):4.581866117244519
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                              MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                              SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                              SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                              SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                              C:\Windows\System32\spool\drivers\x64\unidrv.dll

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):531760
                                                                                                              Entropy (8bit):6.367894640776266
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:GTIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzIGH:GUJ/Cq2IT/PiP4dapV7LDU+
                                                                                                              MD5:FD8F8764FF7C181B9C4F125C7866E186
                                                                                                              SHA1:A95845BD24863735A63C2BD4EEBD07B24001046B
                                                                                                              SHA-256:B2124E894640CE7F440B2DC2CD4B095BDC1213806FA37BDB13068650654395B8
                                                                                                              SHA-512:AACD85BC9889A3AF116640A1F06F3D85F9844CFDBECC5F29364568B7DBA0F6BC96B7CC42FC4EF10E78AFEB9B44B38ED1F038E337D1F638C31CCF9EE4BF4B4846
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0.......$....`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\System32\spool\drivers\x64\unidrvui.dll

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):919344
                                                                                                              Entropy (8bit):5.989957262549423
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:1H0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+MU:17Hdv3DyfhP2QgYPwo3ArgU
                                                                                                              MD5:109D6635D97BD3755BBC17A39FA2A00E
                                                                                                              SHA1:A1BA018129134A5B7889CCBB9F822DF97F142C81
                                                                                                              SHA-256:EF69FD07E02C7D8CB3ECF31836440264E0D81C22753D1666B7818D9EC46FD060
                                                                                                              SHA-512:EF99293116CC75749BF136F50EA8410ACC4474FAE354C66D17A884EC6519319B9BCD05F14AFE4CE66E1DB1419149355E413E0795EE440E3B9FC6575E18381024
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ .......J....`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\System32\spool\drivers\x64\unires.dll

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):856368
                                                                                                              Entropy (8bit):5.595352052416589
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:79aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhZ:5aBEGbL4Np84TQazCSiRhZ
                                                                                                              MD5:E53389EF9A73C1B212A8D0C202E561BD
                                                                                                              SHA1:0F84190B8FF18D07490E38FC46567F81D66D32D7
                                                                                                              SHA-256:88F7FCF7C2EE6DC91A689F689C24214D9D6371E593B609E85B2117D46055C77E
                                                                                                              SHA-512:956598397F95DD1CC84E27A4DBE09F8C8D35F3FE6EE3FF333AFE94A700385D47A4439D45599035B7EF0646ACBCEA660CB7B96452D9524C331AAB97CFD1D6C7A4
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." .................................................................*....`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                              C:\Windows\System32\wfaxport.dll

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):357680
                                                                                                              Entropy (8bit):6.335690120350878
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:oVCKF+tmU+nEcmcW3Ke3+Lr+3fqKqfn4v4VC6n8VfcYkQ:zPDcW3R3Mq3ET8huQ
                                                                                                              MD5:D42FAA306B39E5B1F2980958FFC6A908
                                                                                                              SHA1:388B4A883610937D35090969DF2C5A2194767740
                                                                                                              SHA-256:F202C94086527E8F077C23A3079CD951511E89ACB95B1E6360D948066336D63B
                                                                                                              SHA-512:90477DE265E5019DA97EF711D5CC14B888D08E8848125F5F2DDD095797E6BE6622CC4A1787FCA0542096F4BA5CEEB9B630111AC37AD72627B3F0EAC43305407B
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........^N~.? -.? -.? -.G.-.? -_N%,.? -.J$,.? -.J#,.? -.J%,.? -.J!,.? -.T$,.? -.T&,.? -.T!,.? -.?!-.> -&J%,.? -%J$,.? -%J%,.? -%J ,.? -%J.-.? -%J",.? -Rich.? -........................PE..d.....|c.........." .................e..............................................m.....`.............................................p......|....p..p....0...8...L..0)......x...t...T.......................(.......8............................................text............................... ..`.rdata..R'.......(..................@..@.data....D.......<..................@....pdata...8...0...:..................@..@.rsrc...p....p.......@..............@..@.reloc..x............D..............@..B................................................................................................................................................................................................

                                                                                                              C:\Windows\system32\spool\DRIVERS\x64\3\imgprint.gpd (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):7996
                                                                                                              Entropy (8bit):5.128824009655858
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                              MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                              SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                              SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                              SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\stddtype.gdl (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):23812
                                                                                                              Entropy (8bit):5.102231290969022
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                              MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                              SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                              SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                              SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\stdnames.gpd (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14362
                                                                                                              Entropy (8bit):4.18034476253744
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                              MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                              SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                              SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                              SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\stdschem.gdl (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):59116
                                                                                                              Entropy (8bit):5.051886370413466
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                              MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                              SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                              SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                              SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\stdschmx.gdl (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2278
                                                                                                              Entropy (8bit):4.581866117244519
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                              MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                              SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                              SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                              SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):531760
                                                                                                              Entropy (8bit):6.367894640776266
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:GTIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzIGH:GUJ/Cq2IT/PiP4dapV7LDU+
                                                                                                              MD5:FD8F8764FF7C181B9C4F125C7866E186
                                                                                                              SHA1:A95845BD24863735A63C2BD4EEBD07B24001046B
                                                                                                              SHA-256:B2124E894640CE7F440B2DC2CD4B095BDC1213806FA37BDB13068650654395B8
                                                                                                              SHA-512:AACD85BC9889A3AF116640A1F06F3D85F9844CFDBECC5F29364568B7DBA0F6BC96B7CC42FC4EF10E78AFEB9B44B38ED1F038E337D1F638C31CCF9EE4BF4B4846
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0.......$....`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):919344
                                                                                                              Entropy (8bit):5.989957262549423
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:1H0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+MU:17Hdv3DyfhP2QgYPwo3ArgU
                                                                                                              MD5:109D6635D97BD3755BBC17A39FA2A00E
                                                                                                              SHA1:A1BA018129134A5B7889CCBB9F822DF97F142C81
                                                                                                              SHA-256:EF69FD07E02C7D8CB3ECF31836440264E0D81C22753D1666B7818D9EC46FD060
                                                                                                              SHA-512:EF99293116CC75749BF136F50EA8410ACC4474FAE354C66D17A884EC6519319B9BCD05F14AFE4CE66E1DB1419149355E413E0795EE440E3B9FC6575E18381024
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ .......J....`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):856368
                                                                                                              Entropy (8bit):5.595352052416589
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:79aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhZ:5aBEGbL4Np84TQazCSiRhZ
                                                                                                              MD5:E53389EF9A73C1B212A8D0C202E561BD
                                                                                                              SHA1:0F84190B8FF18D07490E38FC46567F81D66D32D7
                                                                                                              SHA-256:88F7FCF7C2EE6DC91A689F689C24214D9D6371E593B609E85B2117D46055C77E
                                                                                                              SHA-512:956598397F95DD1CC84E27A4DBE09F8C8D35F3FE6EE3FF333AFE94A700385D47A4439D45599035B7EF0646ACBCEA660CB7B96452D9524C331AAB97CFD1D6C7A4
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." .................................................................*....`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                              Entropy (8bit):7.994461248512172
                                                                                                              TrID:
                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                              File name:SetupWIService.exe
                                                                                                              File size:13876464
                                                                                                              MD5:6685bbb6eea96a5bee42ca0379671647
                                                                                                              SHA1:ff0dff812260ce80394ca3c228da9d45701cb57d
                                                                                                              SHA256:ee426380bbb5a135bc257b15aa32b78f1e21aa25f624e6ac5eb730005bb737b2
                                                                                                              SHA512:df7e0919c596c1a5d487d01d7504ec45c03a5b8fb4852ba0a8eb8b675406027aedfc032100510d8b67f744c2021ed81874d14ee9503aac50b500abbe64858d2e
                                                                                                              SSDEEP:393216:6arplfyM9M09Xqj2qm2FfiQ6Se+pOfBWszeiEfqxzpC:Zll6+6xffFUWcEfOk
                                                                                                              TLSH:3EE633900C20557ED9E80330B66CAE6727C7B8AF97798C43665FB24FE9973C720A524D
                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.w.F.*.....F...v...F...@...F.Rich..F.........PE..L......].................d...|......k2............@

                                                                                                              File Icon

                                                                                                              Icon Hash:f0ecacadb296d470

                                                                                                              Static PE Info

                                                                                                              General

                                                                                                              Entrypoint:0x40326b
                                                                                                              Entrypoint Section:.text
                                                                                                              Digitally signed:true
                                                                                                              Imagebase:0x400000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                              Time Stamp:0x5DF6D4F0 [Mon Dec 16 00:50:56 2019 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:
                                                                                                              OS Version Major:4
                                                                                                              OS Version Minor:0
                                                                                                              File Version Major:4
                                                                                                              File Version Minor:0
                                                                                                              Subsystem Version Major:4
                                                                                                              Subsystem Version Minor:0
                                                                                                              Import Hash:e9c0657252137ac61c1eeeba4c021000

                                                                                                              Authenticode Signature

                                                                                                              Signature Valid:true
                                                                                                              Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                              Signature Validation Error:The operation completed successfully
                                                                                                              Error Number:0
                                                                                                              Not Before, Not After
                                                                                                              • 9/28/2021 5:00:00 PM 9/28/2024 4:59:59 PM
                                                                                                              Subject Chain
                                                                                                              • CN=Wildix EE OU, O=Wildix EE OU, S=Harjumaa, C=EE
                                                                                                              Version:3
                                                                                                              Thumbprint MD5:E55C37638C7C0FF8823DB33F19D887EC
                                                                                                              Thumbprint SHA-1:FECCAC6BD522C81598A4C44307F6960E9C2DAE01
                                                                                                              Thumbprint SHA-256:82CECC21617A201B0F87783A802716469AD2F6CA6725513168445AF20F9E732C
                                                                                                              Serial:00C090271985B3889571FAD0EA7DF6AF45

                                                                                                              Entrypoint Preview

                                                                                                              Instruction
                                                                                                              sub esp, 00000184h
                                                                                                              push ebx
                                                                                                              push esi
                                                                                                              push edi
                                                                                                              xor ebx, ebx
                                                                                                              push 00008001h
                                                                                                              mov dword ptr [esp+18h], ebx
                                                                                                              mov dword ptr [esp+10h], 0040A198h
                                                                                                              mov dword ptr [esp+20h], ebx
                                                                                                              mov byte ptr [esp+14h], 00000020h
                                                                                                              call dword ptr [004080A0h]
                                                                                                              call dword ptr [0040809Ch]
                                                                                                              and eax, BFFFFFFFh
                                                                                                              cmp ax, 00000006h
                                                                                                              mov dword ptr [0042F40Ch], eax
                                                                                                              je 00007F7B9CC39DE3h
                                                                                                              push ebx
                                                                                                              call 00007F7B9CC3CECBh
                                                                                                              cmp eax, ebx
                                                                                                              je 00007F7B9CC39DD9h
                                                                                                              push 00000C00h
                                                                                                              call eax
                                                                                                              mov esi, 00408298h
                                                                                                              push esi
                                                                                                              call 00007F7B9CC3CE47h
                                                                                                              push esi
                                                                                                              call dword ptr [00408098h]
                                                                                                              lea esi, dword ptr [esi+eax+01h]
                                                                                                              cmp byte ptr [esi], bl
                                                                                                              jne 00007F7B9CC39DBDh
                                                                                                              push 0000000Ah
                                                                                                              call 00007F7B9CC3CE9Fh
                                                                                                              push 00000008h
                                                                                                              call 00007F7B9CC3CE98h
                                                                                                              push 00000006h
                                                                                                              mov dword ptr [0042F404h], eax
                                                                                                              call 00007F7B9CC3CE8Ch
                                                                                                              cmp eax, ebx
                                                                                                              je 00007F7B9CC39DE1h
                                                                                                              push 0000001Eh
                                                                                                              call eax
                                                                                                              test eax, eax
                                                                                                              je 00007F7B9CC39DD9h
                                                                                                              or byte ptr [0042F40Fh], 00000040h
                                                                                                              push ebp
                                                                                                              call dword ptr [00408040h]
                                                                                                              push ebx
                                                                                                              call dword ptr [00408284h]
                                                                                                              mov dword ptr [0042F4D8h], eax
                                                                                                              push ebx
                                                                                                              lea eax, dword ptr [esp+38h]
                                                                                                              push 00000160h
                                                                                                              push eax
                                                                                                              push ebx
                                                                                                              push 00429830h
                                                                                                              call dword ptr [00408178h]
                                                                                                              push 0040A188h

                                                                                                              Rich Headers

                                                                                                              Programming Language:
                                                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                              Data Directories

                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x853c0xa0.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x410000x191f8.rsrc
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0xd393c00x2930
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x294.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                              Sections

                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              .text0x10000x62ff0x6400False0.672421875data6.457821426487787IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                              .rdata0x80000x134a0x1400False0.459765625data5.238921057104071IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .data0xa0000x255180x600False0.4557291666666667data4.049203760121162IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                              .ndata0x300000x110000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                              .rsrc0x410000x191f80x19200False0.7030472636815921data6.749189154571692IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                              Resources

                                                                                                              NameRVASizeTypeLanguageCountry
                                                                                                              RT_ICON0x414000xbc2dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                              RT_ICON0x4d0300x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States
                                                                                                              RT_ICON0x512580x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                                                              RT_ICON0x538000x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6720EnglishUnited States
                                                                                                              RT_ICON0x552680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                                                              RT_ICON0x563100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States
                                                                                                              RT_ICON0x571b80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
                                                                                                              RT_ICON0x57b400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States
                                                                                                              RT_ICON0x583e80x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States
                                                                                                              RT_ICON0x58aa00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States
                                                                                                              RT_ICON0x590080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                                                              RT_ICON0x594700x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States
                                                                                                              RT_ICON0x597580x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States
                                                                                                              RT_DIALOG0x598800x200dataEnglishUnited States
                                                                                                              RT_DIALOG0x59a800xf8dataEnglishUnited States
                                                                                                              RT_DIALOG0x59b780xa0dataEnglishUnited States
                                                                                                              RT_DIALOG0x59c180xeedataEnglishUnited States
                                                                                                              RT_GROUP_ICON0x59d080xbcdataEnglishUnited States
                                                                                                              RT_MANIFEST0x59dc80x42eXML 1.0 document, ASCII text, with very long lines (1070), with no line terminatorsEnglishUnited States

                                                                                                              Imports

                                                                                                              DLLImport
                                                                                                              KERNEL32.dllGetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetFileAttributesA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileTime, GetFileAttributesA, SetCurrentDirectoryA, MoveFileA, GetFullPathNameA, GetShortPathNameA, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, DeleteFileA, FindFirstFileA, FindNextFileA, FindClose, SetFilePointer, GetPrivateProfileStringA, WritePrivateProfileStringA, MulDiv, MultiByteToWideChar, FreeLibrary, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
                                                                                                              USER32.dllGetSystemMenu, SetClassLongA, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, LoadImageA, CreateDialogParamA, SetTimer, SetWindowTextA, SetForegroundWindow, ShowWindow, SetWindowLongA, SendMessageTimeoutA, FindWindowExA, IsWindow, AppendMenuA, TrackPopupMenu, CreatePopupMenu, DrawTextA, EndPaint, DestroyWindow, wsprintfA, PostQuitMessage
                                                                                                              GDI32.dllSelectObject, SetTextColor, SetBkMode, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, GetDeviceCaps, SetBkColor
                                                                                                              SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
                                                                                                              ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                              COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                              ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                              Possible Origin

                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                              EnglishUnited States

                                                                                                              Network Behavior

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Dec 8, 2022 12:48:22.874713898 CET49757443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:22.874774933 CET4434975752.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:22.880932093 CET49757443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:22.898597002 CET49757443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:22.898644924 CET4434975752.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.027102947 CET4434975752.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.045068979 CET49757443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.045090914 CET4434975752.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.046590090 CET4434975752.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.046653986 CET4434975752.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.046762943 CET49757443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.053873062 CET49757443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.053873062 CET49757443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.053900003 CET4434975752.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.053914070 CET4434975752.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.054069042 CET4434975752.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.105408907 CET4434975752.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.105433941 CET4434975752.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.105467081 CET4434975752.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.105570078 CET4434975752.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.105578899 CET49757443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.105578899 CET49757443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.105777979 CET49757443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.255317926 CET49757443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.255351067 CET4434975752.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.255506992 CET49757443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.550364017 CET49758443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.550426006 CET4434975852.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.553735971 CET49758443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.554394007 CET49758443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.554413080 CET4434975852.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.666832924 CET4434975852.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.667694092 CET49758443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.667726040 CET4434975852.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.668989897 CET4434975852.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.669116020 CET49758443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.670780897 CET49758443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.670787096 CET4434975852.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.670898914 CET4434975852.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.671181917 CET49758443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.671189070 CET4434975852.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.762162924 CET49758443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.763605118 CET4434975852.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.763915062 CET4434975852.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.763982058 CET49758443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.816857100 CET49758443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:23.816903114 CET4434975852.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:24.034320116 CET49759443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:24.034383059 CET4434975952.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:24.034452915 CET49759443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:24.036525965 CET49759443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:24.036550999 CET4434975952.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:24.148602962 CET4434975952.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:24.176719904 CET49759443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:24.176786900 CET4434975952.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:24.179085970 CET4434975952.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:24.179186106 CET49759443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:24.181713104 CET49759443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:24.181744099 CET4434975952.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:24.181905031 CET4434975952.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:24.181926966 CET49759443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:24.181937933 CET4434975952.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:24.242436886 CET4434975952.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:24.242600918 CET49759443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:24.305808067 CET49759443192.168.2.552.213.62.3
                                                                                                              Dec 8, 2022 12:48:24.305865049 CET4434975952.213.62.3192.168.2.5
                                                                                                              Dec 8, 2022 12:48:28.350528955 CET49761443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:28.350596905 CET4434976154.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:28.350720882 CET49761443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:28.354113102 CET49761443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:28.354172945 CET4434976154.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:28.437269926 CET4434976154.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:28.438374996 CET49761443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:28.438431025 CET4434976154.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:28.440788984 CET4434976154.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:28.440959930 CET49761443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:28.445375919 CET49761443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:28.445375919 CET49761443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:28.445405960 CET4434976154.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:28.445432901 CET4434976154.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:28.445698977 CET4434976154.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:28.535140038 CET4434976154.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:28.535295010 CET49761443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:28.855202913 CET49761443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:28.855245113 CET4434976154.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:41.440186977 CET49763443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:41.440234900 CET4434976354.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:41.440388918 CET49763443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:41.442461967 CET49763443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:41.442496061 CET4434976354.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:41.486783028 CET4434976354.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:41.489316940 CET49763443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:41.489377975 CET4434976354.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:41.490791082 CET4434976354.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:41.490968943 CET49763443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:41.492367029 CET49763443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:41.492367029 CET49763443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:41.492396116 CET4434976354.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:41.492422104 CET4434976354.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:41.492549896 CET4434976354.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:41.575041056 CET4434976354.93.167.246192.168.2.5
                                                                                                              Dec 8, 2022 12:48:41.575169086 CET49763443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:41.575980902 CET49763443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:41.575980902 CET49763443192.168.2.554.93.167.246
                                                                                                              Dec 8, 2022 12:48:41.576011896 CET4434976354.93.167.246192.168.2.5

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Dec 8, 2022 12:48:22.820142031 CET5847253192.168.2.58.8.8.8
                                                                                                              Dec 8, 2022 12:48:22.837300062 CET53584728.8.8.8192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.517493010 CET6017753192.168.2.58.8.8.8
                                                                                                              Dec 8, 2022 12:48:23.536531925 CET53601778.8.8.8192.168.2.5
                                                                                                              Dec 8, 2022 12:48:23.920433998 CET6028453192.168.2.58.8.8.8
                                                                                                              Dec 8, 2022 12:48:23.940277100 CET53602848.8.8.8192.168.2.5
                                                                                                              Dec 8, 2022 12:48:28.264997959 CET5090253192.168.2.58.8.8.8
                                                                                                              Dec 8, 2022 12:48:28.284137964 CET53509028.8.8.8192.168.2.5
                                                                                                              Dec 8, 2022 12:48:41.231056929 CET4976953192.168.2.58.8.8.8
                                                                                                              Dec 8, 2022 12:48:41.250217915 CET53497698.8.8.8192.168.2.5

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                              Dec 8, 2022 12:48:22.820142031 CET192.168.2.58.8.8.80x16e2Standard query (0)files.wildix.comA (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 12:48:23.517493010 CET192.168.2.58.8.8.80x5d34Standard query (0)files.wildix.comA (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 12:48:23.920433998 CET192.168.2.58.8.8.80x33c9Standard query (0)files.wildix.comA (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 12:48:28.264997959 CET192.168.2.58.8.8.80xfd95Standard query (0)feedback.wildix.comA (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 12:48:41.231056929 CET192.168.2.58.8.8.80x4045Standard query (0)feedback.wildix.comA (IP address)IN (0x0001)false

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                              Dec 8, 2022 12:48:22.837300062 CET8.8.8.8192.168.2.50x16e2No error (0)files.wildix.com52.213.62.3A (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 12:48:23.536531925 CET8.8.8.8192.168.2.50x5d34No error (0)files.wildix.com52.213.62.3A (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 12:48:23.940277100 CET8.8.8.8192.168.2.50x33c9No error (0)files.wildix.com52.213.62.3A (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 12:48:28.284137964 CET8.8.8.8192.168.2.50xfd95No error (0)feedback.wildix.com54.93.167.246A (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 12:48:28.284137964 CET8.8.8.8192.168.2.50xfd95No error (0)feedback.wildix.com3.64.145.227A (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 12:48:41.250217915 CET8.8.8.8192.168.2.50x4045No error (0)feedback.wildix.com54.93.167.246A (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 12:48:41.250217915 CET8.8.8.8192.168.2.50x4045No error (0)feedback.wildix.com3.64.145.227A (IP address)IN (0x0001)false

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • files.wildix.com
                                                                                                              • feedback.wildix.com

                                                                                                              HTTPS Proxied Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              0192.168.2.54975752.213.62.3443C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              2022-12-08 11:48:23 UTC0OUTGET /integrations/integrations.json HTTP/1.1
                                                                                                              Host: files.wildix.com
                                                                                                              Accept: */*
                                                                                                              2022-12-08 11:48:23 UTC0INHTTP/1.1 200 OK
                                                                                                              Server: nginx/1.14.1
                                                                                                              Date: Thu, 08 Dec 2022 11:48:23 GMT
                                                                                                              Content-Type: application/json
                                                                                                              Content-Length: 7833
                                                                                                              Last-Modified: Fri, 02 Dec 2022 17:08:06 GMT
                                                                                                              Connection: close
                                                                                                              ETag: "638a30f6-1e99"
                                                                                                              Access-Control-Allow-Origin: *
                                                                                                              Accept-Ranges: bytes
                                                                                                              2022-12-08 11:48:23 UTC0INData Raw: 7b 0d 0a 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 31 32 30 2c 0d 0a 20 20 22 69 6e 74 65 67 72 61 74 69 6f 6e 73 22 3a 20 7b 0d 0a 20 20 20 20 22 62 72 6f 77 73 65 72 65 78 74 22 3a 20 7b 0d 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 22 65 6e 22 3a 20 22 42 72 6f 77 73 65 72 20 65 78 74 65 6e 73 69 6f 6e 22 2c 0d 0a 20 20 20 20 20 20 20 20 22 65 6e 2d 75 73 22 3a 20 22 42 72 6f 77 73 65 72 20 65 78 74 65 6e 73 69 6f 6e 22 2c 0d 0a 20 20 20 20 20 20 20 20 22 69 74 22 3a 20 22 45 73 74 65 6e 73 69 6f 6e 65 20 64 65 6c 20 62 72 6f 77 73 65 72 22 2c 0d 0a 20 20 20 20 20 20 20 20 22 64 65 22 3a 20 22 42 72 6f 77 73 65 72 2d 45 72 77 65 69 74 65 72 75 6e 67 22 2c 0d 0a 20 20 20 20 20 20 20 20 22 66 72 22 3a 20 22 45 78 74 65 6e
                                                                                                              Data Ascii: { "version": 120, "integrations": { "browserext": { "name": { "en": "Browser extension", "en-us": "Browser extension", "it": "Estensione del browser", "de": "Browser-Erweiterung", "fr": "Exten


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              1192.168.2.54975852.213.62.3443C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              2022-12-08 11:48:23 UTC8OUTGET /integrations/applications.json HTTP/1.1
                                                                                                              Host: files.wildix.com
                                                                                                              Accept: */*
                                                                                                              2022-12-08 11:48:23 UTC8INHTTP/1.1 200 OK
                                                                                                              Server: nginx/1.14.1
                                                                                                              Date: Thu, 08 Dec 2022 11:48:23 GMT
                                                                                                              Content-Type: application/json
                                                                                                              Content-Length: 701
                                                                                                              Last-Modified: Wed, 23 Nov 2022 06:45:04 GMT
                                                                                                              Connection: close
                                                                                                              ETag: "637dc170-2bd"
                                                                                                              Access-Control-Allow-Origin: *
                                                                                                              Accept-Ranges: bytes
                                                                                                              2022-12-08 11:48:23 UTC8INData Raw: 7b 0a 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 37 2c 0a 20 20 20 20 22 61 70 70 6c 69 63 61 74 69 6f 6e 73 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 77 69 6e 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 22 32 2e 35 2e 38 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 66 69 6c 65 22 3a 20 22 77 69 6e 2f 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 2f 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 5f 43 49 2f 43 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 2d 32 2e 35 2e 38 2d 78 36 34 2e 65 78 65 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6d 73 69 22 3a 20 22 77 69 6e 2f 63 6f 6c 6c 61 62 6f 72 61 74 69
                                                                                                              Data Ascii: { "version": 7, "applications": { "collaboration": { "win": { "version": "2.5.8", "file": "win/collaboration/collaboration_CI/Collaboration-2.5.8-x64.exe", "msi": "win/collaborati


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              2192.168.2.54975952.213.62.3443C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              2022-12-08 11:48:24 UTC9OUTGET /integrations/x-beesNativeApp.json HTTP/1.1
                                                                                                              Host: files.wildix.com
                                                                                                              Accept: */*
                                                                                                              2022-12-08 11:48:24 UTC9INHTTP/1.1 200 OK
                                                                                                              Server: nginx/1.14.1
                                                                                                              Date: Thu, 08 Dec 2022 11:48:24 GMT
                                                                                                              Content-Type: application/json
                                                                                                              Content-Length: 579
                                                                                                              Last-Modified: Tue, 22 Nov 2022 18:05:18 GMT
                                                                                                              Connection: close
                                                                                                              ETag: "637d0f5e-243"
                                                                                                              Access-Control-Allow-Origin: *
                                                                                                              Accept-Ranges: bytes
                                                                                                              2022-12-08 11:48:24 UTC9INData Raw: 7b 0d 0a 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 38 2c 0d 0a 20 20 20 20 22 61 70 70 6c 69 63 61 74 69 6f 6e 73 22 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 22 78 2d 62 65 65 73 22 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 77 69 6e 22 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 22 30 2e 35 2e 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 66 69 6c 65 22 3a 20 22 77 69 6e 2f 78 2d 62 65 65 73 2f 78 2d 62 65 65 73 2d 30 2e 35 2e 32 2e 65 78 65 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6d 73 69 22 3a 20 22 77 69 6e 2f 78 2d 62 65 65 73 2f 78 2d 62 65 65 73 2d 30 2e 35 2e 32 2e 6d 73 69 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 61 6c
                                                                                                              Data Ascii: { "version": 8, "applications": { "x-bees": { "win": { "version": "0.5.2", "file": "win/x-bees/x-bees-0.5.2.exe", "msi": "win/x-bees/x-bees-0.5.2.msi", "al


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              3192.168.2.54976154.93.167.246443C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              2022-12-08 11:48:28 UTC9OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                                                              Host: feedback.wildix.com
                                                                                                              Accept: */*
                                                                                                              Content-Length: 498
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              2022-12-08 11:48:28 UTC10OUTData Raw: 65 76 65 6e 74 3d 77 69 53 65 72 76 69 63 65 53 74 61 72 74 65 64 26 64 61 74 61 3d 7b 22 61 70 70 4e 61 6d 65 22 3a 22 77 69 73 65 72 76 69 63 65 22 2c 22 61 75 74 6f 55 70 64 61 74 65 22 3a 22 64 69 73 61 62 6c 65 64 22 2c 22 6c 61 73 74 43 6f 6e 6e 65 63 74 65 64 48 6f 73 74 22 3a 22 22 2c 22 6c 61 73 74 43 6f 6e 6e 65 63 74 65 64 54 69 6d 65 22 3a 30 2c 22 76 65 72 73 69 6f 6e 22 3a 22 33 2e 31 31 2e 33 2e 31 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 65 78 65 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 22 2c 22 6d 65 73 73 61 67 65 49
                                                                                                              Data Ascii: event=wiServiceStarted&data={"appName":"wiservice","autoUpdate":"disabled","lastConnectedHost":"","lastConnectedTime":0,"version":"3.11.3.1"}&context={"cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","extension":"","installer":"exe","machineId":"","messageI
                                                                                                              2022-12-08 11:48:28 UTC10INHTTP/1.1 200 OK
                                                                                                              Date: Thu, 08 Dec 2022 11:48:28 GMT
                                                                                                              Content-Type: text/html;charset=UTF-8
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Server: nginx/1.16.1
                                                                                                              Access-Control-Allow-Origin: *
                                                                                                              Access-Control-Allow-Headers: accept, authorization, content-type
                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                              P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                                                              2022-12-08 11:48:28 UTC10INData Raw: 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              4192.168.2.54976354.93.167.246443C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              2022-12-08 11:48:41 UTC10OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                                                              Host: feedback.wildix.com
                                                                                                              Accept: */*
                                                                                                              Content-Length: 430
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              2022-12-08 11:48:41 UTC11OUTData Raw: 65 76 65 6e 74 3d 68 65 61 64 73 65 74 49 6e 74 65 67 72 61 74 69 6f 6e 43 6f 6e 6e 65 63 74 65 64 26 64 61 74 61 3d 7b 22 61 70 70 4e 61 6d 65 22 3a 22 68 65 61 64 73 65 74 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 65 78 65 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 22 2c 22 6d 65 73 73 61 67 65 49 64 22 3a 22 38 61 64 37 39 63 66 32 2d 64 64 35 30 2d 34 37 65 30 2d 62 63 61 64 2d 33 39 31 32 36 63 36 33 63 35 33 37 22 2c 22 6f 73 22 3a 22 57 69 6e 64 6f 77 73 5f 4e 54 22 2c 22 6f 73 42 69 74 73 22
                                                                                                              Data Ascii: event=headsetIntegrationConnected&data={"appName":"headset","version":""}&context={"cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","extension":"","installer":"exe","machineId":"","messageId":"8ad79cf2-dd50-47e0-bcad-39126c63c537","os":"Windows_NT","osBits"
                                                                                                              2022-12-08 11:48:41 UTC11INHTTP/1.1 200 OK
                                                                                                              Date: Thu, 08 Dec 2022 11:48:41 GMT
                                                                                                              Content-Type: text/html;charset=UTF-8
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Server: nginx/1.16.1
                                                                                                              Access-Control-Allow-Origin: *
                                                                                                              Access-Control-Allow-Headers: accept, authorization, content-type
                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                              P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                                                              2022-12-08 11:48:41 UTC11INData Raw: 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 0


                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Target ID:0
                                                                                                              Start time:12:47:04
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              Imagebase:0x400000
                                                                                                              File size:13876464 bytes
                                                                                                              MD5 hash:6685BBB6EEA96A5BEE42CA0379671647
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000000.00000003.547551815.00000000006C6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000000.00000002.550313217.00000000006C6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000000.00000003.546819473.00000000006C6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000000.00000003.546214148.0000000000696000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000000.00000002.549911172.000000000069A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000000.00000003.547302408.0000000000696000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:low

                                                                                                              General

                                                                                                              Target ID:1
                                                                                                              Start time:12:47:05
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM WIService.exe
                                                                                                              Imagebase:0x11d0000
                                                                                                              File size:232960 bytes
                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:2
                                                                                                              Start time:12:47:06
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7fcd70000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:3
                                                                                                              Start time:12:47:06
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM WIService.exe
                                                                                                              Imagebase:0xc20000
                                                                                                              File size:74752 bytes
                                                                                                              MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:4
                                                                                                              Start time:12:47:07
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM WIui.exe
                                                                                                              Imagebase:0x11d0000
                                                                                                              File size:232960 bytes
                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:5
                                                                                                              Start time:12:47:07
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7fcd70000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:6
                                                                                                              Start time:12:47:07
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM WIui.exe
                                                                                                              Imagebase:0xc20000
                                                                                                              File size:74752 bytes
                                                                                                              MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:7
                                                                                                              Start time:12:47:08
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM wirtpproxy.exe
                                                                                                              Imagebase:0x11d0000
                                                                                                              File size:232960 bytes
                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:8
                                                                                                              Start time:12:47:08
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7fcd70000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:9
                                                                                                              Start time:12:47:08
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM wirtpproxy.exe
                                                                                                              Imagebase:0xc20000
                                                                                                              File size:74752 bytes
                                                                                                              MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:10
                                                                                                              Start time:12:47:09
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM wiservice-ui.exe
                                                                                                              Imagebase:0x11d0000
                                                                                                              File size:232960 bytes
                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:11
                                                                                                              Start time:12:47:09
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7fcd70000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:12
                                                                                                              Start time:12:47:09
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM wiservice-ui.exe
                                                                                                              Imagebase:0xc20000
                                                                                                              File size:74752 bytes
                                                                                                              MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:13
                                                                                                              Start time:12:47:10
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM vncsrv.exe
                                                                                                              Imagebase:0x11d0000
                                                                                                              File size:232960 bytes
                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:14
                                                                                                              Start time:12:47:10
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7fcd70000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:15
                                                                                                              Start time:12:47:10
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM vncsrv.exe
                                                                                                              Imagebase:0xc20000
                                                                                                              File size:74752 bytes
                                                                                                              MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:16
                                                                                                              Start time:12:47:11
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM WildixOutlookIntegration.exe
                                                                                                              Imagebase:0x11d0000
                                                                                                              File size:232960 bytes
                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:17
                                                                                                              Start time:12:47:11
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7fcd70000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:18
                                                                                                              Start time:12:47:11
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM WildixOutlookIntegration.exe
                                                                                                              Imagebase:0xc20000
                                                                                                              File size:74752 bytes
                                                                                                              MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:19
                                                                                                              Start time:12:47:17
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --removesvc
                                                                                                              Imagebase:0x7ff6a3460000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 0%, ReversingLabs

                                                                                                              General

                                                                                                              Target ID:21
                                                                                                              Start time:12:47:29
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter
                                                                                                              Imagebase:0x7ff6a3460000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:22
                                                                                                              Start time:12:47:31
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                              Imagebase:0x7ff6ffff0000
                                                                                                              File size:51288 bytes
                                                                                                              MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:23
                                                                                                              Start time:12:47:32
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\spoolsv.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\System32\spoolsv.exe
                                                                                                              Imagebase:0x7ff7e0600000
                                                                                                              File size:768512 bytes
                                                                                                              MD5 hash:C05A19A38D7D203B738771FD1854656F
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:24
                                                                                                              Start time:12:47:34
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\spoolsv.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\System32\spoolsv.exe
                                                                                                              Imagebase:0x7ff7e0600000
                                                                                                              File size:768512 bytes
                                                                                                              MD5 hash:C05A19A38D7D203B738771FD1854656F
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:25
                                                                                                              Start time:12:47:45
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                              Imagebase:0x7ff6ffff0000
                                                                                                              File size:51288 bytes
                                                                                                              MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:26
                                                                                                              Start time:12:47:47
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase
                                                                                                              Imagebase:0x241a3330000
                                                                                                              File size:64096 bytes
                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                              General

                                                                                                              Target ID:27
                                                                                                              Start time:12:47:48
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7fcd70000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:28
                                                                                                              Start time:12:47:49
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase
                                                                                                              Imagebase:0x2607e780000
                                                                                                              File size:64096 bytes
                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                              General

                                                                                                              Target ID:29
                                                                                                              Start time:12:47:50
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7fcd70000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:31
                                                                                                              Start time:12:47:52
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                              Imagebase:0x7ff6ffff0000
                                                                                                              File size:51288 bytes
                                                                                                              MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:32
                                                                                                              Start time:12:47:53
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase
                                                                                                              Imagebase:0x21943590000
                                                                                                              File size:64096 bytes
                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                              General

                                                                                                              Target ID:34
                                                                                                              Start time:12:47:53
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7fcd70000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:35
                                                                                                              Start time:12:47:55
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase
                                                                                                              Imagebase:0x2ed92f30000
                                                                                                              File size:64096 bytes
                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                              General

                                                                                                              Target ID:36
                                                                                                              Start time:12:47:56
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7fcd70000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:37
                                                                                                              Start time:12:47:59
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                                                                                                              Imagebase:0x7ff7a9e30000
                                                                                                              File size:455656 bytes
                                                                                                              MD5 hash:A267555174BFA53844371226F482B86B
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:38
                                                                                                              Start time:12:48:00
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff715080000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:39
                                                                                                              Start time:12:48:01
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase
                                                                                                              Imagebase:0x152092e0000
                                                                                                              File size:64096 bytes
                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                              General

                                                                                                              Target ID:40
                                                                                                              Start time:12:48:01
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7fcd70000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:42
                                                                                                              Start time:12:48:04
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase
                                                                                                              Imagebase:0x1a5ebcd0000
                                                                                                              File size:64096 bytes
                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                              General

                                                                                                              Target ID:43
                                                                                                              Start time:12:48:04
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7fcd70000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:45
                                                                                                              Start time:12:48:06
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase
                                                                                                              Imagebase:0x1501bdc0000
                                                                                                              File size:64096 bytes
                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                              General

                                                                                                              Target ID:46
                                                                                                              Start time:12:48:06
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7fcd70000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:47
                                                                                                              Start time:12:48:09
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent
                                                                                                              Imagebase:0x1c0d4940000
                                                                                                              File size:64096 bytes
                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                              General

                                                                                                              Target ID:48
                                                                                                              Start time:12:48:09
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7fcd70000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:49
                                                                                                              Start time:12:48:12
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
                                                                                                              Imagebase:0x7ff627730000
                                                                                                              File size:273920 bytes
                                                                                                              MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:50
                                                                                                              Start time:12:48:12
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7fcd70000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:52
                                                                                                              Start time:12:48:13
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
                                                                                                              Imagebase:0x7ff606aa0000
                                                                                                              File size:226816 bytes
                                                                                                              MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:53
                                                                                                              Start time:12:48:13
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                              Imagebase:0x7ff627730000
                                                                                                              File size:273920 bytes
                                                                                                              MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:54
                                                                                                              Start time:12:48:14
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --update
                                                                                                              Imagebase:0x7ff6a3460000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:55
                                                                                                              Start time:12:48:14
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7fcd70000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:56
                                                                                                              Start time:12:48:14
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\netsh.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                              Imagebase:0x7ff65efb0000
                                                                                                              File size:92672 bytes
                                                                                                              MD5 hash:98CC37BBF363A38834253E22C80A8F32
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:57
                                                                                                              Start time:12:48:15
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                              Imagebase:0x7ff627730000
                                                                                                              File size:273920 bytes
                                                                                                              MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:58
                                                                                                              Start time:12:48:15
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7fcd70000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:59
                                                                                                              Start time:12:48:19
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\netsh.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                              Imagebase:0x7ff65efb0000
                                                                                                              File size:92672 bytes
                                                                                                              MD5 hash:98CC37BBF363A38834253E22C80A8F32
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:60
                                                                                                              Start time:12:48:20
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
                                                                                                              Imagebase:0x7ff6a3460000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:61
                                                                                                              Start time:12:48:23
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\WIService.exe"
                                                                                                              Imagebase:0x7ff6a3460000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:62
                                                                                                              Start time:12:48:30
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc
                                                                                                              Imagebase:0x7ff6a3460000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:63
                                                                                                              Start time:12:48:39
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc
                                                                                                              Imagebase:0x7ff6a3460000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:64
                                                                                                              Start time:12:48:43
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
                                                                                                              Imagebase:0x7ff6a3460000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:65
                                                                                                              Start time:12:48:43
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
                                                                                                              Imagebase:0x7ff6a3460000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:66
                                                                                                              Start time:12:48:48
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk
                                                                                                              Imagebase:0x7ff69bc80000
                                                                                                              File size:3933184 bytes
                                                                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:67
                                                                                                              Start time:12:48:49
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                              Imagebase:0x7ff69bc80000
                                                                                                              File size:3933184 bytes
                                                                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:68
                                                                                                              Start time:12:48:51
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
                                                                                                              Imagebase:0x7ff6a3460000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:76
                                                                                                              Start time:12:48:58
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                                                              Wow64 process (32bit):
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:
                                                                                                              Has administrator privileges:
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              Disassembly

                                                                                                              Reset < >

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:32%
                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                Signature Coverage:17.5%
                                                                                                                Total number of Nodes:1311
                                                                                                                Total number of Limit Nodes:44
                                                                                                                execution_graph 2846 401d41 2847 401d54 GetDlgItem 2846->2847 2848 401d47 2846->2848 2850 401d4e 2847->2850 2857 402b0a 2848->2857 2851 401d8f GetClientRect LoadImageA SendMessageA 2850->2851 2860 402b2c 2850->2860 2854 4029b8 2851->2854 2855 401deb 2851->2855 2855->2854 2856 401df3 DeleteObject 2855->2856 2856->2854 2866 406032 2857->2866 2859 402b1f 2859->2850 2861 402b38 2860->2861 2862 406032 17 API calls 2861->2862 2863 402b59 2862->2863 2864 402b65 2863->2864 2865 40627a 5 API calls 2863->2865 2864->2851 2865->2864 2867 40603f 2866->2867 2868 406261 2867->2868 2871 40623b lstrlenA 2867->2871 2873 406032 10 API calls 2867->2873 2876 406157 GetSystemDirectoryA 2867->2876 2877 40616a GetWindowsDirectoryA 2867->2877 2879 406032 10 API calls 2867->2879 2880 4061e4 lstrcatA 2867->2880 2881 40619e SHGetSpecialFolderLocation 2867->2881 2883 405ef7 2867->2883 2888 40627a 2867->2888 2897 405f6e wsprintfA 2867->2897 2898 406010 lstrcpynA 2867->2898 2869 406276 2868->2869 2899 406010 lstrcpynA 2868->2899 2869->2859 2871->2867 2873->2871 2876->2867 2877->2867 2879->2867 2880->2867 2881->2867 2882 4061b6 SHGetPathFromIDListA CoTaskMemFree 2881->2882 2882->2867 2900 405e96 2883->2900 2886 405f5a 2886->2867 2887 405f2b RegQueryValueExA RegCloseKey 2887->2886 2894 406286 2888->2894 2889 4062ee 2890 4062f2 CharPrevA 2889->2890 2893 40630d 2889->2893 2890->2889 2891 4062e3 CharNextA 2891->2889 2891->2894 2893->2867 2894->2889 2894->2891 2895 4062d1 CharNextA 2894->2895 2896 4062de CharNextA 2894->2896 2904 4059d3 2894->2904 2895->2894 2896->2891 2897->2867 2898->2867 2899->2869 2901 405ea5 2900->2901 2902 405ea9 2901->2902 2903 405eae RegOpenKeyExA 2901->2903 2902->2886 2902->2887 2903->2902 2905 4059d9 2904->2905 2906 4059ec 2905->2906 2907 4059df CharNextA 2905->2907 2906->2894 2907->2905 3789 401ec3 3790 402b2c 17 API calls 3789->3790 3791 401ec9 3790->3791 3792 402b2c 17 API calls 3791->3792 3793 401ed2 3792->3793 3794 402b2c 17 API calls 3793->3794 3795 401edb 3794->3795 3796 402b2c 17 API calls 3795->3796 3797 401ee4 3796->3797 3798 401423 24 API calls 3797->3798 3799 401eeb 3798->3799 3806 4056f2 ShellExecuteExA 3799->3806 3801 401f29 3802 40641d 5 API calls 3801->3802 3804 402783 3801->3804 3803 401f43 FindCloseChangeNotification 3802->3803 3803->3804 3806->3801 2945 401746 2946 402b2c 17 API calls 2945->2946 2947 40174d 2946->2947 2951 405bd8 2947->2951 2949 401754 2950 405bd8 2 API calls 2949->2950 2950->2949 2952 405be3 GetTickCount GetTempFileNameA 2951->2952 2953 405c10 2952->2953 2954 405c14 2952->2954 2953->2952 2953->2954 2954->2949 3807 401947 3808 402b2c 17 API calls 3807->3808 3809 40194e lstrlenA 3808->3809 3810 4025e4 3809->3810 2955 401f48 2956 402b2c 17 API calls 2955->2956 2957 401f4e 2956->2957 2968 405137 2957->2968 2962 402783 2965 401f7f FindCloseChangeNotification 2965->2962 2966 401f73 2966->2965 2987 405f6e wsprintfA 2966->2987 2969 405152 2968->2969 2978 401f58 2968->2978 2970 40516f lstrlenA 2969->2970 2971 406032 17 API calls 2969->2971 2972 405198 2970->2972 2973 40517d lstrlenA 2970->2973 2971->2970 2975 4051ab 2972->2975 2976 40519e SetWindowTextA 2972->2976 2974 40518f lstrcatA 2973->2974 2973->2978 2974->2972 2977 4051b1 SendMessageA SendMessageA SendMessageA 2975->2977 2975->2978 2976->2975 2977->2978 2979 4056af CreateProcessA 2978->2979 2980 4056e2 CloseHandle 2979->2980 2981 401f5e 2979->2981 2980->2981 2981->2962 2981->2965 2982 40641d WaitForSingleObject 2981->2982 2983 406437 2982->2983 2984 406449 GetExitCodeProcess 2983->2984 2988 4063e4 2983->2988 2984->2966 2987->2965 2989 406401 PeekMessageA 2988->2989 2990 406411 WaitForSingleObject 2989->2990 2991 4063f7 DispatchMessageA 2989->2991 2990->2983 2991->2989 3811 401fc8 3812 402b2c 17 API calls 3811->3812 3813 401fcf 3812->3813 3814 4063a8 5 API calls 3813->3814 3815 401fde 3814->3815 3816 401ff6 GlobalAlloc 3815->3816 3818 40205e 3815->3818 3817 40200a 3816->3817 3816->3818 3819 4063a8 5 API calls 3817->3819 3820 402011 3819->3820 3821 4063a8 5 API calls 3820->3821 3822 40201b 3821->3822 3822->3818 3826 405f6e wsprintfA 3822->3826 3824 402052 3827 405f6e wsprintfA 3824->3827 3826->3824 3827->3818 3828 4025c8 3829 402b2c 17 API calls 3828->3829 3830 4025cf 3829->3830 3833 405ba9 GetFileAttributesA CreateFileA 3830->3833 3832 4025db 3833->3832 3034 403bca 3035 403be2 3034->3035 3036 403d1d 3034->3036 3035->3036 3037 403bee 3035->3037 3038 403d6e 3036->3038 3039 403d2e GetDlgItem GetDlgItem 3036->3039 3041 403bf9 SetWindowPos 3037->3041 3042 403c0c 3037->3042 3040 403dc8 3038->3040 3048 401389 2 API calls 3038->3048 3103 40409e 3039->3103 3095 403d18 3040->3095 3109 4040ea 3040->3109 3041->3042 3045 403c11 ShowWindow 3042->3045 3046 403c29 3042->3046 3045->3046 3049 403c31 DestroyWindow 3046->3049 3050 403c4b 3046->3050 3047 403d58 KiUserCallbackDispatcher 3106 40140b 3047->3106 3052 403da0 3048->3052 3102 404027 3049->3102 3053 403c50 SetWindowLongA 3050->3053 3054 403c61 3050->3054 3052->3040 3056 403da4 SendMessageA 3052->3056 3053->3095 3055 403c6d GetDlgItem 3054->3055 3068 403cd8 3054->3068 3059 403c80 SendMessageA IsWindowEnabled 3055->3059 3062 403c9d 3055->3062 3056->3095 3057 40140b 2 API calls 3092 403dda 3057->3092 3058 404029 DestroyWindow KiUserCallbackDispatcher 3058->3102 3059->3062 3059->3095 3061 404058 ShowWindow 3061->3095 3064 403caa 3062->3064 3065 403cf1 SendMessageA 3062->3065 3066 403cbd 3062->3066 3074 403ca2 3062->3074 3063 406032 17 API calls 3063->3092 3064->3065 3064->3074 3065->3068 3069 403cc5 3066->3069 3070 403cda 3066->3070 3125 404105 3068->3125 3073 40140b 2 API calls 3069->3073 3072 40140b 2 API calls 3070->3072 3071 40409e 18 API calls 3071->3092 3072->3074 3073->3074 3074->3068 3122 404077 3074->3122 3075 40409e 18 API calls 3076 403e55 GetDlgItem 3075->3076 3077 403e72 ShowWindow KiUserCallbackDispatcher 3076->3077 3078 403e6a 3076->3078 3112 4040c0 KiUserCallbackDispatcher 3077->3112 3078->3077 3080 403e9c EnableWindow 3085 403eb0 3080->3085 3081 403eb5 GetSystemMenu EnableMenuItem SendMessageA 3082 403ee5 SendMessageA 3081->3082 3081->3085 3082->3085 3085->3081 3113 4040d3 SendMessageA 3085->3113 3114 403bab 3085->3114 3117 406010 lstrcpynA 3085->3117 3087 403f14 lstrlenA 3088 406032 17 API calls 3087->3088 3089 403f25 SetWindowTextA 3088->3089 3118 401389 3089->3118 3091 403f69 DestroyWindow 3093 403f83 CreateDialogParamA 3091->3093 3091->3102 3092->3057 3092->3058 3092->3063 3092->3071 3092->3075 3092->3091 3092->3095 3094 403fb6 3093->3094 3093->3102 3096 40409e 18 API calls 3094->3096 3097 403fc1 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3096->3097 3098 401389 2 API calls 3097->3098 3099 404007 3098->3099 3099->3095 3100 40400f ShowWindow 3099->3100 3101 4040ea SendMessageA 3100->3101 3101->3102 3102->3061 3102->3095 3104 406032 17 API calls 3103->3104 3105 4040a9 SetDlgItemTextA 3104->3105 3105->3047 3107 401389 2 API calls 3106->3107 3108 401420 3107->3108 3108->3038 3110 404102 3109->3110 3111 4040f3 SendMessageA 3109->3111 3110->3092 3111->3110 3112->3080 3113->3085 3115 406032 17 API calls 3114->3115 3116 403bb9 SetWindowTextA 3115->3116 3116->3085 3117->3087 3120 401390 3118->3120 3119 4013fe 3119->3092 3120->3119 3121 4013cb MulDiv SendMessageA 3120->3121 3121->3120 3123 404084 SendMessageA 3122->3123 3124 40407e 3122->3124 3123->3068 3124->3123 3126 4041c8 3125->3126 3127 40411d GetWindowLongA 3125->3127 3126->3095 3127->3126 3128 404132 3127->3128 3128->3126 3129 404162 3128->3129 3130 40415f GetSysColor 3128->3130 3131 404172 SetBkMode 3129->3131 3132 404168 SetTextColor 3129->3132 3130->3129 3133 404190 3131->3133 3134 40418a GetSysColor 3131->3134 3132->3131 3135 4041a1 3133->3135 3136 404197 SetBkColor 3133->3136 3134->3133 3135->3126 3137 4041b4 DeleteObject 3135->3137 3138 4041bb CreateBrushIndirect 3135->3138 3136->3135 3137->3138 3138->3126 3139 4014ca 3140 405137 24 API calls 3139->3140 3141 4014d1 3140->3141 3518 40254c 3519 402b6c 17 API calls 3518->3519 3520 402556 3519->3520 3521 402b0a 17 API calls 3520->3521 3522 40255f 3521->3522 3523 402586 RegEnumValueA 3522->3523 3524 40257a RegEnumKeyA 3522->3524 3526 402783 3522->3526 3525 40259b RegCloseKey 3523->3525 3524->3525 3525->3526 3601 403753 3602 40376b 3601->3602 3603 40375d CloseHandle 3601->3603 3608 403798 3602->3608 3603->3602 3606 4057d8 67 API calls 3607 40377c 3606->3607 3609 4037a6 3608->3609 3610 403770 3609->3610 3611 4037ab FreeLibrary GlobalFree 3609->3611 3610->3606 3611->3610 3611->3611 3834 4041d4 lstrcpynA lstrlenA 3661 4014d6 3662 402b0a 17 API calls 3661->3662 3663 4014dc Sleep 3662->3663 3665 4029b8 3663->3665 3684 401759 3685 402b2c 17 API calls 3684->3685 3686 401760 3685->3686 3687 401786 3686->3687 3688 40177e 3686->3688 3724 406010 lstrcpynA 3687->3724 3723 406010 lstrcpynA 3688->3723 3691 401791 3693 4059a8 3 API calls 3691->3693 3692 401784 3695 40627a 5 API calls 3692->3695 3694 401797 lstrcatA 3693->3694 3694->3692 3698 4017a3 3695->3698 3696 406313 2 API calls 3696->3698 3698->3696 3699 405b84 2 API calls 3698->3699 3700 4017ba CompareFileTime 3698->3700 3701 40187e 3698->3701 3702 401855 3698->3702 3705 406010 lstrcpynA 3698->3705 3710 406032 17 API calls 3698->3710 3720 40572c MessageBoxIndirectA 3698->3720 3722 405ba9 GetFileAttributesA CreateFileA 3698->3722 3699->3698 3700->3698 3703 405137 24 API calls 3701->3703 3704 405137 24 API calls 3702->3704 3712 40186a 3702->3712 3706 401888 3703->3706 3704->3712 3705->3698 3707 402ffb 31 API calls 3706->3707 3708 40189b 3707->3708 3709 4018af SetFileTime 3708->3709 3711 4018c1 FindCloseChangeNotification 3708->3711 3709->3711 3710->3698 3711->3712 3713 4018d2 3711->3713 3714 4018d7 3713->3714 3715 4018ea 3713->3715 3716 406032 17 API calls 3714->3716 3717 406032 17 API calls 3715->3717 3718 4018df lstrcatA 3716->3718 3719 4018f2 3717->3719 3718->3719 3721 40572c MessageBoxIndirectA 3719->3721 3720->3698 3721->3712 3722->3698 3723->3692 3724->3691 3835 401659 3836 402b2c 17 API calls 3835->3836 3837 40165f 3836->3837 3838 406313 2 API calls 3837->3838 3839 401665 3838->3839 3840 401959 3841 402b0a 17 API calls 3840->3841 3842 401960 3841->3842 3843 402b0a 17 API calls 3842->3843 3844 40196d 3843->3844 3845 402b2c 17 API calls 3844->3845 3846 401984 lstrlenA 3845->3846 3847 401994 3846->3847 3848 4019d4 3847->3848 3852 406010 lstrcpynA 3847->3852 3850 4019c4 3850->3848 3851 4019c9 lstrlenA 3850->3851 3851->3848 3852->3850 3725 4024da 3726 402b6c 17 API calls 3725->3726 3727 4024e4 3726->3727 3728 402b2c 17 API calls 3727->3728 3729 4024ed 3728->3729 3730 4024f7 RegQueryValueExA 3729->3730 3735 402783 3729->3735 3731 402517 3730->3731 3732 40251d RegCloseKey 3730->3732 3731->3732 3736 405f6e wsprintfA 3731->3736 3732->3735 3736->3732 3853 401cda 3854 402b0a 17 API calls 3853->3854 3855 401ce0 IsWindow 3854->3855 3856 401a0e 3855->3856 3857 402cdd 3858 402cec SetTimer 3857->3858 3860 402d05 3857->3860 3858->3860 3859 402d5a 3860->3859 3861 402d1f MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 3860->3861 3861->3859 3862 401a5e 3863 402b0a 17 API calls 3862->3863 3864 401a67 3863->3864 3865 402b0a 17 API calls 3864->3865 3866 401a0e 3865->3866 2908 401b63 2909 401b70 2908->2909 2910 401bb4 2908->2910 2911 40233b 2909->2911 2917 401b87 2909->2917 2912 401bb8 2910->2912 2913 401bdd GlobalAlloc 2910->2913 2915 406032 17 API calls 2911->2915 2918 401bf8 2912->2918 2929 406010 lstrcpynA 2912->2929 2914 406032 17 API calls 2913->2914 2914->2918 2916 402348 2915->2916 2930 40572c 2916->2930 2927 406010 lstrcpynA 2917->2927 2921 401bca GlobalFree 2921->2918 2923 401b96 2928 406010 lstrcpynA 2923->2928 2925 401ba5 2934 406010 lstrcpynA 2925->2934 2927->2923 2928->2925 2929->2921 2931 405741 2930->2931 2932 40578d 2931->2932 2933 405755 MessageBoxIndirectA 2931->2933 2932->2918 2933->2932 2934->2918 3867 401563 3868 402960 3867->3868 3871 405f6e wsprintfA 3868->3871 3870 402965 3871->3870 3872 402363 3873 402371 3872->3873 3874 40236b 3872->3874 3876 402b2c 17 API calls 3873->3876 3878 402381 3873->3878 3875 402b2c 17 API calls 3874->3875 3875->3873 3876->3878 3877 40238f 3880 402b2c 17 API calls 3877->3880 3878->3877 3879 402b2c 17 API calls 3878->3879 3879->3877 3881 402398 WritePrivateProfileStringA 3880->3881 2935 402765 2936 402b2c 17 API calls 2935->2936 2937 40276c FindFirstFileA 2936->2937 2938 40278f 2937->2938 2942 40277f 2937->2942 2943 405f6e wsprintfA 2938->2943 2940 402796 2944 406010 lstrcpynA 2940->2944 2943->2940 2944->2942 2992 4023e8 2993 40241a 2992->2993 2994 4023ef 2992->2994 2996 402b2c 17 API calls 2993->2996 3003 402b6c 2994->3003 2997 402421 2996->2997 3008 402bea 2997->3008 3000 402b2c 17 API calls 3002 402407 RegDeleteValueA RegCloseKey 3000->3002 3001 40242e 3002->3001 3004 402b2c 17 API calls 3003->3004 3005 402b83 3004->3005 3006 405e96 RegOpenKeyExA 3005->3006 3007 4023f6 3006->3007 3007->3000 3007->3001 3009 402bf6 3008->3009 3010 402bfd 3008->3010 3009->3001 3010->3009 3012 402c2e 3010->3012 3013 405e96 RegOpenKeyExA 3012->3013 3014 402c5c 3013->3014 3015 402cd6 3014->3015 3017 402c60 3014->3017 3015->3009 3016 402c82 RegEnumKeyA 3016->3017 3018 402c99 RegCloseKey 3016->3018 3017->3016 3017->3018 3020 402cba RegCloseKey 3017->3020 3022 402c2e 6 API calls 3017->3022 3025 4063a8 GetModuleHandleA 3018->3025 3020->3015 3022->3017 3023 402cca RegDeleteKeyA 3023->3015 3024 402cad 3024->3015 3026 4063c4 3025->3026 3027 4063ce GetProcAddress 3025->3027 3031 40633a GetSystemDirectoryA 3026->3031 3029 402ca9 3027->3029 3029->3023 3029->3024 3030 4063ca 3030->3027 3030->3029 3033 40635c wsprintfA LoadLibraryExA 3031->3033 3033->3030 3882 4044e9 3883 4044f9 3882->3883 3884 40451f 3882->3884 3885 40409e 18 API calls 3883->3885 3886 404105 8 API calls 3884->3886 3887 404506 SetDlgItemTextA 3885->3887 3888 40452b 3886->3888 3887->3884 3142 40206a 3143 40207c 3142->3143 3152 40212a 3142->3152 3144 402b2c 17 API calls 3143->3144 3146 402083 3144->3146 3145 401423 24 API calls 3153 4022a9 3145->3153 3147 402b2c 17 API calls 3146->3147 3148 40208c 3147->3148 3149 4020a1 LoadLibraryExA 3148->3149 3150 402094 GetModuleHandleA 3148->3150 3151 4020b1 GetProcAddress 3149->3151 3149->3152 3150->3149 3150->3151 3154 4020c0 3151->3154 3155 4020fd 3151->3155 3152->3145 3158 4020d0 3154->3158 3160 401423 3154->3160 3156 405137 24 API calls 3155->3156 3156->3158 3158->3153 3159 40211e FreeLibrary 3158->3159 3159->3153 3161 405137 24 API calls 3160->3161 3162 401431 3161->3162 3162->3158 3889 40166a 3890 402b2c 17 API calls 3889->3890 3891 401671 3890->3891 3892 402b2c 17 API calls 3891->3892 3893 40167a 3892->3893 3894 402b2c 17 API calls 3893->3894 3895 401683 MoveFileA 3894->3895 3896 401696 3895->3896 3897 40168f 3895->3897 3898 406313 2 API calls 3896->3898 3901 4022a9 3896->3901 3899 401423 24 API calls 3897->3899 3900 4016a5 3898->3900 3899->3901 3900->3901 3902 405def 36 API calls 3900->3902 3902->3897 3903 4025ea 3904 402603 3903->3904 3905 4025ef 3903->3905 3906 402b2c 17 API calls 3904->3906 3907 402b0a 17 API calls 3905->3907 3908 40260a lstrlenA 3906->3908 3909 4025f8 3907->3909 3908->3909 3910 405c50 WriteFile 3909->3910 3911 40262c 3909->3911 3910->3911 3185 40326b SetErrorMode GetVersion 3186 4032ac 3185->3186 3187 4032b2 3185->3187 3188 4063a8 5 API calls 3186->3188 3189 40633a 3 API calls 3187->3189 3188->3187 3190 4032c8 lstrlenA 3189->3190 3190->3187 3191 4032d7 3190->3191 3192 4063a8 5 API calls 3191->3192 3193 4032de 3192->3193 3194 4063a8 5 API calls 3193->3194 3195 4032e5 3194->3195 3196 4063a8 5 API calls 3195->3196 3198 4032f1 #17 OleInitialize SHGetFileInfoA 3196->3198 3275 406010 lstrcpynA 3198->3275 3200 40333d GetCommandLineA 3276 406010 lstrcpynA 3200->3276 3202 40334f 3203 4059d3 CharNextA 3202->3203 3204 403378 CharNextA 3203->3204 3212 403388 3204->3212 3205 403452 3206 403465 GetTempPathA 3205->3206 3277 40323a 3206->3277 3208 40347d 3210 403481 GetWindowsDirectoryA lstrcatA 3208->3210 3211 4034d7 DeleteFileA 3208->3211 3209 4059d3 CharNextA 3209->3212 3213 40323a 12 API calls 3210->3213 3287 402dc4 GetTickCount GetModuleFileNameA 3211->3287 3212->3205 3212->3209 3216 403454 3212->3216 3215 40349d 3213->3215 3215->3211 3218 4034a1 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 3215->3218 3371 406010 lstrcpynA 3216->3371 3217 4034eb 3219 403585 ExitProcess OleUninitialize 3217->3219 3222 403571 3217->3222 3229 4059d3 CharNextA 3217->3229 3221 40323a 12 API calls 3218->3221 3223 4036b9 3219->3223 3224 40359b 3219->3224 3227 4034cf 3221->3227 3315 40382d 3222->3315 3225 4036c1 GetCurrentProcess OpenProcessToken 3223->3225 3226 40373b ExitProcess 3223->3226 3230 40572c MessageBoxIndirectA 3224->3230 3231 40370c 3225->3231 3232 4036dc LookupPrivilegeValueA AdjustTokenPrivileges 3225->3232 3227->3211 3227->3219 3234 403506 3229->3234 3236 4035a9 ExitProcess 3230->3236 3237 4063a8 5 API calls 3231->3237 3232->3231 3233 403581 3233->3219 3238 4035b1 3234->3238 3239 40354c 3234->3239 3240 403713 3237->3240 3388 405697 3238->3388 3372 405a96 3239->3372 3243 403728 ExitWindowsEx 3240->3243 3246 403734 3240->3246 3243->3226 3243->3246 3249 40140b 2 API calls 3246->3249 3247 4035d2 lstrcatA lstrcmpiA 3247->3219 3250 4035ee 3247->3250 3248 4035c7 lstrcatA 3248->3247 3249->3226 3252 4035f3 3250->3252 3253 4035fa 3250->3253 3391 4055fd CreateDirectoryA 3252->3391 3396 40567a CreateDirectoryA 3253->3396 3254 403566 3387 406010 lstrcpynA 3254->3387 3259 4035ff SetCurrentDirectoryA 3260 403619 3259->3260 3261 40360e 3259->3261 3400 406010 lstrcpynA 3260->3400 3399 406010 lstrcpynA 3261->3399 3264 406032 17 API calls 3265 403658 DeleteFileA 3264->3265 3266 403665 CopyFileA 3265->3266 3272 403627 3265->3272 3266->3272 3267 4036ad 3269 405def 36 API calls 3267->3269 3270 4036b4 3269->3270 3270->3219 3271 406032 17 API calls 3271->3272 3272->3264 3272->3267 3272->3271 3273 4056af 2 API calls 3272->3273 3274 403699 CloseHandle 3272->3274 3401 405def MoveFileExA 3272->3401 3273->3272 3274->3272 3275->3200 3276->3202 3278 40627a 5 API calls 3277->3278 3279 403246 3278->3279 3280 403250 3279->3280 3405 4059a8 lstrlenA CharPrevA 3279->3405 3280->3208 3283 40567a 2 API calls 3284 40325e 3283->3284 3285 405bd8 2 API calls 3284->3285 3286 403269 3285->3286 3286->3208 3408 405ba9 GetFileAttributesA CreateFileA 3287->3408 3289 402e04 3310 402e14 3289->3310 3409 406010 lstrcpynA 3289->3409 3291 402e2a 3410 4059ef lstrlenA 3291->3410 3295 402e3b GetFileSize 3296 402f35 3295->3296 3308 402e52 3295->3308 3415 402d60 3296->3415 3298 402f3e 3300 402f6e GlobalAlloc 3298->3300 3298->3310 3450 403223 SetFilePointer 3298->3450 3426 403223 SetFilePointer 3300->3426 3302 402fa1 3306 402d60 6 API calls 3302->3306 3304 402f57 3307 40320d ReadFile 3304->3307 3305 402f89 3427 402ffb 3305->3427 3306->3310 3311 402f62 3307->3311 3308->3296 3308->3302 3308->3310 3312 402d60 6 API calls 3308->3312 3447 40320d 3308->3447 3310->3217 3311->3300 3311->3310 3312->3308 3313 402f95 3313->3310 3313->3313 3314 402fd2 SetFilePointer 3313->3314 3314->3310 3316 4063a8 5 API calls 3315->3316 3317 403841 3316->3317 3318 403847 3317->3318 3319 403859 3317->3319 3471 405f6e wsprintfA 3318->3471 3320 405ef7 3 API calls 3319->3320 3321 403884 3320->3321 3323 4038a2 lstrcatA 3321->3323 3325 405ef7 3 API calls 3321->3325 3324 403857 3323->3324 3456 403af2 3324->3456 3325->3323 3328 405a96 18 API calls 3329 4038d4 3328->3329 3330 40395d 3329->3330 3332 405ef7 3 API calls 3329->3332 3331 405a96 18 API calls 3330->3331 3333 403963 3331->3333 3334 403900 3332->3334 3335 403973 LoadImageA 3333->3335 3336 406032 17 API calls 3333->3336 3334->3330 3339 40391c lstrlenA 3334->3339 3343 4059d3 CharNextA 3334->3343 3337 403a19 3335->3337 3338 40399a RegisterClassA 3335->3338 3336->3335 3342 40140b 2 API calls 3337->3342 3340 4039d0 SystemParametersInfoA CreateWindowExA 3338->3340 3341 403a23 3338->3341 3344 403950 3339->3344 3345 40392a lstrcmpiA 3339->3345 3340->3337 3341->3233 3346 403a1f 3342->3346 3347 40391a 3343->3347 3349 4059a8 3 API calls 3344->3349 3345->3344 3348 40393a GetFileAttributesA 3345->3348 3346->3341 3351 403af2 18 API calls 3346->3351 3347->3339 3350 403946 3348->3350 3352 403956 3349->3352 3350->3344 3354 4059ef 2 API calls 3350->3354 3355 403a30 3351->3355 3472 406010 lstrcpynA 3352->3472 3354->3344 3356 403a3c ShowWindow 3355->3356 3357 403abf 3355->3357 3358 40633a 3 API calls 3356->3358 3464 405209 OleInitialize 3357->3464 3360 403a54 3358->3360 3362 403a62 GetClassInfoA 3360->3362 3365 40633a 3 API calls 3360->3365 3361 403ac5 3363 403ae1 3361->3363 3364 403ac9 3361->3364 3367 403a76 GetClassInfoA RegisterClassA 3362->3367 3368 403a8c DialogBoxParamA 3362->3368 3366 40140b 2 API calls 3363->3366 3364->3341 3369 40140b 2 API calls 3364->3369 3365->3362 3366->3341 3367->3368 3370 40140b 2 API calls 3368->3370 3369->3341 3370->3341 3371->3206 3474 406010 lstrcpynA 3372->3474 3374 405aa7 3475 405a41 CharNextA CharNextA 3374->3475 3377 403557 3377->3219 3386 406010 lstrcpynA 3377->3386 3378 40627a 5 API calls 3384 405abd 3378->3384 3379 405ae8 lstrlenA 3380 405af3 3379->3380 3379->3384 3382 4059a8 3 API calls 3380->3382 3383 405af8 GetFileAttributesA 3382->3383 3383->3377 3384->3377 3384->3379 3385 4059ef 2 API calls 3384->3385 3481 406313 FindFirstFileA 3384->3481 3385->3379 3386->3254 3387->3222 3389 4063a8 5 API calls 3388->3389 3390 4035b6 lstrcatA 3389->3390 3390->3247 3390->3248 3392 4035f8 3391->3392 3393 40564e GetLastError 3391->3393 3392->3259 3393->3392 3394 40565d SetFileSecurityA 3393->3394 3394->3392 3395 405673 GetLastError 3394->3395 3395->3392 3397 40568a 3396->3397 3398 40568e GetLastError 3396->3398 3397->3259 3398->3397 3399->3260 3400->3272 3402 405e10 3401->3402 3403 405e03 3401->3403 3402->3272 3484 405c7f 3403->3484 3406 4059c2 lstrcatA 3405->3406 3407 403258 3405->3407 3406->3407 3407->3283 3408->3289 3409->3291 3411 4059fc 3410->3411 3412 405a01 CharPrevA 3411->3412 3413 402e30 3411->3413 3412->3411 3412->3413 3414 406010 lstrcpynA 3413->3414 3414->3295 3416 402d81 3415->3416 3417 402d69 3415->3417 3420 402d91 GetTickCount 3416->3420 3421 402d89 3416->3421 3418 402d72 DestroyWindow 3417->3418 3419 402d79 3417->3419 3418->3419 3419->3298 3422 402dc2 3420->3422 3423 402d9f CreateDialogParamA ShowWindow 3420->3423 3424 4063e4 2 API calls 3421->3424 3422->3298 3423->3422 3425 402d8f 3424->3425 3425->3298 3426->3305 3428 403011 3427->3428 3429 40303f 3428->3429 3453 403223 SetFilePointer 3428->3453 3431 40320d ReadFile 3429->3431 3432 40304a 3431->3432 3433 4031a6 3432->3433 3434 40305c GetTickCount 3432->3434 3442 403190 3432->3442 3435 4031e8 3433->3435 3440 4031aa 3433->3440 3434->3442 3444 4030ab 3434->3444 3437 40320d ReadFile 3435->3437 3436 40320d ReadFile 3436->3444 3437->3442 3438 40320d ReadFile 3438->3440 3439 405c50 WriteFile 3439->3440 3440->3438 3440->3439 3440->3442 3441 403101 GetTickCount 3441->3444 3442->3313 3443 403126 MulDiv wsprintfA 3445 405137 24 API calls 3443->3445 3444->3436 3444->3441 3444->3442 3444->3443 3451 405c50 WriteFile 3444->3451 3445->3444 3454 405c21 ReadFile 3447->3454 3450->3304 3452 405c6e 3451->3452 3452->3444 3453->3429 3455 403220 3454->3455 3455->3308 3457 403b06 3456->3457 3473 405f6e wsprintfA 3457->3473 3459 403b77 3460 403bab 18 API calls 3459->3460 3462 403b7c 3460->3462 3461 4038b2 3461->3328 3462->3461 3463 406032 17 API calls 3462->3463 3463->3462 3465 4040ea SendMessageA 3464->3465 3468 40522c 3465->3468 3466 405253 3467 4040ea SendMessageA 3466->3467 3469 405265 OleUninitialize 3467->3469 3468->3466 3470 401389 2 API calls 3468->3470 3469->3361 3470->3468 3471->3324 3472->3330 3473->3459 3474->3374 3476 405a5c 3475->3476 3479 405a6c 3475->3479 3478 405a67 CharNextA 3476->3478 3476->3479 3477 405a8c 3477->3377 3477->3378 3478->3477 3479->3477 3480 4059d3 CharNextA 3479->3480 3480->3479 3482 406334 3481->3482 3483 406329 FindClose 3481->3483 3482->3384 3483->3482 3485 405ca5 3484->3485 3486 405ccb GetShortPathNameA 3484->3486 3511 405ba9 GetFileAttributesA CreateFileA 3485->3511 3488 405ce0 3486->3488 3489 405dea 3486->3489 3488->3489 3491 405ce8 wsprintfA 3488->3491 3489->3402 3490 405caf CloseHandle GetShortPathNameA 3490->3489 3492 405cc3 3490->3492 3493 406032 17 API calls 3491->3493 3492->3486 3492->3489 3494 405d10 3493->3494 3512 405ba9 GetFileAttributesA CreateFileA 3494->3512 3496 405d1d 3496->3489 3497 405d2c GetFileSize GlobalAlloc 3496->3497 3498 405de3 CloseHandle 3497->3498 3499 405d4e 3497->3499 3498->3489 3500 405c21 ReadFile 3499->3500 3501 405d56 3500->3501 3501->3498 3513 405b0e lstrlenA 3501->3513 3504 405d81 3506 405b0e 4 API calls 3504->3506 3505 405d6d lstrcpyA 3507 405d8f 3505->3507 3506->3507 3508 405dc6 SetFilePointer 3507->3508 3509 405c50 WriteFile 3508->3509 3510 405ddc GlobalFree 3509->3510 3510->3498 3511->3490 3512->3496 3514 405b4f lstrlenA 3513->3514 3515 405b57 3514->3515 3516 405b28 lstrcmpiA 3514->3516 3515->3504 3515->3505 3516->3515 3517 405b46 CharNextA 3516->3517 3517->3514 3912 4037eb 3913 4037f6 3912->3913 3914 4037fa 3913->3914 3915 4037fd GlobalAlloc 3913->3915 3915->3914 3916 4019ed 3917 402b2c 17 API calls 3916->3917 3918 4019f4 3917->3918 3919 402b2c 17 API calls 3918->3919 3920 4019fd 3919->3920 3921 401a04 lstrcmpiA 3920->3921 3922 401a16 lstrcmpA 3920->3922 3923 401a0a 3921->3923 3922->3923 3528 4026ef 3529 4026f6 3528->3529 3532 402965 3528->3532 3530 402b0a 17 API calls 3529->3530 3531 4026fd 3530->3531 3533 40270c SetFilePointer 3531->3533 3533->3532 3534 40271c 3533->3534 3536 405f6e wsprintfA 3534->3536 3536->3532 3924 40156f 3925 401586 3924->3925 3926 40157f ShowWindow 3924->3926 3927 401594 ShowWindow 3925->3927 3928 4029b8 3925->3928 3926->3925 3927->3928 3929 4014f4 SetForegroundWindow 3930 4029b8 3929->3930 3612 405275 3613 405420 3612->3613 3614 405297 GetDlgItem GetDlgItem GetDlgItem 3612->3614 3616 405450 3613->3616 3617 405428 GetDlgItem CreateThread FindCloseChangeNotification 3613->3617 3657 4040d3 SendMessageA 3614->3657 3619 40547e 3616->3619 3620 405466 ShowWindow ShowWindow 3616->3620 3621 40549f 3616->3621 3617->3616 3660 405209 5 API calls 3617->3660 3618 405307 3626 40530e GetClientRect GetSystemMetrics SendMessageA SendMessageA 3618->3626 3623 4054b2 ShowWindow 3619->3623 3624 40548e 3619->3624 3627 4054d9 3619->3627 3659 4040d3 SendMessageA 3620->3659 3625 404105 8 API calls 3621->3625 3630 4054d2 3623->3630 3631 4054c4 3623->3631 3628 404077 SendMessageA 3624->3628 3629 4054ab 3625->3629 3632 405360 SendMessageA SendMessageA 3626->3632 3633 40537c 3626->3633 3627->3621 3634 4054e6 SendMessageA 3627->3634 3628->3621 3639 404077 SendMessageA 3630->3639 3638 405137 24 API calls 3631->3638 3632->3633 3635 405381 SendMessageA 3633->3635 3636 40538f 3633->3636 3634->3629 3637 4054ff CreatePopupMenu 3634->3637 3635->3636 3641 40409e 18 API calls 3636->3641 3640 406032 17 API calls 3637->3640 3638->3630 3639->3627 3642 40550f AppendMenuA 3640->3642 3643 40539f 3641->3643 3644 405540 TrackPopupMenu 3642->3644 3645 40552d GetWindowRect 3642->3645 3646 4053a8 ShowWindow 3643->3646 3647 4053dc GetDlgItem SendMessageA 3643->3647 3644->3629 3648 40555c 3644->3648 3645->3644 3649 4053cb 3646->3649 3650 4053be ShowWindow 3646->3650 3647->3629 3651 405403 SendMessageA SendMessageA 3647->3651 3652 40557b SendMessageA 3648->3652 3658 4040d3 SendMessageA 3649->3658 3650->3649 3651->3629 3652->3652 3653 405598 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3652->3653 3655 4055ba SendMessageA 3653->3655 3655->3655 3656 4055dc GlobalUnlock SetClipboardData CloseClipboard 3655->3656 3656->3629 3657->3618 3658->3647 3659->3619 3931 401cfb 3932 402b0a 17 API calls 3931->3932 3933 401d02 3932->3933 3934 402b0a 17 API calls 3933->3934 3935 401d0e GetDlgItem 3934->3935 3936 4025e4 3935->3936 3937 4018fd 3938 401934 3937->3938 3939 402b2c 17 API calls 3938->3939 3940 401939 3939->3940 3941 4057d8 67 API calls 3940->3941 3942 401942 3941->3942 3943 401dff GetDC 3944 402b0a 17 API calls 3943->3944 3945 401e11 GetDeviceCaps MulDiv ReleaseDC 3944->3945 3946 402b0a 17 API calls 3945->3946 3947 401e42 3946->3947 3948 406032 17 API calls 3947->3948 3949 401e7f CreateFontIndirectA 3948->3949 3950 4025e4 3949->3950 3951 401000 3952 401037 BeginPaint GetClientRect 3951->3952 3953 40100c DefWindowProcA 3951->3953 3955 4010f3 3952->3955 3956 401179 3953->3956 3957 401073 CreateBrushIndirect FillRect DeleteObject 3955->3957 3958 4010fc 3955->3958 3957->3955 3959 401102 CreateFontIndirectA 3958->3959 3960 401167 EndPaint 3958->3960 3959->3960 3961 401112 6 API calls 3959->3961 3960->3956 3961->3960 3962 401900 3963 402b2c 17 API calls 3962->3963 3964 401907 3963->3964 3965 40572c MessageBoxIndirectA 3964->3965 3966 401910 3965->3966 3967 404881 3968 404891 3967->3968 3969 4048ad 3967->3969 3978 405710 GetDlgItemTextA 3968->3978 3971 4048e0 3969->3971 3972 4048b3 SHGetPathFromIDListA 3969->3972 3974 4048c3 3972->3974 3977 4048ca SendMessageA 3972->3977 3973 40489e SendMessageA 3973->3969 3976 40140b 2 API calls 3974->3976 3976->3977 3977->3971 3978->3973 3979 401502 3980 40150a 3979->3980 3982 40151d 3979->3982 3981 402b0a 17 API calls 3980->3981 3981->3982 3983 404209 3984 40421f 3983->3984 3985 40432b 3983->3985 3987 40409e 18 API calls 3984->3987 3986 40439a 3985->3986 3988 404464 3985->3988 3993 40436f GetDlgItem SendMessageA 3985->3993 3986->3988 3989 4043a4 GetDlgItem 3986->3989 3990 404275 3987->3990 3995 404105 8 API calls 3988->3995 3991 404422 3989->3991 3992 4043ba 3989->3992 3994 40409e 18 API calls 3990->3994 3991->3988 4000 404434 3991->4000 3992->3991 3999 4043e0 SendMessageA LoadCursorA SetCursor 3992->3999 4016 4040c0 KiUserCallbackDispatcher 3993->4016 3997 404282 CheckDlgButton 3994->3997 3998 40445f 3995->3998 4014 4040c0 KiUserCallbackDispatcher 3997->4014 4020 4044ad 3999->4020 4004 40443a SendMessageA 4000->4004 4005 40444b 4000->4005 4001 404395 4017 404489 4001->4017 4004->4005 4005->3998 4006 404451 SendMessageA 4005->4006 4006->3998 4008 4042a0 GetDlgItem 4015 4040d3 SendMessageA 4008->4015 4011 4042b6 SendMessageA 4012 4042d4 GetSysColor 4011->4012 4013 4042dd SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4011->4013 4012->4013 4013->3998 4014->4008 4015->4011 4016->4001 4018 404497 4017->4018 4019 40449c SendMessageA 4017->4019 4018->4019 4019->3986 4023 4056f2 ShellExecuteExA 4020->4023 4022 404413 LoadCursorA SetCursor 4022->3991 4023->4022 3163 401c0a 3164 402b0a 17 API calls 3163->3164 3165 401c11 3164->3165 3166 402b0a 17 API calls 3165->3166 3167 401c1e 3166->3167 3168 401c33 3167->3168 3170 402b2c 17 API calls 3167->3170 3169 401c43 3168->3169 3171 402b2c 17 API calls 3168->3171 3172 401c9a 3169->3172 3173 401c4e 3169->3173 3170->3168 3171->3169 3175 402b2c 17 API calls 3172->3175 3174 402b0a 17 API calls 3173->3174 3176 401c53 3174->3176 3177 401c9f 3175->3177 3178 402b0a 17 API calls 3176->3178 3179 402b2c 17 API calls 3177->3179 3181 401c5f 3178->3181 3180 401ca8 FindWindowExA 3179->3180 3184 401cc6 3180->3184 3182 401c8a SendMessageA 3181->3182 3183 401c6c SendMessageTimeoutA 3181->3183 3182->3184 3183->3184 3537 401e8f 3538 402b0a 17 API calls 3537->3538 3539 401e95 3538->3539 3540 402b0a 17 API calls 3539->3540 3541 401ea1 3540->3541 3542 401eb8 EnableWindow 3541->3542 3543 401ead ShowWindow 3541->3543 3544 4029b8 3542->3544 3543->3544 4024 401490 4025 405137 24 API calls 4024->4025 4026 401497 4025->4026 4027 402993 SendMessageA 4028 4029b8 4027->4028 4029 4029ad InvalidateRect 4027->4029 4029->4028 4030 401f98 4031 402b2c 17 API calls 4030->4031 4032 401f9f 4031->4032 4033 406313 2 API calls 4032->4033 4034 401fa5 4033->4034 4036 401fb7 4034->4036 4037 405f6e wsprintfA 4034->4037 4037->4036 4038 40149d 4039 4014ab PostQuitMessage 4038->4039 4040 40234e 4038->4040 4039->4040 4041 40159d 4042 402b2c 17 API calls 4041->4042 4043 4015a4 SetFileAttributesA 4042->4043 4044 4015b6 4043->4044 4045 401a1e 4046 402b2c 17 API calls 4045->4046 4047 401a27 ExpandEnvironmentStringsA 4046->4047 4048 401a3b 4047->4048 4050 401a4e 4047->4050 4049 401a40 lstrcmpA 4048->4049 4048->4050 4049->4050 4056 40171f 4057 402b2c 17 API calls 4056->4057 4058 401726 SearchPathA 4057->4058 4059 401741 4058->4059 4060 401d20 4061 402b0a 17 API calls 4060->4061 4062 401d2e SetWindowLongA 4061->4062 4063 4029b8 4062->4063 4064 402721 4065 402727 4064->4065 4066 4029b8 4065->4066 4067 40272f FindClose 4065->4067 4067->4066 4068 404aa3 GetDlgItem GetDlgItem 4069 404d20 4068->4069 4070 404af9 7 API calls 4068->4070 4075 404e02 4069->4075 4102 404d8f 4069->4102 4121 4049f1 SendMessageA 4069->4121 4071 404ba1 DeleteObject 4070->4071 4072 404b95 SendMessageA 4070->4072 4073 404bac 4071->4073 4072->4071 4074 404be3 4073->4074 4076 406032 17 API calls 4073->4076 4077 40409e 18 API calls 4074->4077 4078 404eae 4075->4078 4083 404d13 4075->4083 4087 404e5b SendMessageA 4075->4087 4081 404bc5 SendMessageA SendMessageA 4076->4081 4082 404bf7 4077->4082 4079 404ec0 4078->4079 4080 404eb8 SendMessageA 4078->4080 4090 404ed2 ImageList_Destroy 4079->4090 4091 404ed9 4079->4091 4098 404ee9 4079->4098 4080->4079 4081->4073 4086 40409e 18 API calls 4082->4086 4088 404105 8 API calls 4083->4088 4084 404df4 SendMessageA 4084->4075 4103 404c08 4086->4103 4087->4083 4093 404e70 SendMessageA 4087->4093 4089 4050a4 4088->4089 4090->4091 4094 404ee2 GlobalFree 4091->4094 4091->4098 4092 405058 4092->4083 4099 40506a ShowWindow GetDlgItem ShowWindow 4092->4099 4096 404e83 4093->4096 4094->4098 4095 404ce2 GetWindowLongA SetWindowLongA 4097 404cfb 4095->4097 4108 404e94 SendMessageA 4096->4108 4100 404d00 ShowWindow 4097->4100 4101 404d18 4097->4101 4098->4092 4115 404f24 4098->4115 4126 404a71 4098->4126 4099->4083 4119 4040d3 SendMessageA 4100->4119 4120 4040d3 SendMessageA 4101->4120 4102->4075 4102->4084 4103->4095 4104 404cdd 4103->4104 4107 404c5a SendMessageA 4103->4107 4109 404c98 SendMessageA 4103->4109 4110 404cac SendMessageA 4103->4110 4104->4095 4104->4097 4107->4103 4108->4078 4109->4103 4110->4103 4112 40502e InvalidateRect 4112->4092 4113 405044 4112->4113 4135 4049ac 4113->4135 4114 404f52 SendMessageA 4118 404f68 4114->4118 4115->4114 4115->4118 4117 404fdc SendMessageA SendMessageA 4117->4118 4118->4112 4118->4117 4119->4083 4120->4069 4122 404a50 SendMessageA 4121->4122 4123 404a14 GetMessagePos ScreenToClient SendMessageA 4121->4123 4124 404a48 4122->4124 4123->4124 4125 404a4d 4123->4125 4124->4102 4125->4122 4138 406010 lstrcpynA 4126->4138 4128 404a84 4139 405f6e wsprintfA 4128->4139 4130 404a8e 4131 40140b 2 API calls 4130->4131 4132 404a97 4131->4132 4140 406010 lstrcpynA 4132->4140 4134 404a9e 4134->4115 4141 4048e7 4135->4141 4137 4049c1 4137->4092 4138->4128 4139->4130 4140->4134 4142 4048fd 4141->4142 4143 406032 17 API calls 4142->4143 4144 404961 4143->4144 4145 406032 17 API calls 4144->4145 4146 40496c 4145->4146 4147 406032 17 API calls 4146->4147 4148 404982 lstrlenA wsprintfA SetDlgItemTextA 4147->4148 4148->4137 4149 4027a3 4150 402b2c 17 API calls 4149->4150 4151 4027b1 4150->4151 4152 4027c7 4151->4152 4153 402b2c 17 API calls 4151->4153 4154 405b84 2 API calls 4152->4154 4153->4152 4155 4027cd 4154->4155 4177 405ba9 GetFileAttributesA CreateFileA 4155->4177 4157 4027da 4158 4027e6 GlobalAlloc 4157->4158 4159 40287d 4157->4159 4162 402874 CloseHandle 4158->4162 4163 4027ff 4158->4163 4160 402885 DeleteFileA 4159->4160 4161 402898 4159->4161 4160->4161 4162->4159 4178 403223 SetFilePointer 4163->4178 4165 402805 4166 40320d ReadFile 4165->4166 4167 40280e GlobalAlloc 4166->4167 4168 402852 4167->4168 4169 40281e 4167->4169 4171 405c50 WriteFile 4168->4171 4170 402ffb 31 API calls 4169->4170 4176 40282b 4170->4176 4172 40285e GlobalFree 4171->4172 4173 402ffb 31 API calls 4172->4173 4175 402871 4173->4175 4174 402849 GlobalFree 4174->4168 4175->4162 4176->4174 4177->4157 4178->4165 4179 4023a7 4180 402b2c 17 API calls 4179->4180 4181 4023b8 4180->4181 4182 402b2c 17 API calls 4181->4182 4183 4023c1 4182->4183 4184 402b2c 17 API calls 4183->4184 4185 4023cb GetPrivateProfileStringA 4184->4185 4186 4050ab 4187 4050bb 4186->4187 4188 4050cf 4186->4188 4189 4050c1 4187->4189 4190 405118 4187->4190 4191 4050d7 IsWindowVisible 4188->4191 4197 4050ee 4188->4197 4192 4040ea SendMessageA 4189->4192 4194 40511d CallWindowProcA 4190->4194 4191->4190 4193 4050e4 4191->4193 4195 4050cb 4192->4195 4196 4049f1 5 API calls 4193->4196 4194->4195 4196->4197 4197->4194 4198 404a71 4 API calls 4197->4198 4198->4190 4199 40292c 4200 402b0a 17 API calls 4199->4200 4201 402932 4200->4201 4202 402967 4201->4202 4203 402783 4201->4203 4205 402944 4201->4205 4202->4203 4204 406032 17 API calls 4202->4204 4204->4203 4205->4203 4207 405f6e wsprintfA 4205->4207 4207->4203 4208 404530 4209 40455c 4208->4209 4210 40456d 4208->4210 4269 405710 GetDlgItemTextA 4209->4269 4212 404579 GetDlgItem 4210->4212 4219 4045d8 4210->4219 4213 40458d 4212->4213 4217 4045a1 SetWindowTextA 4213->4217 4222 405a41 4 API calls 4213->4222 4214 4046bc 4218 404866 4214->4218 4271 405710 GetDlgItemTextA 4214->4271 4215 404567 4216 40627a 5 API calls 4215->4216 4216->4210 4223 40409e 18 API calls 4217->4223 4221 404105 8 API calls 4218->4221 4219->4214 4219->4218 4224 406032 17 API calls 4219->4224 4226 40487a 4221->4226 4227 404597 4222->4227 4228 4045bd 4223->4228 4229 40464c SHBrowseForFolderA 4224->4229 4225 4046ec 4230 405a96 18 API calls 4225->4230 4227->4217 4234 4059a8 3 API calls 4227->4234 4231 40409e 18 API calls 4228->4231 4229->4214 4232 404664 CoTaskMemFree 4229->4232 4233 4046f2 4230->4233 4235 4045cb 4231->4235 4236 4059a8 3 API calls 4232->4236 4272 406010 lstrcpynA 4233->4272 4234->4217 4270 4040d3 SendMessageA 4235->4270 4238 404671 4236->4238 4241 4046a8 SetDlgItemTextA 4238->4241 4245 406032 17 API calls 4238->4245 4240 4045d1 4243 4063a8 5 API calls 4240->4243 4241->4214 4242 404709 4244 4063a8 5 API calls 4242->4244 4243->4219 4251 404710 4244->4251 4246 404690 lstrcmpiA 4245->4246 4246->4241 4248 4046a1 lstrcatA 4246->4248 4247 40474c 4273 406010 lstrcpynA 4247->4273 4248->4241 4250 404753 4252 405a41 4 API calls 4250->4252 4251->4247 4256 4059ef 2 API calls 4251->4256 4257 4047a4 4251->4257 4253 404759 GetDiskFreeSpaceA 4252->4253 4255 40477d MulDiv 4253->4255 4253->4257 4255->4257 4256->4251 4258 404815 4257->4258 4260 4049ac 20 API calls 4257->4260 4259 404838 4258->4259 4261 40140b 2 API calls 4258->4261 4274 4040c0 KiUserCallbackDispatcher 4259->4274 4262 404802 4260->4262 4261->4259 4264 404817 SetDlgItemTextA 4262->4264 4265 404807 4262->4265 4264->4258 4266 4048e7 20 API calls 4265->4266 4266->4258 4267 404854 4267->4218 4268 404489 SendMessageA 4267->4268 4268->4218 4269->4215 4270->4240 4271->4225 4272->4242 4273->4250 4274->4267 4275 402631 4276 402b0a 17 API calls 4275->4276 4280 40263b 4276->4280 4277 4026a9 4278 405c21 ReadFile 4278->4280 4279 4026ab 4284 405f6e wsprintfA 4279->4284 4280->4277 4280->4278 4280->4279 4281 4026bb 4280->4281 4281->4277 4283 4026d1 SetFilePointer 4281->4283 4283->4277 4284->4277 3545 401932 3546 401934 3545->3546 3547 402b2c 17 API calls 3546->3547 3548 401939 3547->3548 3551 4057d8 3548->3551 3552 405a96 18 API calls 3551->3552 3553 4057f8 3552->3553 3554 405800 DeleteFileA 3553->3554 3555 405817 3553->3555 3583 401942 3554->3583 3558 405945 3555->3558 3588 406010 lstrcpynA 3555->3588 3557 40583d 3559 405850 3557->3559 3560 405843 lstrcatA 3557->3560 3561 406313 2 API calls 3558->3561 3558->3583 3563 4059ef 2 API calls 3559->3563 3562 405856 3560->3562 3564 405969 3561->3564 3565 405864 lstrcatA 3562->3565 3566 40586f lstrlenA FindFirstFileA 3562->3566 3563->3562 3567 4059a8 3 API calls 3564->3567 3564->3583 3565->3566 3566->3558 3586 405893 3566->3586 3569 405973 3567->3569 3568 4059d3 CharNextA 3568->3586 3570 405790 5 API calls 3569->3570 3571 40597f 3570->3571 3572 405983 3571->3572 3573 405999 3571->3573 3578 405137 24 API calls 3572->3578 3572->3583 3574 405137 24 API calls 3573->3574 3574->3583 3575 405924 FindNextFileA 3577 40593c FindClose 3575->3577 3575->3586 3577->3558 3579 405990 3578->3579 3580 405def 36 API calls 3579->3580 3580->3583 3582 4057d8 60 API calls 3582->3586 3584 405137 24 API calls 3584->3575 3585 405137 24 API calls 3585->3586 3586->3568 3586->3575 3586->3582 3586->3584 3586->3585 3587 405def 36 API calls 3586->3587 3589 406010 lstrcpynA 3586->3589 3590 405790 3586->3590 3587->3586 3588->3557 3589->3586 3598 405b84 GetFileAttributesA 3590->3598 3593 4057bd 3593->3586 3594 4057b3 DeleteFileA 3596 4057b9 3594->3596 3595 4057ab RemoveDirectoryA 3595->3596 3596->3593 3597 4057c9 SetFileAttributesA 3596->3597 3597->3593 3599 40579c 3598->3599 3600 405b96 SetFileAttributesA 3598->3600 3599->3593 3599->3594 3599->3595 3600->3599 4285 4022b2 4286 402b2c 17 API calls 4285->4286 4287 4022b8 4286->4287 4288 402b2c 17 API calls 4287->4288 4289 4022c1 4288->4289 4290 402b2c 17 API calls 4289->4290 4291 4022ca 4290->4291 4292 406313 2 API calls 4291->4292 4293 4022d3 4292->4293 4294 4022e4 lstrlenA lstrlenA 4293->4294 4298 4022d7 4293->4298 4296 405137 24 API calls 4294->4296 4295 405137 24 API calls 4299 4022df 4295->4299 4297 402320 SHFileOperationA 4296->4297 4297->4298 4297->4299 4298->4295 4298->4299 4300 402334 4301 40233b 4300->4301 4304 40234e 4300->4304 4302 406032 17 API calls 4301->4302 4303 402348 4302->4303 4305 40572c MessageBoxIndirectA 4303->4305 4305->4304 4306 4014b7 4307 4014bd 4306->4307 4308 401389 2 API calls 4307->4308 4309 4014c5 4308->4309 3666 402138 3667 402b2c 17 API calls 3666->3667 3668 40213f 3667->3668 3669 402b2c 17 API calls 3668->3669 3670 402149 3669->3670 3671 402b2c 17 API calls 3670->3671 3672 402153 3671->3672 3673 402b2c 17 API calls 3672->3673 3674 40215d 3673->3674 3675 402b2c 17 API calls 3674->3675 3676 402167 3675->3676 3677 4021a9 CoCreateInstance 3676->3677 3678 402b2c 17 API calls 3676->3678 3681 4021c8 3677->3681 3683 402273 3677->3683 3678->3677 3679 401423 24 API calls 3680 4022a9 3679->3680 3682 402253 MultiByteToWideChar 3681->3682 3681->3683 3682->3683 3683->3679 3683->3680 3737 4015bb 3738 402b2c 17 API calls 3737->3738 3739 4015c2 3738->3739 3740 405a41 4 API calls 3739->3740 3755 4015ca 3740->3755 3741 401624 3743 401652 3741->3743 3744 401629 3741->3744 3742 4059d3 CharNextA 3742->3755 3746 401423 24 API calls 3743->3746 3745 401423 24 API calls 3744->3745 3747 401630 3745->3747 3752 40164a 3746->3752 3756 406010 lstrcpynA 3747->3756 3748 40567a 2 API calls 3748->3755 3750 405697 5 API calls 3750->3755 3751 40163b SetCurrentDirectoryA 3751->3752 3753 40160c GetFileAttributesA 3753->3755 3754 4055fd 4 API calls 3754->3755 3755->3741 3755->3742 3755->3748 3755->3750 3755->3753 3755->3754 3756->3751 3757 40273b 3758 402741 3757->3758 3759 402745 FindNextFileA 3758->3759 3762 402757 3758->3762 3760 402796 3759->3760 3759->3762 3763 406010 lstrcpynA 3760->3763 3763->3762 4310 4016bb 4311 402b2c 17 API calls 4310->4311 4312 4016c1 GetFullPathNameA 4311->4312 4313 4016d8 4312->4313 4319 4016f9 4312->4319 4316 406313 2 API calls 4313->4316 4313->4319 4314 4029b8 4315 40170d GetShortPathNameA 4315->4314 4317 4016e9 4316->4317 4317->4319 4320 406010 lstrcpynA 4317->4320 4319->4314 4319->4315 4320->4319 3764 40243d 3765 402b2c 17 API calls 3764->3765 3766 40244f 3765->3766 3767 402b2c 17 API calls 3766->3767 3768 402459 3767->3768 3781 402bbc 3768->3781 3771 40248e 3772 40249a 3771->3772 3774 402b0a 17 API calls 3771->3774 3775 4024b9 RegSetValueExA 3772->3775 3777 402ffb 31 API calls 3772->3777 3773 402b2c 17 API calls 3776 402487 lstrlenA 3773->3776 3774->3772 3778 4024cf RegCloseKey 3775->3778 3776->3771 3777->3775 3780 402783 3778->3780 3782 402bd7 3781->3782 3785 405ec4 3782->3785 3786 405ed3 3785->3786 3787 402469 3786->3787 3788 405ede RegCreateKeyExA 3786->3788 3787->3771 3787->3773 3787->3780 3788->3787 4321 401b3f 4322 402b2c 17 API calls 4321->4322 4323 401b46 4322->4323 4324 402b0a 17 API calls 4323->4324 4325 401b4f wsprintfA 4324->4325 4326 4029b8 4325->4326

                                                                                                                Executed Functions

                                                                                                                Function 0040326B Relevance: 93.1, APIs: 33, Strings: 20, Instructions: 366stringcomfileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 0 40326b-4032aa SetErrorMode GetVersion 1 4032ac-4032b4 call 4063a8 0->1 2 4032bd 0->2 1->2 8 4032b6 1->8 4 4032c2-4032d5 call 40633a lstrlenA 2->4 9 4032d7-4032f3 call 4063a8 * 3 4->9 8->2 16 403304-403362 #17 OleInitialize SHGetFileInfoA call 406010 GetCommandLineA call 406010 9->16 17 4032f5-4032fb 9->17 24 403364-403369 16->24 25 40336e-403383 call 4059d3 CharNextA 16->25 17->16 22 4032fd 17->22 22->16 24->25 28 403448-40344c 25->28 29 403452 28->29 30 403388-40338b 28->30 33 403465-40347f GetTempPathA call 40323a 29->33 31 403393-40339b 30->31 32 40338d-403391 30->32 34 4033a3-4033a6 31->34 35 40339d-40339e 31->35 32->31 32->32 43 403481-40349f GetWindowsDirectoryA lstrcatA call 40323a 33->43 44 4034d7-4034f1 DeleteFileA call 402dc4 33->44 37 403438-403445 call 4059d3 34->37 38 4033ac-4033b0 34->38 35->34 37->28 56 403447 37->56 41 4033b2-4033b8 38->41 42 4033c8-4033f5 38->42 50 4033ba-4033bc 41->50 51 4033be 41->51 45 4033f7-4033fd 42->45 46 403408-403436 42->46 43->44 58 4034a1-4034d1 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 40323a 43->58 59 403585-403595 ExitProcess OleUninitialize 44->59 60 4034f7-4034fd 44->60 52 403403 45->52 53 4033ff-403401 45->53 46->37 55 403454-403460 call 406010 46->55 50->42 50->51 51->42 52->46 53->46 53->52 55->33 56->28 58->44 58->59 65 4036b9-4036bf 59->65 66 40359b-4035ab call 40572c ExitProcess 59->66 63 403575-40357c call 40382d 60->63 64 4034ff-40350a call 4059d3 60->64 75 403581 63->75 81 403540-40354a 64->81 82 40350c-403535 64->82 67 4036c1-4036da GetCurrentProcess OpenProcessToken 65->67 68 40373b-403743 65->68 73 40370c-40371a call 4063a8 67->73 74 4036dc-403706 LookupPrivilegeValueA AdjustTokenPrivileges 67->74 77 403745 68->77 78 403749-40374d ExitProcess 68->78 89 403728-403732 ExitWindowsEx 73->89 90 40371c-403726 73->90 74->73 75->59 77->78 83 4035b1-4035c5 call 405697 lstrcatA 81->83 84 40354c-403559 call 405a96 81->84 86 403537-403539 82->86 95 4035d2-4035ec lstrcatA lstrcmpiA 83->95 96 4035c7-4035cd lstrcatA 83->96 84->59 97 40355b-403571 call 406010 * 2 84->97 86->81 91 40353b-40353e 86->91 89->68 94 403734-403736 call 40140b 89->94 90->89 90->94 91->81 91->86 94->68 95->59 100 4035ee-4035f1 95->100 96->95 97->63 102 4035f3-4035f8 call 4055fd 100->102 103 4035fa call 40567a 100->103 110 4035ff-40360c SetCurrentDirectoryA 102->110 103->110 111 403619-403641 call 406010 110->111 112 40360e-403614 call 406010 110->112 116 403647-403663 call 406032 DeleteFileA 111->116 112->111 119 4036a4-4036ab 116->119 120 403665-403675 CopyFileA 116->120 119->116 122 4036ad-4036b4 call 405def 119->122 120->119 121 403677-403697 call 405def call 406032 call 4056af 120->121 121->119 131 403699-4036a0 CloseHandle 121->131 122->59 131->119
                                                                                                                C-Code - Quality: 85%
                                                                                                                			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t53;
				CHAR* _t55;
				void* _t59;
				intOrPtr _t61;
				int _t62;
				int _t65;
				signed int _t66;
				int _t67;
				signed int _t69;
				void* _t93;
				signed int _t109;
				void* _t112;
				void* _t117;
				intOrPtr* _t118;
				char _t121;
				signed int _t140;
				signed int _t141;
				int _t149;
				void* _t150;
				intOrPtr* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t158;
				char* _t159;
				void* _t162;
				void* _t163;
				char _t188;

				 *(_t163 + 0x18) = 0;
				 *((intOrPtr*)(_t163 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t163 + 0x20) = 0;
				 *(_t163 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x42f40c = _t42;
				if(_t42 != 6) {
					_t118 = E004063A8(0);
					if(_t118 != 0) {
						 *_t118(0xc00);
					}
				}
				_t155 = "UXTHEME";
				do {
					E0040633A(_t155); // executed
					_t155 =  &(_t155[lstrlenA(_t155) + 1]);
				} while ( *_t155 != 0);
				E004063A8(0xa);
				 *0x42f404 = E004063A8(8);
				_t47 = E004063A8(6);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x42f40f =  *0x42f40f | 0x00000040;
					}
				}
				__imp__#17(_t158);
				__imp__OleInitialize(0); // executed
				 *0x42f4d8 = _t47;
				SHGetFileInfoA(0x429830, 0, _t163 + 0x38, 0x160, 0); // executed
				E00406010("Wildix Integration Service v3.11.3 Setup", "NSIS Error");
				_t51 = GetCommandLineA();
				_t159 = "\"C:\\Users\\alfons\\Desktop\\SetupWIService.exe\"";
				E00406010(_t159, _t51);
				 *0x42f400 = 0x400000;
				_t53 = _t159;
				if("\"C:\\Users\\alfons\\Desktop\\SetupWIService.exe\"" == 0x22) {
					 *(_t163 + 0x14) = 0x22;
					_t53 =  &M00435001;
				}
				_t55 = CharNextA(E004059D3(_t53,  *(_t163 + 0x14)));
				 *(_t163 + 0x1c) = _t55;
				while(1) {
					_t121 =  *_t55;
					_t171 = _t121;
					if(_t121 == 0) {
						break;
					}
					__eflags = _t121 - 0x20;
					if(_t121 != 0x20) {
						L13:
						__eflags =  *_t55 - 0x22;
						 *(_t163 + 0x14) = 0x20;
						if( *_t55 == 0x22) {
							_t55 =  &(_t55[1]);
							__eflags = _t55;
							 *(_t163 + 0x14) = 0x22;
						}
						__eflags =  *_t55 - 0x2f;
						if( *_t55 != 0x2f) {
							L25:
							_t55 = E004059D3(_t55,  *(_t163 + 0x14));
							__eflags =  *_t55 - 0x22;
							if(__eflags == 0) {
								_t55 =  &(_t55[1]);
								__eflags = _t55;
							}
							continue;
						} else {
							_t55 =  &(_t55[1]);
							__eflags =  *_t55 - 0x53;
							if( *_t55 != 0x53) {
								L20:
								__eflags =  *_t55 - ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC");
								if( *_t55 != ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=")) {
										 *((char*)(_t55 - 2)) = 0;
										__eflags =  &(_t55[2]);
										E00406010("C:\\Program Files\\Wildix\\WIService",  &(_t55[2]));
										L30:
										_t156 = "C:\\Users\\alfons\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t156);
										_t59 = E0040323A(_t171);
										_t172 = _t59;
										if(_t59 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t61 = E00402DC4(_t174,  *(_t163 + 0x20)); // executed
											 *((intOrPtr*)(_t163 + 0x10)) = _t61;
											if(_t61 != 0) {
												L43:
												ExitProcess(); // executed
												__imp__OleUninitialize(); // executed
												_t184 =  *((intOrPtr*)(_t163 + 0x10));
												if( *((intOrPtr*)(_t163 + 0x10)) == 0) {
													__eflags =  *0x42f4b4;
													if( *0x42f4b4 == 0) {
														L67:
														_t62 =  *0x42f4cc;
														__eflags = _t62 - 0xffffffff;
														if(_t62 != 0xffffffff) {
															 *(_t163 + 0x14) = _t62;
														}
														ExitProcess( *(_t163 + 0x14));
													}
													_t65 = OpenProcessToken(GetCurrentProcess(), 0x28, _t163 + 0x18);
													__eflags = _t65;
													_t149 = 2;
													if(_t65 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t163 + 0x24);
														 *(_t163 + 0x38) = 1;
														 *(_t163 + 0x44) = _t149;
														AdjustTokenPrivileges( *(_t163 + 0x2c), 0, _t163 + 0x28, 0, 0, 0);
													}
													_t66 = E004063A8(4);
													__eflags = _t66;
													if(_t66 == 0) {
														L65:
														_t67 = ExitWindowsEx(_t149, 0x80040002);
														__eflags = _t67;
														if(_t67 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t69 =  *_t66(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t69;
														if(_t69 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E0040572C( *((intOrPtr*)(_t163 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											if( *0x42f420 == 0) {
												L42:
												 *0x42f4cc =  *0x42f4cc | 0xffffffff;
												 *(_t163 + 0x18) = E0040382D( *0x42f4cc);
												goto L43;
											}
											_t152 = E004059D3(_t159, 0);
											if(_t152 < _t159) {
												L39:
												_t181 = _t152 - _t159;
												 *((intOrPtr*)(_t163 + 0x10)) = "Error launching installer";
												if(_t152 < _t159) {
													_t150 = E00405697(_t184);
													lstrcatA(_t156, "~nsu");
													if(_t150 != 0) {
														lstrcatA(_t156, "A");
													}
													lstrcatA(_t156, ".tmp");
													_t161 = "C:\\Users\\alfons\\Desktop";
													if(lstrcmpiA(_t156, "C:\\Users\\alfons\\Desktop") != 0) {
														_push(_t156);
														if(_t150 == 0) {
															E0040567A();
														} else {
															E004055FD();
														}
														SetCurrentDirectoryA(_t156);
														_t188 = "C:\\Program Files\\Wildix\\WIService"; // 0x43
														if(_t188 == 0) {
															E00406010("C:\\Program Files\\Wildix\\WIService", _t161);
														}
														E00406010("0x0000565B",  *(_t163 + 0x1c));
														_t136 = "A";
														_t162 = 0x1a;
														 *0x430400 = "A";
														do {
															E00406032(0, 0x429430, _t156, 0x429430,  *((intOrPtr*)( *0x42f414 + 0x120)));
															DeleteFileA(0x429430);
															if( *((intOrPtr*)(_t163 + 0x10)) != 0 && CopyFileA("C:\\Users\\alfons\\Desktop\\SetupWIService.exe", 0x429430, 1) != 0) {
																E00405DEF(_t136, 0x429430, 0);
																E00406032(0, 0x429430, _t156, 0x429430,  *((intOrPtr*)( *0x42f414 + 0x124)));
																_t93 = E004056AF(0x429430);
																if(_t93 != 0) {
																	CloseHandle(_t93);
																	 *((intOrPtr*)(_t163 + 0x10)) = 0;
																}
															}
															 *0x430400 =  *0x430400 + 1;
															_t162 = _t162 - 1;
														} while (_t162 != 0);
														E00405DEF(_t136, _t156, 0);
													}
													goto L43;
												}
												 *_t152 = 0;
												_t153 = _t152 + 4;
												if(E00405A96(_t181, _t152 + 4) == 0) {
													goto L43;
												}
												E00406010("C:\\Program Files\\Wildix\\WIService", _t153);
												E00406010("C:\\Program Files\\Wildix\\WIService", _t153);
												 *((intOrPtr*)(_t163 + 0x10)) = 0;
												goto L42;
											}
											_t109 = (( *0x40a15b << 0x00000008 |  *0x40a15a) << 0x00000008 |  *0x40a159) << 0x00000008 | " _?=";
											while( *_t152 != _t109) {
												_t152 = _t152 - 1;
												if(_t152 >= _t159) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t156, 0x3fb);
										lstrcatA(_t156, "\\Temp");
										_t112 = E0040323A(_t172);
										_t173 = _t112;
										if(_t112 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t156);
										lstrcatA(_t156, "Low");
										SetEnvironmentVariableA("TEMP", _t156);
										SetEnvironmentVariableA("TMP", _t156);
										_t117 = E0040323A(_t173);
										_t174 = _t117;
										if(_t117 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t140 = _t55[4];
								__eflags = _t140 - 0x20;
								if(_t140 == 0x20) {
									L23:
									_t15 = _t163 + 0x20;
									 *_t15 =  *(_t163 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t140;
								if(_t140 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t141 = _t55[1];
							__eflags = _t141 - 0x20;
							if(_t141 == 0x20) {
								L19:
								 *0x42f4c0 = 1;
								goto L20;
							}
							__eflags = _t141;
							if(_t141 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t55 =  &(_t55[1]);
						__eflags =  *_t55 - 0x20;
					} while ( *_t55 == 0x20);
					goto L13;
				}
				goto L30;
			}

































                                                                                                                0x0040327b
                                                                                                                0x0040327f
                                                                                                                0x00403287
                                                                                                                0x0040328b
                                                                                                                0x00403290
                                                                                                                0x0040329c
                                                                                                                0x004032a5
                                                                                                                0x004032aa
                                                                                                                0x004032ad
                                                                                                                0x004032b4
                                                                                                                0x004032bb
                                                                                                                0x004032bb
                                                                                                                0x004032b4
                                                                                                                0x004032bd
                                                                                                                0x004032c2
                                                                                                                0x004032c3
                                                                                                                0x004032cf
                                                                                                                0x004032d3
                                                                                                                0x004032d9
                                                                                                                0x004032e7
                                                                                                                0x004032ec
                                                                                                                0x004032f3
                                                                                                                0x004032f7
                                                                                                                0x004032fb
                                                                                                                0x004032fd
                                                                                                                0x004032fd
                                                                                                                0x004032fb
                                                                                                                0x00403305
                                                                                                                0x0040330c
                                                                                                                0x00403312
                                                                                                                0x00403328
                                                                                                                0x00403338
                                                                                                                0x0040333d
                                                                                                                0x00403343
                                                                                                                0x0040334a
                                                                                                                0x00403356
                                                                                                                0x00403360
                                                                                                                0x00403362
                                                                                                                0x00403364
                                                                                                                0x00403369
                                                                                                                0x00403369
                                                                                                                0x00403379
                                                                                                                0x0040337f
                                                                                                                0x00403448
                                                                                                                0x00403448
                                                                                                                0x0040344a
                                                                                                                0x0040344c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403388
                                                                                                                0x0040338b
                                                                                                                0x00403393
                                                                                                                0x00403393
                                                                                                                0x00403396
                                                                                                                0x0040339b
                                                                                                                0x0040339d
                                                                                                                0x0040339d
                                                                                                                0x0040339e
                                                                                                                0x0040339e
                                                                                                                0x004033a3
                                                                                                                0x004033a6
                                                                                                                0x00403438
                                                                                                                0x0040343d
                                                                                                                0x00403442
                                                                                                                0x00403445
                                                                                                                0x00403447
                                                                                                                0x00403447
                                                                                                                0x00403447
                                                                                                                0x00000000
                                                                                                                0x004033ac
                                                                                                                0x004033ac
                                                                                                                0x004033ad
                                                                                                                0x004033b0
                                                                                                                0x004033c8
                                                                                                                0x004033f3
                                                                                                                0x004033f5
                                                                                                                0x00403408
                                                                                                                0x00403433
                                                                                                                0x00403436
                                                                                                                0x00403454
                                                                                                                0x00403457
                                                                                                                0x00403460
                                                                                                                0x00403465
                                                                                                                0x0040346b
                                                                                                                0x00403476
                                                                                                                0x00403478
                                                                                                                0x0040347d
                                                                                                                0x0040347f
                                                                                                                0x004034d7
                                                                                                                0x004034dc
                                                                                                                0x004034e6
                                                                                                                0x004034ed
                                                                                                                0x004034f1
                                                                                                                0x00403585
                                                                                                                0x00403585
                                                                                                                0x0040358a
                                                                                                                0x00403590
                                                                                                                0x00403595
                                                                                                                0x004036b9
                                                                                                                0x004036bf
                                                                                                                0x0040373b
                                                                                                                0x0040373b
                                                                                                                0x00403740
                                                                                                                0x00403743
                                                                                                                0x00403745
                                                                                                                0x00403745
                                                                                                                0x0040374d
                                                                                                                0x0040374d
                                                                                                                0x004036cf
                                                                                                                0x004036d7
                                                                                                                0x004036d9
                                                                                                                0x004036da
                                                                                                                0x004036e7
                                                                                                                0x004036fa
                                                                                                                0x00403702
                                                                                                                0x00403706
                                                                                                                0x00403706
                                                                                                                0x0040370e
                                                                                                                0x00403713
                                                                                                                0x0040371a
                                                                                                                0x00403728
                                                                                                                0x0040372a
                                                                                                                0x00403730
                                                                                                                0x00403732
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040371c
                                                                                                                0x00403722
                                                                                                                0x00403724
                                                                                                                0x00403726
                                                                                                                0x00403734
                                                                                                                0x00403736
                                                                                                                0x00000000
                                                                                                                0x00403736
                                                                                                                0x00000000
                                                                                                                0x00403726
                                                                                                                0x0040371a
                                                                                                                0x004035a4
                                                                                                                0x004035ab
                                                                                                                0x004035ab
                                                                                                                0x004034fd
                                                                                                                0x00403575
                                                                                                                0x00403575
                                                                                                                0x00403581
                                                                                                                0x00000000
                                                                                                                0x00403581
                                                                                                                0x00403506
                                                                                                                0x0040350a
                                                                                                                0x00403540
                                                                                                                0x00403540
                                                                                                                0x00403542
                                                                                                                0x0040354a
                                                                                                                0x004035bc
                                                                                                                0x004035be
                                                                                                                0x004035c5
                                                                                                                0x004035cd
                                                                                                                0x004035cd
                                                                                                                0x004035d8
                                                                                                                0x004035dd
                                                                                                                0x004035ec
                                                                                                                0x004035f0
                                                                                                                0x004035f1
                                                                                                                0x004035fa
                                                                                                                0x004035f3
                                                                                                                0x004035f3
                                                                                                                0x004035f3
                                                                                                                0x00403600
                                                                                                                0x00403606
                                                                                                                0x0040360c
                                                                                                                0x00403614
                                                                                                                0x00403614
                                                                                                                0x00403622
                                                                                                                0x00403627
                                                                                                                0x00403639
                                                                                                                0x00403641
                                                                                                                0x00403647
                                                                                                                0x00403653
                                                                                                                0x00403659
                                                                                                                0x00403663
                                                                                                                0x00403679
                                                                                                                0x0040368a
                                                                                                                0x00403690
                                                                                                                0x00403697
                                                                                                                0x0040369a
                                                                                                                0x004036a0
                                                                                                                0x004036a0
                                                                                                                0x00403697
                                                                                                                0x004036a4
                                                                                                                0x004036aa
                                                                                                                0x004036aa
                                                                                                                0x004036af
                                                                                                                0x004036af
                                                                                                                0x00000000
                                                                                                                0x004035ec
                                                                                                                0x0040354c
                                                                                                                0x0040354e
                                                                                                                0x00403559
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403561
                                                                                                                0x0040356c
                                                                                                                0x00403571
                                                                                                                0x00000000
                                                                                                                0x00403571
                                                                                                                0x00403535
                                                                                                                0x00403537
                                                                                                                0x0040353b
                                                                                                                0x0040353e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040353e
                                                                                                                0x00000000
                                                                                                                0x00403537
                                                                                                                0x00403487
                                                                                                                0x00403493
                                                                                                                0x00403498
                                                                                                                0x0040349d
                                                                                                                0x0040349f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004034a7
                                                                                                                0x004034af
                                                                                                                0x004034c0
                                                                                                                0x004034c8
                                                                                                                0x004034ca
                                                                                                                0x004034cf
                                                                                                                0x004034d1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004034d1
                                                                                                                0x00000000
                                                                                                                0x00403436
                                                                                                                0x004033f7
                                                                                                                0x004033fa
                                                                                                                0x004033fd
                                                                                                                0x00403403
                                                                                                                0x00403403
                                                                                                                0x00403403
                                                                                                                0x00403403
                                                                                                                0x00000000
                                                                                                                0x00403403
                                                                                                                0x004033ff
                                                                                                                0x00403401
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403401
                                                                                                                0x004033b2
                                                                                                                0x004033b5
                                                                                                                0x004033b8
                                                                                                                0x004033be
                                                                                                                0x004033be
                                                                                                                0x00000000
                                                                                                                0x004033be
                                                                                                                0x004033ba
                                                                                                                0x004033bc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004033bc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040338d
                                                                                                                0x0040338d
                                                                                                                0x0040338d
                                                                                                                0x0040338e
                                                                                                                0x0040338e
                                                                                                                0x00000000
                                                                                                                0x0040338d
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNELBASE ref: 00403290
                                                                                                                • GetVersion.KERNEL32 ref: 00403296
                                                                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004032C9
                                                                                                                • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403305
                                                                                                                • OleInitialize.OLE32(00000000), ref: 0040330C
                                                                                                                • SHGetFileInfoA.SHELL32(00429830,00000000,?,00000160,00000000,?,00000006,00000008,0000000A), ref: 00403328
                                                                                                                • GetCommandLineA.KERNEL32(Wildix Integration Service v3.11.3 Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040333D
                                                                                                                • CharNextA.USER32(00000000,"C:\Users\user\Desktop\SetupWIService.exe",00000020,"C:\Users\user\Desktop\SetupWIService.exe",00000000,?,00000006,00000008,0000000A), ref: 00403379
                                                                                                                • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000006,00000008,0000000A), ref: 00403476
                                                                                                                • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 00403487
                                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 00403493
                                                                                                                • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004034A7
                                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004034AF
                                                                                                                • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004034C0
                                                                                                                • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004034C8
                                                                                                                • DeleteFileA.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 004034DC
                                                                                                                  • Part of subcall function 004063A8: GetModuleHandleA.KERNEL32(?,?,?,004032DE,0000000A), ref: 004063BA
                                                                                                                  • Part of subcall function 004063A8: GetProcAddress.KERNEL32(00000000,?), ref: 004063D5
                                                                                                                  • Part of subcall function 0040382D: lstrlenA.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Wildix\WIService,1033,Wildix Integration Service v3.11.3 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.11.3 Setup ,00000000,00000002,766DFA90), ref: 0040391D
                                                                                                                  • Part of subcall function 0040382D: lstrcmpiA.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Wildix\WIService,1033,Wildix Integration Service v3.11.3 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.11.3 Setup ,00000000), ref: 00403930
                                                                                                                  • Part of subcall function 0040382D: GetFileAttributesA.KERNEL32(Remove folder: ), ref: 0040393B
                                                                                                                  • Part of subcall function 0040382D: LoadImageA.USER32 ref: 00403984
                                                                                                                  • Part of subcall function 0040382D: RegisterClassA.USER32 ref: 004039C1
                                                                                                                • ExitProcess.KERNEL32(?,?,00000006,00000008,0000000A), ref: 00403585
                                                                                                                  • Part of subcall function 00403753: CloseHandle.KERNEL32(FFFFFFFF,0040358A,?,?,00000006,00000008,0000000A), ref: 0040375E
                                                                                                                • OleUninitialize.OLE32(?,?,00000006,00000008,0000000A), ref: 0040358A
                                                                                                                • ExitProcess.KERNEL32 ref: 004035AB
                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,00000006,00000008,0000000A), ref: 004036C8
                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 004036CF
                                                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004036E7
                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403706
                                                                                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 0040372A
                                                                                                                • ExitProcess.KERNEL32 ref: 0040374D
                                                                                                                  • Part of subcall function 0040572C: MessageBoxIndirectA.USER32 ref: 00405787
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$Exit$File$EnvironmentHandlePathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCloseCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpi
                                                                                                                • String ID: "$"C:\Users\user\Desktop\SetupWIService.exe"$.tmp$0x0000565B$1033$C:\Program Files\Wildix\WIService$C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SetupWIService.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$Wildix Integration Service v3.11.3 Setup$\Temp$~nsu
                                                                                                                • API String ID: 562314493-2019856258
                                                                                                                • Opcode ID: 4775c68527fbb917aecb0a7c801f737b56a4a891fa957fa25b7ad5f6c3460015
                                                                                                                • Instruction ID: c488d4947f624a60ea111d8e8e2b3f6be1d3d76fce8bfd42f4ae142e8cae794f
                                                                                                                • Opcode Fuzzy Hash: 4775c68527fbb917aecb0a7c801f737b56a4a891fa957fa25b7ad5f6c3460015
                                                                                                                • Instruction Fuzzy Hash: 9EC10570104741AAD7216F759D49B2F3EA8AF4570AF44443FF582B61E2CB7C8A198B2F
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405275 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 132 405275-405291 133 405420-405426 132->133 134 405297-40535e GetDlgItem * 3 call 4040d3 call 4049c4 GetClientRect GetSystemMetrics SendMessageA * 2 132->134 136 405450-40545c 133->136 137 405428-40544a GetDlgItem CreateThread FindCloseChangeNotification 133->137 156 405360-40537a SendMessageA * 2 134->156 157 40537c-40537f 134->157 139 40547e-405484 136->139 140 40545e-405464 136->140 137->136 141 405486-40548c 139->141 142 4054d9-4054dc 139->142 144 405466-405479 ShowWindow * 2 call 4040d3 140->144 145 40549f-4054a6 call 404105 140->145 147 4054b2-4054c2 ShowWindow 141->147 148 40548e-40549a call 404077 141->148 142->145 151 4054de-4054e4 142->151 144->139 153 4054ab-4054af 145->153 154 4054d2-4054d4 call 404077 147->154 155 4054c4-4054cd call 405137 147->155 148->145 151->145 158 4054e6-4054f9 SendMessageA 151->158 154->142 155->154 156->157 159 405381-40538d SendMessageA 157->159 160 40538f-4053a6 call 40409e 157->160 161 4055f6-4055f8 158->161 162 4054ff-40552b CreatePopupMenu call 406032 AppendMenuA 158->162 159->160 171 4053a8-4053bc ShowWindow 160->171 172 4053dc-4053fd GetDlgItem SendMessageA 160->172 161->153 169 405540-405556 TrackPopupMenu 162->169 170 40552d-40553d GetWindowRect 162->170 169->161 173 40555c-405576 169->173 170->169 174 4053cb 171->174 175 4053be-4053c9 ShowWindow 171->175 172->161 176 405403-40541b SendMessageA * 2 172->176 177 40557b-405596 SendMessageA 173->177 178 4053d1-4053d7 call 4040d3 174->178 175->178 176->161 177->177 179 405598-4055b8 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 177->179 178->172 181 4055ba-4055da SendMessageA 179->181 181->181 182 4055dc-4055f0 GlobalUnlock SetClipboardData CloseClipboard 181->182 182->161
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E00405275(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t113;
				void* _t121;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x42ebe4; // 0x1043c
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						_t121 = CreateThread(0, 0, E00405209, GetDlgItem(_a4, 0x3ec), 0,  &_a8); // executed
						FindCloseChangeNotification(_t121);
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E00406032(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x42a870;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x42ebcc - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x42f408, 8); // executed
							__eflags =  *0x42f4ac - _t150;
							if( *0x42f4ac == _t150) {
								_t113 =  *0x42a048; // 0x67d0c4
								E00405137( *((intOrPtr*)(_t113 + 0x34)), _t150);
							}
							E00404077(1);
							goto L25;
						}
						 *0x429c40 = 2;
						E00404077(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404105(_t157, _a12, _a16);
						}
						ShowWindow( *0x42ebd0, _t150);
						ShowWindow(_v8, 8);
						E004040D3(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x42f414;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x42ebd0 = GetDlgItem(_a4, 0x403);
				 *0x42ebc8 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x42ebe4 = _t128;
				_v8 = _t128;
				E004040D3( *0x42ebd0);
				 *0x42ebd4 = E004049C4(4);
				 *0x42ebec = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E0040409E(_a4);
				if(( *0x42f41c & 0x00000003) != 0) {
					ShowWindow( *0x42ebd0, _t150);
					if(( *0x42f41c & 0x00000002) != 0) {
						 *0x42ebd0 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E004040D3( *0x42ebc8);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42f41c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}





































                                                                                                                0x0040527b
                                                                                                                0x00405283
                                                                                                                0x00405286
                                                                                                                0x0040528e
                                                                                                                0x00405291
                                                                                                                0x00405420
                                                                                                                0x00405426
                                                                                                                0x00405443
                                                                                                                0x0040544a
                                                                                                                0x0040544a
                                                                                                                0x00405456
                                                                                                                0x0040545c
                                                                                                                0x0040547e
                                                                                                                0x0040547e
                                                                                                                0x00405484
                                                                                                                0x004054d9
                                                                                                                0x004054d9
                                                                                                                0x004054dc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004054de
                                                                                                                0x004054e1
                                                                                                                0x004054e4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004054ee
                                                                                                                0x004054f4
                                                                                                                0x004054f6
                                                                                                                0x004054f9
                                                                                                                0x004055f6
                                                                                                                0x00000000
                                                                                                                0x004055f6
                                                                                                                0x00405508
                                                                                                                0x00405514
                                                                                                                0x0040551d
                                                                                                                0x00405524
                                                                                                                0x00405528
                                                                                                                0x0040552b
                                                                                                                0x00405534
                                                                                                                0x0040553a
                                                                                                                0x0040553d
                                                                                                                0x0040553d
                                                                                                                0x0040554d
                                                                                                                0x00405553
                                                                                                                0x00405556
                                                                                                                0x00405561
                                                                                                                0x00405561
                                                                                                                0x00405562
                                                                                                                0x00405565
                                                                                                                0x0040556c
                                                                                                                0x00405573
                                                                                                                0x0040557b
                                                                                                                0x0040557b
                                                                                                                0x00405589
                                                                                                                0x0040558f
                                                                                                                0x00405592
                                                                                                                0x00405592
                                                                                                                0x00405599
                                                                                                                0x0040559f
                                                                                                                0x004055a8
                                                                                                                0x004055af
                                                                                                                0x004055b8
                                                                                                                0x004055ba
                                                                                                                0x004055bd
                                                                                                                0x004055cc
                                                                                                                0x004055ce
                                                                                                                0x004055d1
                                                                                                                0x004055d2
                                                                                                                0x004055d5
                                                                                                                0x004055d6
                                                                                                                0x004055d7
                                                                                                                0x004055d7
                                                                                                                0x004055df
                                                                                                                0x004055ea
                                                                                                                0x004055f0
                                                                                                                0x004055f0
                                                                                                                0x00000000
                                                                                                                0x00405556
                                                                                                                0x00405486
                                                                                                                0x0040548c
                                                                                                                0x004054ba
                                                                                                                0x004054bc
                                                                                                                0x004054c2
                                                                                                                0x004054c4
                                                                                                                0x004054cd
                                                                                                                0x004054cd
                                                                                                                0x004054d4
                                                                                                                0x00000000
                                                                                                                0x004054d4
                                                                                                                0x00405490
                                                                                                                0x0040549a
                                                                                                                0x00000000
                                                                                                                0x0040545e
                                                                                                                0x0040545e
                                                                                                                0x00405464
                                                                                                                0x0040549f
                                                                                                                0x00000000
                                                                                                                0x004054a6
                                                                                                                0x0040546d
                                                                                                                0x00405474
                                                                                                                0x00405479
                                                                                                                0x00000000
                                                                                                                0x00405479
                                                                                                                0x0040545c
                                                                                                                0x00405297
                                                                                                                0x0040529b
                                                                                                                0x004052a3
                                                                                                                0x004052a7
                                                                                                                0x004052aa
                                                                                                                0x004052ad
                                                                                                                0x004052b0
                                                                                                                0x004052b3
                                                                                                                0x004052b4
                                                                                                                0x004052b5
                                                                                                                0x004052ce
                                                                                                                0x004052d1
                                                                                                                0x004052db
                                                                                                                0x004052ea
                                                                                                                0x004052f2
                                                                                                                0x004052fa
                                                                                                                0x004052ff
                                                                                                                0x00405302
                                                                                                                0x0040530e
                                                                                                                0x00405317
                                                                                                                0x00405320
                                                                                                                0x00405342
                                                                                                                0x00405348
                                                                                                                0x00405359
                                                                                                                0x0040535e
                                                                                                                0x0040536c
                                                                                                                0x0040537a
                                                                                                                0x0040537a
                                                                                                                0x0040537f
                                                                                                                0x0040538d
                                                                                                                0x0040538d
                                                                                                                0x00405392
                                                                                                                0x00405395
                                                                                                                0x0040539a
                                                                                                                0x004053a6
                                                                                                                0x004053af
                                                                                                                0x004053bc
                                                                                                                0x004053cb
                                                                                                                0x004053be
                                                                                                                0x004053c3
                                                                                                                0x004053c3
                                                                                                                0x004053d7
                                                                                                                0x004053d7
                                                                                                                0x004053eb
                                                                                                                0x004053f4
                                                                                                                0x004053fd
                                                                                                                0x0040540d
                                                                                                                0x00405419
                                                                                                                0x00405419
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32 ref: 004052D4
                                                                                                                • GetDlgItem.USER32 ref: 004052E3
                                                                                                                • GetClientRect.USER32 ref: 00405320
                                                                                                                • GetSystemMetrics.USER32 ref: 00405327
                                                                                                                • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405348
                                                                                                                • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405359
                                                                                                                • SendMessageA.USER32(?,00001001,00000000,?), ref: 0040536C
                                                                                                                • SendMessageA.USER32(?,00001026,00000000,?), ref: 0040537A
                                                                                                                • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040538D
                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,?), ref: 004053AF
                                                                                                                • ShowWindow.USER32(?,00000008), ref: 004053C3
                                                                                                                • GetDlgItem.USER32 ref: 004053E4
                                                                                                                • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004053F4
                                                                                                                • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040540D
                                                                                                                • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405419
                                                                                                                • GetDlgItem.USER32 ref: 004052F2
                                                                                                                  • Part of subcall function 004040D3: SendMessageA.USER32(00000028,?,00000001,00403F03), ref: 004040E1
                                                                                                                • GetDlgItem.USER32 ref: 00405435
                                                                                                                • CreateThread.KERNELBASE ref: 00405443
                                                                                                                • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040544A
                                                                                                                • ShowWindow.USER32(00000000), ref: 0040546D
                                                                                                                • ShowWindow.USER32(?,00000008), ref: 00405474
                                                                                                                • ShowWindow.USER32(00000008), ref: 004054BA
                                                                                                                • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004054EE
                                                                                                                • CreatePopupMenu.USER32 ref: 004054FF
                                                                                                                • AppendMenuA.USER32 ref: 00405514
                                                                                                                • GetWindowRect.USER32 ref: 00405534
                                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040554D
                                                                                                                • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405589
                                                                                                                • OpenClipboard.USER32(00000000), ref: 00405599
                                                                                                                • EmptyClipboard.USER32 ref: 0040559F
                                                                                                                • GlobalAlloc.KERNEL32(00000042,?), ref: 004055A8
                                                                                                                • GlobalLock.KERNEL32 ref: 004055B2
                                                                                                                • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004055C6
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 004055DF
                                                                                                                • SetClipboardData.USER32 ref: 004055EA
                                                                                                                • CloseClipboard.USER32 ref: 004055F0
                                                                                                                Strings
                                                                                                                • Wildix Integration Service v3.11.3 Setup , xrefs: 00405565
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                                                                • String ID: Wildix Integration Service v3.11.3 Setup
                                                                                                                • API String ID: 4154960007-852443512
                                                                                                                • Opcode ID: 850865324eda7255bc617561a744910c99d6829a0b955d2a94bbb97841d7110d
                                                                                                                • Instruction ID: 66d789517199d7de7cfadb6731c275bc9a2b232ae8febcf914e4846c803f5e83
                                                                                                                • Opcode Fuzzy Hash: 850865324eda7255bc617561a744910c99d6829a0b955d2a94bbb97841d7110d
                                                                                                                • Instruction Fuzzy Hash: A3A147B0900608BFDB119F61DE89AAF7F79FB08354F40403AFA41BA1A0C7755E519F68
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004057D8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159filestringCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 491 4057d8-4057fe call 405a96 494 405800-405812 DeleteFileA 491->494 495 405817-40581e 491->495 496 4059a1-4059a5 494->496 497 405820-405822 495->497 498 405831-405841 call 406010 495->498 499 405828-40582b 497->499 500 40594f-405954 497->500 506 405850-405851 call 4059ef 498->506 507 405843-40584e lstrcatA 498->507 499->498 499->500 500->496 502 405956-405959 500->502 504 405963-40596b call 406313 502->504 505 40595b-405961 502->505 504->496 515 40596d-405981 call 4059a8 call 405790 504->515 505->496 509 405856-405859 506->509 507->509 512 405864-40586a lstrcatA 509->512 513 40585b-405862 509->513 514 40586f-40588d lstrlenA FindFirstFileA 512->514 513->512 513->514 516 405893-4058aa call 4059d3 514->516 517 405945-405949 514->517 530 405983-405986 515->530 531 405999-40599c call 405137 515->531 524 4058b5-4058b8 516->524 525 4058ac-4058b0 516->525 517->500 519 40594b 517->519 519->500 528 4058ba-4058bf 524->528 529 4058cb-4058d9 call 406010 524->529 525->524 527 4058b2 525->527 527->524 533 4058c1-4058c3 528->533 534 405924-405936 FindNextFileA 528->534 542 4058f0-4058fb call 405790 529->542 543 4058db-4058e3 529->543 530->505 536 405988-405997 call 405137 call 405def 530->536 531->496 533->529 537 4058c5-4058c9 533->537 534->516 539 40593c-40593f FindClose 534->539 536->496 537->529 537->534 539->517 551 40591c-40591f call 405137 542->551 552 4058fd-405900 542->552 543->534 546 4058e5-4058ee call 4057d8 543->546 546->534 551->534 553 405902-405912 call 405137 call 405def 552->553 554 405914-40591a 552->554 553->534 554->534
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E004057D8(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405A96(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x42f4a8 =  *0x42f4a8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406010(0x42b878, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E004059EF(_t73);
					} else {
						lstrcatA(0x42b878, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]); // executed
						_t40 = FindFirstFileA(0x42b878,  &_v336); // executed
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E004059D3( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E00406010(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E00405790(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E00405137(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x42f4a8 =  *0x42f4a8 + 1;
										} else {
											E00405137(0xfffffff1, _t73);
											E00405DEF(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004057D8(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336); // executed
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x42b878 - 0x5c;
					if( *0x42b878 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E00406313(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E004059A8(_t73);
							_t40 = E00405790(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E00405137(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E00405137(0xfffffff1, _t73);
							return E00405DEF(_t72, _t73, 0);
						}
						L33:
						 *0x42f4a8 =  *0x42f4a8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                                                                                                0x004057e2
                                                                                                                0x004057e7
                                                                                                                0x004057f0
                                                                                                                0x004057f3
                                                                                                                0x004057fb
                                                                                                                0x004057fe
                                                                                                                0x00405801
                                                                                                                0x00405809
                                                                                                                0x0040580b
                                                                                                                0x0040580c
                                                                                                                0x00000000
                                                                                                                0x0040580c
                                                                                                                0x00405817
                                                                                                                0x0040581a
                                                                                                                0x0040581a
                                                                                                                0x0040581a
                                                                                                                0x0040581e
                                                                                                                0x00405831
                                                                                                                0x00405838
                                                                                                                0x0040583d
                                                                                                                0x00405841
                                                                                                                0x00405851
                                                                                                                0x00405843
                                                                                                                0x00405849
                                                                                                                0x00405849
                                                                                                                0x00405856
                                                                                                                0x00405859
                                                                                                                0x00405864
                                                                                                                0x0040586a
                                                                                                                0x0040586f
                                                                                                                0x0040587f
                                                                                                                0x00405881
                                                                                                                0x00405887
                                                                                                                0x0040588a
                                                                                                                0x0040588d
                                                                                                                0x00405945
                                                                                                                0x00405945
                                                                                                                0x00405949
                                                                                                                0x0040594b
                                                                                                                0x0040594b
                                                                                                                0x0040594b
                                                                                                                0x0040594b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405893
                                                                                                                0x00405893
                                                                                                                0x0040589c
                                                                                                                0x004058a2
                                                                                                                0x004058a7
                                                                                                                0x004058aa
                                                                                                                0x004058ac
                                                                                                                0x004058b0
                                                                                                                0x004058b2
                                                                                                                0x004058b2
                                                                                                                0x004058b0
                                                                                                                0x004058b5
                                                                                                                0x004058b8
                                                                                                                0x004058cb
                                                                                                                0x004058cd
                                                                                                                0x004058d2
                                                                                                                0x004058d9
                                                                                                                0x004058f4
                                                                                                                0x004058f9
                                                                                                                0x004058fb
                                                                                                                0x0040591f
                                                                                                                0x004058fd
                                                                                                                0x004058fd
                                                                                                                0x00405900
                                                                                                                0x00405914
                                                                                                                0x00405902
                                                                                                                0x00405905
                                                                                                                0x0040590d
                                                                                                                0x0040590d
                                                                                                                0x00405900
                                                                                                                0x004058db
                                                                                                                0x004058e1
                                                                                                                0x004058e3
                                                                                                                0x004058e9
                                                                                                                0x004058e9
                                                                                                                0x004058e3
                                                                                                                0x00000000
                                                                                                                0x004058d9
                                                                                                                0x004058ba
                                                                                                                0x004058bd
                                                                                                                0x004058bf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004058c1
                                                                                                                0x004058c3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004058c5
                                                                                                                0x004058c9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405924
                                                                                                                0x0040592e
                                                                                                                0x00405934
                                                                                                                0x00405934
                                                                                                                0x0040593f
                                                                                                                0x00000000
                                                                                                                0x0040593f
                                                                                                                0x0040585b
                                                                                                                0x00405862
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405820
                                                                                                                0x00405820
                                                                                                                0x00405822
                                                                                                                0x0040594f
                                                                                                                0x00405951
                                                                                                                0x00405954
                                                                                                                0x004059a5
                                                                                                                0x004059a5
                                                                                                                0x004059a5
                                                                                                                0x00405956
                                                                                                                0x00405959
                                                                                                                0x00405964
                                                                                                                0x00405969
                                                                                                                0x0040596b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040596e
                                                                                                                0x0040597a
                                                                                                                0x0040597f
                                                                                                                0x00405981
                                                                                                                0x00000000
                                                                                                                0x0040599c
                                                                                                                0x00405983
                                                                                                                0x00405986
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040598b
                                                                                                                0x00000000
                                                                                                                0x00405992
                                                                                                                0x0040595b
                                                                                                                0x0040595b
                                                                                                                0x00000000
                                                                                                                0x0040595b
                                                                                                                0x00405828
                                                                                                                0x0040582b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040582b

                                                                                                                APIs
                                                                                                                • DeleteFileA.KERNELBASE(?,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405801
                                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nstFA32.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nstFA32.tmp\*.*,?,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405849
                                                                                                                • lstrcatA.KERNEL32(?,0040A014,?,C:\Users\user\AppData\Local\Temp\nstFA32.tmp\*.*,?,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040586A
                                                                                                                • lstrlenA.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nstFA32.tmp\*.*,?,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405870
                                                                                                                • FindFirstFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\nstFA32.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nstFA32.tmp\*.*,?,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405881
                                                                                                                • FindNextFileA.KERNELBASE(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 0040592E
                                                                                                                • FindClose.KERNEL32(00000000), ref: 0040593F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                • String ID: "C:\Users\user\Desktop\SetupWIService.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nstFA32.tmp\*.*$\*.*
                                                                                                                • API String ID: 2035342205-1754987479
                                                                                                                • Opcode ID: 1028c0a1378fe67f5cfd0213f93084011618ac7fb180f8f6d485c044da562b3f
                                                                                                                • Instruction ID: b1b2ef924c21ee39ce724be99c412cdb4e11523259fae964be374fa5306f8f12
                                                                                                                • Opcode Fuzzy Hash: 1028c0a1378fe67f5cfd0213f93084011618ac7fb180f8f6d485c044da562b3f
                                                                                                                • Instruction Fuzzy Hash: 9A51A171800A04EADB216B618C45BBF7AB8DF42728F14807BF845B51D1C73C4982DE6A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402138 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 74%
                                                                                                                			E00402138(void* __eflags) {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x10) = E00402B2C(0xfffffff0);
				 *(_t111 - 0xc) = E00402B2C(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x44)) = E00402B2C(2);
				 *((intOrPtr*)(_t111 - 0x40)) = E00402B2C(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x4c)) = E00402B2C(0x45);
				_t55 =  *(_t111 - 0x24);
				 *(_t111 - 0x88) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x3c) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405A15( *(_t111 - 0xc)) == 0) {
					E00402B2C(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x40851c, _t87, 1, 0x40850c, _t59); // executed
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x40852c, _t111 - 0x1c);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Program Files\\Wildix\\WIService");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x3c));
						_t95 =  *((intOrPtr*)(_t111 - 0x40));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x88));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x44)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x4c)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x10), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x1c));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x1c));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                                                                                                0x00402141
                                                                                                                0x0040214b
                                                                                                                0x00402155
                                                                                                                0x0040215f
                                                                                                                0x0040216a
                                                                                                                0x0040216d
                                                                                                                0x00402187
                                                                                                                0x0040218d
                                                                                                                0x00402193
                                                                                                                0x00402196
                                                                                                                0x004021a0
                                                                                                                0x004021a4
                                                                                                                0x004021a4
                                                                                                                0x004021a9
                                                                                                                0x004021ba
                                                                                                                0x004021c2
                                                                                                                0x0040229b
                                                                                                                0x0040229b
                                                                                                                0x004022a2
                                                                                                                0x004021c8
                                                                                                                0x004021c8
                                                                                                                0x004021d7
                                                                                                                0x004021db
                                                                                                                0x004021de
                                                                                                                0x004021e4
                                                                                                                0x004021f2
                                                                                                                0x004021f5
                                                                                                                0x004021f7
                                                                                                                0x00402202
                                                                                                                0x00402202
                                                                                                                0x00402207
                                                                                                                0x00402209
                                                                                                                0x00402210
                                                                                                                0x00402210
                                                                                                                0x00402213
                                                                                                                0x0040221c
                                                                                                                0x0040221f
                                                                                                                0x00402224
                                                                                                                0x00402226
                                                                                                                0x00402233
                                                                                                                0x00402233
                                                                                                                0x00402236
                                                                                                                0x0040223f
                                                                                                                0x00402242
                                                                                                                0x0040224b
                                                                                                                0x00402251
                                                                                                                0x00402258
                                                                                                                0x00402271
                                                                                                                0x00402273
                                                                                                                0x00402281
                                                                                                                0x00402281
                                                                                                                0x00402271
                                                                                                                0x00402284
                                                                                                                0x0040228a
                                                                                                                0x0040228a
                                                                                                                0x0040228d
                                                                                                                0x00402293
                                                                                                                0x00402299
                                                                                                                0x004022ae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402299
                                                                                                                0x004022a4
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • CoCreateInstance.OLE32(0040851C,?,00000001,0040850C,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021BA
                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,0040850C,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402269
                                                                                                                Strings
                                                                                                                • C:\Program Files\Wildix\WIService, xrefs: 004021FA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                • String ID: C:\Program Files\Wildix\WIService
                                                                                                                • API String ID: 123533781-2436880260
                                                                                                                • Opcode ID: 5e26a4cef9836c5db1ff9a72d0abbf1eb8f5a6fdc757ce25d6c6e23b25beee3e
                                                                                                                • Instruction ID: 754b6e0833e3014b2c682637ef6945f2e05814b0a8fe180c789646af90cdafbf
                                                                                                                • Opcode Fuzzy Hash: 5e26a4cef9836c5db1ff9a72d0abbf1eb8f5a6fdc757ce25d6c6e23b25beee3e
                                                                                                                • Instruction Fuzzy Hash: DD510771A00209AFCB04DFE4C988A9D7BB5EF48314F2045BAF515EB2D1DB799941CF54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406313 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00406313(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x42c0c0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x42c0c0;
			}




                                                                                                                0x0040631e
                                                                                                                0x00406327
                                                                                                                0x00000000
                                                                                                                0x00406334
                                                                                                                0x0040632a
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • FindFirstFileA.KERNELBASE(766DFA90,0042C0C0,C:\,00405AD9,C:\,C:\,00000000,C:\,C:\,766DFA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,766DFA90,C:\Users\user\AppData\Local\Temp\), ref: 0040631E
                                                                                                                • FindClose.KERNEL32(00000000), ref: 0040632A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                • String ID: C:\
                                                                                                                • API String ID: 2295610775-3404278061
                                                                                                                • Opcode ID: 1839775ab65f4c7429e333cf5f3a5f1104f42c23ffe018d7624b5080913ebc3e
                                                                                                                • Instruction ID: f1da5dbc8fb4190b670de1866088b9aea297c62f24eccc1d76d376cb4bf46ee5
                                                                                                                • Opcode Fuzzy Hash: 1839775ab65f4c7429e333cf5f3a5f1104f42c23ffe018d7624b5080913ebc3e
                                                                                                                • Instruction Fuzzy Hash: A8D0123250A030ABC350177C7E0C88F7A989F163347218A36F4A6F21E0C7348C2286DC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402765 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 41%
                                                                                                                			E00402765(char __ebx, char* __edi, char* __esi) {
				void* _t6;
				void* _t19;

				_t6 = FindFirstFileA(E00402B2C(2), _t19 - 0x1c8); // executed
				if(_t6 != 0xffffffff) {
					E00405F6E(__edi, _t6);
					_push(_t19 - 0x19c);
					_push(__esi);
					E00406010();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}





                                                                                                                0x00402774
                                                                                                                0x0040277d
                                                                                                                0x00402791
                                                                                                                0x0040279c
                                                                                                                0x0040279d
                                                                                                                0x004028d6
                                                                                                                0x0040277f
                                                                                                                0x0040277f
                                                                                                                0x00402781
                                                                                                                0x00402783
                                                                                                                0x00402783
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • FindFirstFileA.KERNELBASE(00000000,?,00000002), ref: 00402774
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileFindFirst
                                                                                                                • String ID:
                                                                                                                • API String ID: 1974802433-0
                                                                                                                • Opcode ID: d49b052ccc37abe76686d4a71a1dd7afab77a5349bca0cf12c91bef43c1fe758
                                                                                                                • Instruction ID: 5c82bf4159fd1739121f93a17669663fbe331ae18c29918af2b78fc5806f8225
                                                                                                                • Opcode Fuzzy Hash: d49b052ccc37abe76686d4a71a1dd7afab77a5349bca0cf12c91bef43c1fe758
                                                                                                                • Instruction Fuzzy Hash: 39F0EC725441009BD301EB749A49AFEB77CEF15324F60017BE141F21C1D6F84945D77A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403BCA Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 183 403bca-403bdc 184 403be2-403be8 183->184 185 403d1d-403d2c 183->185 184->185 186 403bee-403bf7 184->186 187 403d7b-403d90 185->187 188 403d2e-403d69 GetDlgItem * 2 call 40409e KiUserCallbackDispatcher call 40140b 185->188 191 403bf9-403c06 SetWindowPos 186->191 192 403c0c-403c0f 186->192 189 403dd0-403dd5 call 4040ea 187->189 190 403d92-403d95 187->190 211 403d6e-403d76 188->211 202 403dda-403df5 189->202 194 403d97-403da2 call 401389 190->194 195 403dc8-403dca 190->195 191->192 197 403c11-403c23 ShowWindow 192->197 198 403c29-403c2f 192->198 194->195 216 403da4-403dc3 SendMessageA 194->216 195->189 201 40406b 195->201 197->198 203 403c31-403c46 DestroyWindow 198->203 204 403c4b-403c4e 198->204 209 40406d-404074 201->209 207 403df7-403df9 call 40140b 202->207 208 403dfe-403e04 202->208 210 404048-40404e 203->210 212 403c50-403c5c SetWindowLongA 204->212 213 403c61-403c67 204->213 207->208 219 404029-404042 DestroyWindow KiUserCallbackDispatcher 208->219 220 403e0a-403e15 208->220 210->201 218 404050-404056 210->218 211->187 212->209 214 403d0a-403d18 call 404105 213->214 215 403c6d-403c7e GetDlgItem 213->215 214->209 221 403c80-403c97 SendMessageA IsWindowEnabled 215->221 222 403c9d-403ca0 215->222 216->209 218->201 224 404058-404061 ShowWindow 218->224 219->210 220->219 225 403e1b-403e68 call 406032 call 40409e * 3 GetDlgItem 220->225 221->201 221->222 226 403ca2-403ca3 222->226 227 403ca5-403ca8 222->227 224->201 253 403e72-403eae ShowWindow KiUserCallbackDispatcher call 4040c0 EnableWindow 225->253 254 403e6a-403e6f 225->254 230 403cd3-403cd8 call 404077 226->230 231 403cb6-403cbb 227->231 232 403caa-403cb0 227->232 230->214 235 403cf1-403d04 SendMessageA 231->235 237 403cbd-403cc3 231->237 232->235 236 403cb2-403cb4 232->236 235->214 236->230 241 403cc5-403ccb call 40140b 237->241 242 403cda-403ce3 call 40140b 237->242 251 403cd1 241->251 242->214 250 403ce5-403cef 242->250 250->251 251->230 257 403eb0-403eb1 253->257 258 403eb3 253->258 254->253 259 403eb5-403ee3 GetSystemMenu EnableMenuItem SendMessageA 257->259 258->259 260 403ee5-403ef6 SendMessageA 259->260 261 403ef8 259->261 262 403efe-403f38 call 4040d3 call 403bab call 406010 lstrlenA call 406032 SetWindowTextA call 401389 260->262 261->262 262->202 273 403f3e-403f40 262->273 273->202 274 403f46-403f4a 273->274 275 403f69-403f7d DestroyWindow 274->275 276 403f4c-403f52 274->276 275->210 277 403f83-403fb0 CreateDialogParamA 275->277 276->201 278 403f58-403f5e 276->278 277->210 279 403fb6-40400d call 40409e GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 277->279 278->202 280 403f64 278->280 279->201 285 40400f-404022 ShowWindow call 4040ea 279->285 280->201 287 404027 285->287 287->210
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E00403BCA(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t142;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x42a858 = _t35;
					if(_t116 == 0x110) {
						 *0x42f408 = _t126;
						 *0x42a86c = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x429838 = _t92;
						E0040409E(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x42ebe8); // executed
						 *0x42ebcc = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42a858 = 1;
					}
					_t123 =  *0x40a1dc; // 0x3
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x42f440;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E004040EA(0x40b);
						while(1) {
							_t37 =  *0x42a858; // 0x1
							 *0x40a1dc =  *0x40a1dc + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x40a1dc; // 0x3
							__eflags = _t39 -  *0x42f444;
							if(_t39 ==  *0x42f444) {
								E0040140B(1);
							}
							__eflags =  *0x42ebcc - _t134; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a1dc -  *0x42f444; // 0x3
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E00406032(_t117, _t126, _t131, 0x437800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E0040409E(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E0040409E(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E0040409E(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x42f4ac - _t134;
							_v32 = _t49;
							if( *0x42f4ac != _t134) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008); // executed
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100); // executed
							E004040C0(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x429838, _t118);
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x42f4ac - _t134;
							if( *0x42f4ac == _t134) {
								_push( *0x42a86c);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x429838);
							}
							E004040D3();
							E00406010(0x42a870, E00403BAB());
							E00406032(0x42a870, _t126, _t131,  &(0x42a870[lstrlenA(0x42a870)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x42a870); // executed
							_push(_t134);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)));
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x42ebd8); // executed
									 *0x42a048 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x42f400,  *_t131 +  *0x42ebe0 & 0x0000ffff, _t126,  *(0x40a1e0 +  *(_t131 + 4) * 4), _t131); // executed
									__eflags = _t74 - _t134;
									 *0x42ebd8 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E0040409E(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x42ebd8, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									_push(_t134);
									E00401389( *((intOrPtr*)(_t131 + 0xc)));
									__eflags =  *0x42ebcc - _t134; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x42ebd8, 8); // executed
									E004040EA(0x405);
									goto L58;
								}
								__eflags =  *0x42f4ac - _t134;
								if( *0x42f4ac != _t134) {
									goto L61;
								}
								__eflags =  *0x42f4a0 - _t134;
								if( *0x42f4a0 != _t134) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x42ebd8); // executed
						 *0x42f408 = _t134;
						EndDialog(_t126,  *0x429c40);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)));
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x42ebd8, 0x40f, 0, 1);
						__eflags =  *0x42ebcc - _t134; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x42a850, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x42a850,  ~(_a12 - 1) & _t116);
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E00404105(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x42ebd8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42f4ac - _t134;
										if( *0x42f4ac == _t134) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x429c40 = 1;
											L21:
											_push(0x78);
											L22:
											E00404077();
											goto L26;
										}
										E0040140B(_t128);
										 *0x429c40 = _t128;
										goto L21;
									}
									__eflags =  *0x40a1dc - _t134; // 0x3
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x42ebd8); // executed
						 *0x42ebd8 = _a12;
						L58:
						_t142 =  *0x42b870 - _t134; // 0x1
						if(_t142 == 0) {
							_t143 =  *0x42ebd8 - _t134; // 0x1000fa
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa); // executed
								 *0x42b870 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                                                                                                                0x00403bd3
                                                                                                                0x00403bdc
                                                                                                                0x00403d1d
                                                                                                                0x00403d21
                                                                                                                0x00403d25
                                                                                                                0x00403d27
                                                                                                                0x00403d2c
                                                                                                                0x00403d37
                                                                                                                0x00403d42
                                                                                                                0x00403d47
                                                                                                                0x00403d49
                                                                                                                0x00403d4b
                                                                                                                0x00403d4e
                                                                                                                0x00403d53
                                                                                                                0x00403d61
                                                                                                                0x00403d6e
                                                                                                                0x00403d75
                                                                                                                0x00403d75
                                                                                                                0x00403d76
                                                                                                                0x00403d76
                                                                                                                0x00403d7b
                                                                                                                0x00403d81
                                                                                                                0x00403d88
                                                                                                                0x00403d8e
                                                                                                                0x00403d90
                                                                                                                0x00403dd0
                                                                                                                0x00403dd5
                                                                                                                0x00403dda
                                                                                                                0x00403dda
                                                                                                                0x00403ddf
                                                                                                                0x00403de8
                                                                                                                0x00403dea
                                                                                                                0x00403def
                                                                                                                0x00403df5
                                                                                                                0x00403df9
                                                                                                                0x00403df9
                                                                                                                0x00403dfe
                                                                                                                0x00403e04
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403e0f
                                                                                                                0x00403e15
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403e1e
                                                                                                                0x00403e26
                                                                                                                0x00403e2b
                                                                                                                0x00403e2e
                                                                                                                0x00403e34
                                                                                                                0x00403e39
                                                                                                                0x00403e3c
                                                                                                                0x00403e42
                                                                                                                0x00403e47
                                                                                                                0x00403e4a
                                                                                                                0x00403e50
                                                                                                                0x00403e58
                                                                                                                0x00403e5e
                                                                                                                0x00403e64
                                                                                                                0x00403e68
                                                                                                                0x00403e6f
                                                                                                                0x00403e6f
                                                                                                                0x00403e6f
                                                                                                                0x00403e79
                                                                                                                0x00403e8b
                                                                                                                0x00403e97
                                                                                                                0x00403e9c
                                                                                                                0x00403ea6
                                                                                                                0x00403eac
                                                                                                                0x00403eae
                                                                                                                0x00403eb3
                                                                                                                0x00403eb0
                                                                                                                0x00403eb0
                                                                                                                0x00403eb0
                                                                                                                0x00403ec3
                                                                                                                0x00403edb
                                                                                                                0x00403edd
                                                                                                                0x00403ee3
                                                                                                                0x00403ef8
                                                                                                                0x00403ee5
                                                                                                                0x00403eee
                                                                                                                0x00403ef0
                                                                                                                0x00403ef0
                                                                                                                0x00403efe
                                                                                                                0x00403f0f
                                                                                                                0x00403f20
                                                                                                                0x00403f27
                                                                                                                0x00403f2d
                                                                                                                0x00403f31
                                                                                                                0x00403f36
                                                                                                                0x00403f38
                                                                                                                0x00000000
                                                                                                                0x00403f3e
                                                                                                                0x00403f3e
                                                                                                                0x00403f40
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403f46
                                                                                                                0x00403f4a
                                                                                                                0x00403f6f
                                                                                                                0x00403f75
                                                                                                                0x00403f7b
                                                                                                                0x00403f7d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403fa3
                                                                                                                0x00403fa9
                                                                                                                0x00403fab
                                                                                                                0x00403fb0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403fb6
                                                                                                                0x00403fb9
                                                                                                                0x00403fbc
                                                                                                                0x00403fd3
                                                                                                                0x00403fdf
                                                                                                                0x00403ff8
                                                                                                                0x00403ffe
                                                                                                                0x00404002
                                                                                                                0x00404007
                                                                                                                0x0040400d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404017
                                                                                                                0x00404022
                                                                                                                0x00000000
                                                                                                                0x00404022
                                                                                                                0x00403f4c
                                                                                                                0x00403f52
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403f58
                                                                                                                0x00403f5e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403f64
                                                                                                                0x00403f38
                                                                                                                0x0040402f
                                                                                                                0x0040403b
                                                                                                                0x00404042
                                                                                                                0x00000000
                                                                                                                0x00403d92
                                                                                                                0x00403d92
                                                                                                                0x00403d95
                                                                                                                0x00403dc8
                                                                                                                0x00403dc8
                                                                                                                0x00403dca
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403dca
                                                                                                                0x00403d97
                                                                                                                0x00403d9b
                                                                                                                0x00403da0
                                                                                                                0x00403da2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403db2
                                                                                                                0x00403dba
                                                                                                                0x00000000
                                                                                                                0x00403dc0
                                                                                                                0x00403bee
                                                                                                                0x00403bee
                                                                                                                0x00403bf2
                                                                                                                0x00403bf7
                                                                                                                0x00403c06
                                                                                                                0x00403c06
                                                                                                                0x00403c0f
                                                                                                                0x00403c18
                                                                                                                0x00403c23
                                                                                                                0x00403c23
                                                                                                                0x00403c2f
                                                                                                                0x00403c4b
                                                                                                                0x00403c4e
                                                                                                                0x00403c61
                                                                                                                0x00403c67
                                                                                                                0x00403d0a
                                                                                                                0x00000000
                                                                                                                0x00403d13
                                                                                                                0x00403c6d
                                                                                                                0x00403c7a
                                                                                                                0x00403c7c
                                                                                                                0x00403c7e
                                                                                                                0x00403c9d
                                                                                                                0x00403c9d
                                                                                                                0x00403ca0
                                                                                                                0x00403ca5
                                                                                                                0x00403ca8
                                                                                                                0x00403cb8
                                                                                                                0x00403cb9
                                                                                                                0x00403cbb
                                                                                                                0x00403cf1
                                                                                                                0x00403d04
                                                                                                                0x00000000
                                                                                                                0x00403d04
                                                                                                                0x00403cbd
                                                                                                                0x00403cc3
                                                                                                                0x00403cdc
                                                                                                                0x00403ce1
                                                                                                                0x00403ce3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403ce5
                                                                                                                0x00403cd1
                                                                                                                0x00403cd1
                                                                                                                0x00403cd3
                                                                                                                0x00403cd3
                                                                                                                0x00000000
                                                                                                                0x00403cd3
                                                                                                                0x00403cc6
                                                                                                                0x00403ccb
                                                                                                                0x00000000
                                                                                                                0x00403ccb
                                                                                                                0x00403caa
                                                                                                                0x00403cb0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403cb2
                                                                                                                0x00000000
                                                                                                                0x00403cb2
                                                                                                                0x00403ca2
                                                                                                                0x00000000
                                                                                                                0x00403ca2
                                                                                                                0x00403c88
                                                                                                                0x00403c8f
                                                                                                                0x00403c95
                                                                                                                0x00403c97
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403c97
                                                                                                                0x00403c53
                                                                                                                0x00000000
                                                                                                                0x00403c31
                                                                                                                0x00403c37
                                                                                                                0x00403c41
                                                                                                                0x00404048
                                                                                                                0x00404048
                                                                                                                0x0040404e
                                                                                                                0x00404050
                                                                                                                0x00404056
                                                                                                                0x0040405b
                                                                                                                0x00404061
                                                                                                                0x00404061
                                                                                                                0x00404056
                                                                                                                0x0040406b
                                                                                                                0x00000000
                                                                                                                0x0040406b
                                                                                                                0x00403c2f

                                                                                                                APIs
                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403C06
                                                                                                                • ShowWindow.USER32(?), ref: 00403C23
                                                                                                                • DestroyWindow.USER32 ref: 00403C37
                                                                                                                • SetWindowLongA.USER32 ref: 00403C53
                                                                                                                • GetDlgItem.USER32 ref: 00403C74
                                                                                                                • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403C88
                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 00403C8F
                                                                                                                • GetDlgItem.USER32 ref: 00403D3D
                                                                                                                • GetDlgItem.USER32 ref: 00403D47
                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403D61
                                                                                                                • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403DB2
                                                                                                                • GetDlgItem.USER32 ref: 00403E58
                                                                                                                • ShowWindow.USER32(00000000,?), ref: 00403E79
                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403E8B
                                                                                                                • EnableWindow.USER32(?,?), ref: 00403EA6
                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403EBC
                                                                                                                • EnableMenuItem.USER32 ref: 00403EC3
                                                                                                                • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403EDB
                                                                                                                • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403EEE
                                                                                                                • lstrlenA.KERNEL32(Wildix Integration Service v3.11.3 Setup ,?,Wildix Integration Service v3.11.3 Setup ,00000000), ref: 00403F18
                                                                                                                • SetWindowTextA.USER32(?,Wildix Integration Service v3.11.3 Setup ), ref: 00403F27
                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 0040405B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Item$MessageSend$Show$CallbackDispatcherEnableMenuUser$DestroyEnabledLongSystemTextlstrlen
                                                                                                                • String ID: Wildix Integration Service v3.11.3 Setup
                                                                                                                • API String ID: 3906175533-852443512
                                                                                                                • Opcode ID: 5ffd1eee2a53c0bce8439eebe02f74cc0bfe9fdaa9e9cbb129ddddf772baf92f
                                                                                                                • Instruction ID: 8391a727dd330e9af47019fb45b898bbd0b6ec160f5193fdc8e4d7e88c7c5567
                                                                                                                • Opcode Fuzzy Hash: 5ffd1eee2a53c0bce8439eebe02f74cc0bfe9fdaa9e9cbb129ddddf772baf92f
                                                                                                                • Instruction Fuzzy Hash: 39C1B171600704AFDB20AF62EE45E2B3AA9FB95706F40043EF642B51E1CB799852DB1D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040382D Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 288 40382d-403845 call 4063a8 291 403847-403857 call 405f6e 288->291 292 403859-40388a call 405ef7 288->292 301 4038ad-4038d6 call 403af2 call 405a96 291->301 297 4038a2-4038a8 lstrcatA 292->297 298 40388c-40389d call 405ef7 292->298 297->301 298->297 306 4038dc-4038e1 301->306 307 40395d-403965 call 405a96 301->307 306->307 308 4038e3-4038fb call 405ef7 306->308 313 403973-403998 LoadImageA 307->313 314 403967-40396e call 406032 307->314 312 403900-403907 308->312 312->307 315 403909-40390b 312->315 317 403a19-403a21 call 40140b 313->317 318 40399a-4039ca RegisterClassA 313->318 314->313 319 40391c-403928 lstrlenA 315->319 320 40390d-40391a call 4059d3 315->320 331 403a23-403a26 317->331 332 403a2b-403a36 call 403af2 317->332 321 4039d0-403a14 SystemParametersInfoA CreateWindowExA 318->321 322 403ae8 318->322 326 403950-403958 call 4059a8 call 406010 319->326 327 40392a-403938 lstrcmpiA 319->327 320->319 321->317 325 403aea-403af1 322->325 326->307 327->326 330 40393a-403944 GetFileAttributesA 327->330 334 403946-403948 330->334 335 40394a-40394b call 4059ef 330->335 331->325 341 403a3c-403a56 ShowWindow call 40633a 332->341 342 403abf-403ac0 call 405209 332->342 334->326 334->335 335->326 347 403a62-403a74 GetClassInfoA 341->347 348 403a58-403a5d call 40633a 341->348 346 403ac5-403ac7 342->346 349 403ae1-403ae3 call 40140b 346->349 350 403ac9-403acf 346->350 354 403a76-403a86 GetClassInfoA RegisterClassA 347->354 355 403a8c-403aaf DialogBoxParamA call 40140b 347->355 348->347 349->322 350->331 351 403ad5-403adc call 40140b 350->351 351->331 354->355 359 403ab4-403abd call 40377d 355->359 359->325
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E0040382D(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x42f414;
				_t17 = E004063A8(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x42a870;
					"1033" = 0x30;
					 *0x436001 = 0x78;
					 *0x436002 = 0;
					E00405EF7(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a870, 0);
					__eflags =  *0x42a870; // 0x57
					if(__eflags == 0) {
						E00405EF7(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M00408362, 0x42a870, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					E00405F6E("1033",  *_t17() & 0x0000ffff);
				}
				E00403AF2(_t71, _t84);
				_t80 = "C:\\Program Files\\Wildix\\WIService";
				 *0x42f4a0 =  *0x42f41c & 0x00000020;
				 *0x42f4bc = 0x10000;
				if(E00405A96(_t84, "C:\\Program Files\\Wildix\\WIService") != 0) {
					L16:
					if(E00405A96(_t92, _t80) == 0) {
						E00406032(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118))); // executed
					}
					_t25 = LoadImageA( *0x42f400, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x42ebe8 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403AF2(_t71, __eflags);
							__eflags =  *0x42f4c0;
							if( *0x42f4c0 != 0) {
								_t28 = E00405209(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42ebcc; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42a850, 5); // executed
							_t34 = E0040633A("RichEd20"); // executed
							__eflags = _t34;
							if(_t34 == 0) {
								E0040633A("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x42eba0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x42eba0);
								 *0x42ebc4 = _t81;
								RegisterClassA(0x42eba0);
							}
							_t36 =  *0x42ebe0; // 0x0
							_t39 = DialogBoxParamA( *0x42f400, _t36 + 0x00000069 & 0x0000ffff, 0, E00403BCA, 0); // executed
							E0040377D(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x42f400;
						 *0x42eba4 = E00401000;
						 *0x42ebb0 =  *0x42f400;
						 *0x42ebb4 = _t25;
						 *0x42ebc4 = 0x40a1f4;
						if(RegisterClassA(0x42eba0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x42a850 = CreateWindowExA(0x80, 0x40a1f4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42f400, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x42e3a0;
					E00405EF7(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x42f458, 0x42e3a0, 0);
					_t57 =  *0x42e3a0; // 0x52
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x42e3a1;
						 *((char*)(E004059D3(0x42e3a1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00406010(_t80, E004059A8(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E004059EF(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                                                0x00403833
                                                                                                                0x0040383c
                                                                                                                0x00403843
                                                                                                                0x00403845
                                                                                                                0x00403859
                                                                                                                0x0040386b
                                                                                                                0x00403872
                                                                                                                0x00403879
                                                                                                                0x0040387f
                                                                                                                0x00403884
                                                                                                                0x0040388a
                                                                                                                0x0040389d
                                                                                                                0x0040389d
                                                                                                                0x004038a8
                                                                                                                0x00403847
                                                                                                                0x00403852
                                                                                                                0x00403852
                                                                                                                0x004038ad
                                                                                                                0x004038b7
                                                                                                                0x004038c0
                                                                                                                0x004038c5
                                                                                                                0x004038d6
                                                                                                                0x0040395d
                                                                                                                0x00403965
                                                                                                                0x0040396e
                                                                                                                0x0040396e
                                                                                                                0x00403984
                                                                                                                0x0040398a
                                                                                                                0x00403998
                                                                                                                0x00403a19
                                                                                                                0x00403a21
                                                                                                                0x00403a2b
                                                                                                                0x00403a30
                                                                                                                0x00403a36
                                                                                                                0x00403ac0
                                                                                                                0x00403ac5
                                                                                                                0x00403ac7
                                                                                                                0x00403ae3
                                                                                                                0x00000000
                                                                                                                0x00403ae3
                                                                                                                0x00403ac9
                                                                                                                0x00403acf
                                                                                                                0x00403ad7
                                                                                                                0x00403ad7
                                                                                                                0x00000000
                                                                                                                0x00403acf
                                                                                                                0x00403a44
                                                                                                                0x00403a4f
                                                                                                                0x00403a54
                                                                                                                0x00403a56
                                                                                                                0x00403a5d
                                                                                                                0x00403a5d
                                                                                                                0x00403a68
                                                                                                                0x00403a70
                                                                                                                0x00403a72
                                                                                                                0x00403a74
                                                                                                                0x00403a7d
                                                                                                                0x00403a80
                                                                                                                0x00403a86
                                                                                                                0x00403a86
                                                                                                                0x00403a8c
                                                                                                                0x00403aa5
                                                                                                                0x00403ab6
                                                                                                                0x00000000
                                                                                                                0x00403abb
                                                                                                                0x00403a23
                                                                                                                0x00403a25
                                                                                                                0x00000000
                                                                                                                0x0040399a
                                                                                                                0x0040399a
                                                                                                                0x004039a6
                                                                                                                0x004039b0
                                                                                                                0x004039b6
                                                                                                                0x004039bb
                                                                                                                0x004039ca
                                                                                                                0x00403ae8
                                                                                                                0x00403ae8
                                                                                                                0x00000000
                                                                                                                0x00403ae8
                                                                                                                0x004039d9
                                                                                                                0x00403a14
                                                                                                                0x00000000
                                                                                                                0x00403a14
                                                                                                                0x004038dc
                                                                                                                0x004038dc
                                                                                                                0x004038df
                                                                                                                0x004038e1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004038eb
                                                                                                                0x004038fb
                                                                                                                0x00403900
                                                                                                                0x00403907
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040390b
                                                                                                                0x0040390d
                                                                                                                0x0040391a
                                                                                                                0x0040391a
                                                                                                                0x00403922
                                                                                                                0x00403928
                                                                                                                0x00403950
                                                                                                                0x00403958
                                                                                                                0x00000000
                                                                                                                0x0040393a
                                                                                                                0x0040393b
                                                                                                                0x00403944
                                                                                                                0x0040394a
                                                                                                                0x0040394b
                                                                                                                0x00000000
                                                                                                                0x0040394b
                                                                                                                0x00403946
                                                                                                                0x00403948
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403948
                                                                                                                0x00403928

                                                                                                                APIs
                                                                                                                  • Part of subcall function 004063A8: GetModuleHandleA.KERNEL32(?,?,?,004032DE,0000000A), ref: 004063BA
                                                                                                                  • Part of subcall function 004063A8: GetProcAddress.KERNEL32(00000000,?), ref: 004063D5
                                                                                                                • lstrcatA.KERNEL32(1033,Wildix Integration Service v3.11.3 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.11.3 Setup ,00000000,00000002,766DFA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SetupWIService.exe",00000000), ref: 004038A8
                                                                                                                • lstrlenA.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Wildix\WIService,1033,Wildix Integration Service v3.11.3 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.11.3 Setup ,00000000,00000002,766DFA90), ref: 0040391D
                                                                                                                • lstrcmpiA.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Wildix\WIService,1033,Wildix Integration Service v3.11.3 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.11.3 Setup ,00000000), ref: 00403930
                                                                                                                • GetFileAttributesA.KERNEL32(Remove folder: ), ref: 0040393B
                                                                                                                • LoadImageA.USER32 ref: 00403984
                                                                                                                  • Part of subcall function 00405F6E: wsprintfA.USER32 ref: 00405F7B
                                                                                                                • RegisterClassA.USER32 ref: 004039C1
                                                                                                                • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 004039D9
                                                                                                                • CreateWindowExA.USER32 ref: 00403A0E
                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00403A44
                                                                                                                • GetClassInfoA.USER32 ref: 00403A70
                                                                                                                • GetClassInfoA.USER32 ref: 00403A7D
                                                                                                                • RegisterClassA.USER32 ref: 00403A86
                                                                                                                • DialogBoxParamA.USER32 ref: 00403AA5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                • String ID: "C:\Users\user\Desktop\SetupWIService.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20A$Wildix Integration Service v3.11.3 Setup $_Nb
                                                                                                                • API String ID: 1975747703-4227192881
                                                                                                                • Opcode ID: 15822f17e376e41266fbf8a251ac5c412d7bb8a3b85e81a9d7c16052a8cecaf4
                                                                                                                • Instruction ID: 5bdd09b32da2b5bd11ad56600dd1adb443959310d265eb20ccced3f07ac4f103
                                                                                                                • Opcode Fuzzy Hash: 15822f17e376e41266fbf8a251ac5c412d7bb8a3b85e81a9d7c16052a8cecaf4
                                                                                                                • Instruction Fuzzy Hash: B461C770340201AED620BB669D45F2B3E6CEB54749F80447FF981B22E2CB7D9D469B2D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402DC4 Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 181memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 362 402dc4-402e12 GetTickCount GetModuleFileNameA call 405ba9 365 402e14-402e19 362->365 366 402e1e-402e4c call 406010 call 4059ef call 406010 GetFileSize 362->366 367 402ff4-402ff8 365->367 374 402e52 366->374 375 402f37-402f45 call 402d60 366->375 376 402e57-402e6e 374->376 382 402f47-402f4a 375->382 383 402f9a-402f9f 375->383 378 402e70 376->378 379 402e72-402e7b call 40320d 376->379 378->379 388 402fa1-402fa9 call 402d60 379->388 389 402e81-402e88 379->389 384 402f4c-402f64 call 403223 call 40320d 382->384 385 402f6e-402f98 GlobalAlloc call 403223 call 402ffb 382->385 383->367 384->383 408 402f66-402f6c 384->408 385->383 413 402fab-402fbc 385->413 388->383 392 402f04-402f08 389->392 393 402e8a-402e9e call 405b64 389->393 397 402f12-402f18 392->397 398 402f0a-402f11 call 402d60 392->398 393->397 411 402ea0-402ea7 393->411 404 402f27-402f2f 397->404 405 402f1a-402f24 call 40645f 397->405 398->397 404->376 412 402f35 404->412 405->404 408->383 408->385 411->397 417 402ea9-402eb0 411->417 412->375 414 402fc4-402fc9 413->414 415 402fbe 413->415 418 402fca-402fd0 414->418 415->414 417->397 419 402eb2-402eb9 417->419 418->418 420 402fd2-402fed SetFilePointer call 405b64 418->420 419->397 421 402ebb-402ec2 419->421 424 402ff2 420->424 421->397 423 402ec4-402ee4 421->423 423->383 425 402eea-402eee 423->425 424->367 426 402ef0-402ef4 425->426 427 402ef6-402efe 425->427 426->412 426->427 427->397 428 402f00-402f02 427->428 428->397
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E00402DC4(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\alfons\\Desktop\\SetupWIService.exe";
				 *0x42f410 = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\alfons\\Desktop\\SetupWIService.exe", 0x400);
				_t89 = E00405BA9(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\alfons\\Desktop";
				E00406010("C:\\Users\\alfons\\Desktop", _t91);
				E00406010(0x437000, E004059EF(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x42942c = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402D60(1);
					__eflags =  *0x42f418 - _t82;
					if( *0x42f418 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E00403223( *0x42f418 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402FFB(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x42f414 = _t94;
							 *0x42f41c =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x42f420 =  *0x42f420 + 1;
								__eflags =  *0x42f420;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405B64(0x42f440, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E00403223( *0x41d420);
					_t65 = E0040320D( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x42f418) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E0040320D(0x415420, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00402D60(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42f418;
						if( *0x42f418 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402D60(0);
							}
							goto L20;
						}
						E00405B64( &_v44, 0x415420, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x41d420; // 0xd393bc
						 *0x42f4c0 =  *0x42f4c0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x42f418 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x40a194
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x42942c; // 0xd3bcf0
						if(__eflags < 0) {
							_v12 = E0040645F(_v12, 0x415420, _t90);
						}
						 *0x41d420 =  *0x41d420 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 != 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}































                                                                                                                0x00402dcc
                                                                                                                0x00402dcf
                                                                                                                0x00402dd2
                                                                                                                0x00402dd5
                                                                                                                0x00402ddb
                                                                                                                0x00402dec
                                                                                                                0x00402df1
                                                                                                                0x00402e04
                                                                                                                0x00402e09
                                                                                                                0x00402e0c
                                                                                                                0x00402e12
                                                                                                                0x00000000
                                                                                                                0x00402e14
                                                                                                                0x00402e1f
                                                                                                                0x00402e25
                                                                                                                0x00402e36
                                                                                                                0x00402e3d
                                                                                                                0x00402e43
                                                                                                                0x00402e45
                                                                                                                0x00402e4a
                                                                                                                0x00402e4c
                                                                                                                0x00402f37
                                                                                                                0x00402f39
                                                                                                                0x00402f3e
                                                                                                                0x00402f45
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402f47
                                                                                                                0x00402f4a
                                                                                                                0x00402f6e
                                                                                                                0x00402f73
                                                                                                                0x00402f79
                                                                                                                0x00402f84
                                                                                                                0x00402f89
                                                                                                                0x00402f8c
                                                                                                                0x00402f8d
                                                                                                                0x00402f8e
                                                                                                                0x00402f90
                                                                                                                0x00402f95
                                                                                                                0x00402f98
                                                                                                                0x00402fab
                                                                                                                0x00402faf
                                                                                                                0x00402fb7
                                                                                                                0x00402fbc
                                                                                                                0x00402fbe
                                                                                                                0x00402fbe
                                                                                                                0x00402fbe
                                                                                                                0x00402fc6
                                                                                                                0x00402fc6
                                                                                                                0x00402fc9
                                                                                                                0x00402fca
                                                                                                                0x00402fca
                                                                                                                0x00402fcd
                                                                                                                0x00402fcf
                                                                                                                0x00402fcf
                                                                                                                0x00402fcf
                                                                                                                0x00402fd9
                                                                                                                0x00402fdf
                                                                                                                0x00402fed
                                                                                                                0x00402ff2
                                                                                                                0x00000000
                                                                                                                0x00402ff2
                                                                                                                0x00000000
                                                                                                                0x00402f98
                                                                                                                0x00402f52
                                                                                                                0x00402f5d
                                                                                                                0x00402f62
                                                                                                                0x00402f64
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402f69
                                                                                                                0x00402f6c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402e52
                                                                                                                0x00402e57
                                                                                                                0x00402e5c
                                                                                                                0x00402e60
                                                                                                                0x00402e67
                                                                                                                0x00402e6c
                                                                                                                0x00402e6e
                                                                                                                0x00402e70
                                                                                                                0x00402e70
                                                                                                                0x00402e74
                                                                                                                0x00402e79
                                                                                                                0x00402e7b
                                                                                                                0x00402fa3
                                                                                                                0x00402f9a
                                                                                                                0x00000000
                                                                                                                0x00402f9a
                                                                                                                0x00402e81
                                                                                                                0x00402e88
                                                                                                                0x00402f04
                                                                                                                0x00402f08
                                                                                                                0x00402f0c
                                                                                                                0x00402f11
                                                                                                                0x00000000
                                                                                                                0x00402f08
                                                                                                                0x00402e91
                                                                                                                0x00402e96
                                                                                                                0x00402e99
                                                                                                                0x00402e9e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402ea0
                                                                                                                0x00402ea7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402ea9
                                                                                                                0x00402eb0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402eb2
                                                                                                                0x00402eb9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402ebb
                                                                                                                0x00402ec2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402ec4
                                                                                                                0x00402eca
                                                                                                                0x00402ed3
                                                                                                                0x00402ed9
                                                                                                                0x00402edc
                                                                                                                0x00402ede
                                                                                                                0x00402ee4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402eea
                                                                                                                0x00402eee
                                                                                                                0x00402ef6
                                                                                                                0x00402ef6
                                                                                                                0x00402ef9
                                                                                                                0x00402ef9
                                                                                                                0x00402efc
                                                                                                                0x00402efe
                                                                                                                0x00402f00
                                                                                                                0x00402f00
                                                                                                                0x00000000
                                                                                                                0x00402efe
                                                                                                                0x00402ef0
                                                                                                                0x00402ef4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402f12
                                                                                                                0x00402f12
                                                                                                                0x00402f18
                                                                                                                0x00402f24
                                                                                                                0x00402f24
                                                                                                                0x00402f27
                                                                                                                0x00402f2d
                                                                                                                0x00402f2d
                                                                                                                0x00402f2d
                                                                                                                0x00402f35
                                                                                                                0x00402f35
                                                                                                                0x00000000
                                                                                                                0x00402f35

                                                                                                                APIs
                                                                                                                • GetTickCount.KERNEL32 ref: 00402DD5
                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\SetupWIService.exe,00000400), ref: 00402DF1
                                                                                                                  • Part of subcall function 00405BA9: GetFileAttributesA.KERNELBASE(00000003,00402E04,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405BAD
                                                                                                                  • Part of subcall function 00405BA9: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BCF
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00437000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SetupWIService.exe,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00402E3D
                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00000020), ref: 00402F73
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                • String ID: TA$"C:\Users\user\Desktop\SetupWIService.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SetupWIService.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                • API String ID: 2803837635-831758523
                                                                                                                • Opcode ID: a6173edc5218a8736919d7ec244e80ad4ff8d0a671bf7eda1f584d4bdf14a1ba
                                                                                                                • Instruction ID: 027006cf2d98db9fa9c400e5027e86f3261d974ae097fd254c994c4dc937b6e6
                                                                                                                • Opcode Fuzzy Hash: a6173edc5218a8736919d7ec244e80ad4ff8d0a671bf7eda1f584d4bdf14a1ba
                                                                                                                • Instruction Fuzzy Hash: FF51E471900215ABCB20AF64DE89B9F7BB8EB14359F50403BF500B32D1C6BC9E459AAD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406032 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 199stringCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 429 406032-40603d 430 406050-406066 429->430 431 40603f-40604e 429->431 432 406257-40625b 430->432 433 40606c-406077 430->433 431->430 435 406261-40626b 432->435 436 406089-406093 432->436 433->432 434 40607d-406084 433->434 434->432 438 406276-406277 435->438 439 40626d-406271 call 406010 435->439 436->435 437 406099-4060a0 436->437 440 4060a6-4060da 437->440 441 40624a 437->441 439->438 443 4060e0-4060ea 440->443 444 4061f7-4061fa 440->444 445 406254-406256 441->445 446 40624c-406252 441->446 447 406104 443->447 448 4060ec-4060f0 443->448 449 40622a-40622d 444->449 450 4061fc-4061ff 444->450 445->432 446->432 456 40610b-406112 447->456 448->447 453 4060f2-4060f6 448->453 451 40623b-406248 lstrlenA 449->451 452 40622f-406236 call 406032 449->452 454 406201-40620d call 405f6e 450->454 455 40620f-40621b call 406010 450->455 451->432 452->451 453->447 461 4060f8-4060fc 453->461 465 406220-406226 454->465 455->465 457 406114-406116 456->457 458 406117-406119 456->458 457->458 463 406152-406155 458->463 464 40611b-406136 call 405ef7 458->464 461->447 466 4060fe-406102 461->466 470 406165-406168 463->470 471 406157-406163 GetSystemDirectoryA 463->471 472 40613b-40613e 464->472 465->451 469 406228 465->469 466->456 473 4061ef-4061f5 call 40627a 469->473 475 4061d5-4061d7 470->475 476 40616a-406178 GetWindowsDirectoryA 470->476 474 4061d9-4061dc 471->474 477 406144-40614d call 406032 472->477 478 4061de-4061e2 472->478 473->451 474->473 474->478 475->474 479 40617a-406184 475->479 476->475 477->474 478->473 482 4061e4-4061ea lstrcatA 478->482 484 406186-406189 479->484 485 40619e-4061b4 SHGetSpecialFolderLocation 479->485 482->473 484->485 489 40618b-406192 484->489 486 4061d2 485->486 487 4061b6-4061d0 SHGetPathFromIDListA CoTaskMemFree 485->487 486->475 487->474 487->486 490 40619a-40619c 489->490 490->474 490->485
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E00406032(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x42ebdc; // 0x689455
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 +  *0x42f458;
				_t39 = 0x42e3a0;
				_t90 = 0x42e3a0;
				if(_a4 >= 0x42e3a0 && _a4 - 0x42e3a0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E00406032(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x42e3a0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = "0x0000565B" + (_t97 << 0xa);
							E00406010(_t90, "0x0000565B" + (_t97 << 0xa));
						} else {
							E00405F6E(_t90,  *0x42f408);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E0040627A(_t90);
						}
						goto L42;
					}
					_t52 =  *0x42f40c;
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x42f4a4;
						if( *0x42f4a4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x42f404;
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x42f408,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x42f408,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90); // executed
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E00405EF7((_t80 & 0x0000003f) +  *0x42f458, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x42f458, _t90, _t80 & 0x00000040); // executed
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E00406032(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E00406010(_a4, _t39);
			}



























                                                                                                                0x00406032
                                                                                                                0x00406032
                                                                                                                0x00406032
                                                                                                                0x00406038
                                                                                                                0x0040603d
                                                                                                                0x0040603f
                                                                                                                0x0040604e
                                                                                                                0x0040604e
                                                                                                                0x00406056
                                                                                                                0x00406057
                                                                                                                0x00406058
                                                                                                                0x00406059
                                                                                                                0x0040605c
                                                                                                                0x00406064
                                                                                                                0x00406066
                                                                                                                0x0040607d
                                                                                                                0x00406080
                                                                                                                0x00406080
                                                                                                                0x00406257
                                                                                                                0x00406257
                                                                                                                0x0040625b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040608d
                                                                                                                0x00406093
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406099
                                                                                                                0x0040609a
                                                                                                                0x0040609d
                                                                                                                0x004060a0
                                                                                                                0x0040624a
                                                                                                                0x00406254
                                                                                                                0x00406256
                                                                                                                0x00406256
                                                                                                                0x0040624c
                                                                                                                0x0040624e
                                                                                                                0x00406250
                                                                                                                0x00406251
                                                                                                                0x00406251
                                                                                                                0x00000000
                                                                                                                0x0040624a
                                                                                                                0x004060a6
                                                                                                                0x004060aa
                                                                                                                0x004060ba
                                                                                                                0x004060c1
                                                                                                                0x004060c4
                                                                                                                0x004060cc
                                                                                                                0x004060cf
                                                                                                                0x004060d6
                                                                                                                0x004060d7
                                                                                                                0x004060da
                                                                                                                0x004061f7
                                                                                                                0x004061fa
                                                                                                                0x0040622a
                                                                                                                0x0040622d
                                                                                                                0x00406232
                                                                                                                0x00406236
                                                                                                                0x00406236
                                                                                                                0x0040623b
                                                                                                                0x00406241
                                                                                                                0x00406243
                                                                                                                0x00000000
                                                                                                                0x00406243
                                                                                                                0x004061fc
                                                                                                                0x004061ff
                                                                                                                0x00406214
                                                                                                                0x0040621b
                                                                                                                0x00406201
                                                                                                                0x00406208
                                                                                                                0x00406208
                                                                                                                0x00406223
                                                                                                                0x00406226
                                                                                                                0x004061ef
                                                                                                                0x004061f0
                                                                                                                0x004061f0
                                                                                                                0x00000000
                                                                                                                0x00406226
                                                                                                                0x004060e0
                                                                                                                0x004060e7
                                                                                                                0x004060e9
                                                                                                                0x004060ea
                                                                                                                0x00406104
                                                                                                                0x00406104
                                                                                                                0x0040610b
                                                                                                                0x0040610b
                                                                                                                0x00406112
                                                                                                                0x00406116
                                                                                                                0x00406116
                                                                                                                0x00406117
                                                                                                                0x00406119
                                                                                                                0x00406152
                                                                                                                0x00406155
                                                                                                                0x00406165
                                                                                                                0x00406168
                                                                                                                0x00406170
                                                                                                                0x00406176
                                                                                                                0x00406176
                                                                                                                0x004061d5
                                                                                                                0x004061d5
                                                                                                                0x004061d7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040617a
                                                                                                                0x00406181
                                                                                                                0x00406182
                                                                                                                0x00406184
                                                                                                                0x0040619e
                                                                                                                0x004061ac
                                                                                                                0x004061b2
                                                                                                                0x004061b4
                                                                                                                0x004061d2
                                                                                                                0x004061d2
                                                                                                                0x004061d2
                                                                                                                0x00000000
                                                                                                                0x004061d2
                                                                                                                0x004061ba
                                                                                                                0x004061c3
                                                                                                                0x004061c6
                                                                                                                0x004061cc
                                                                                                                0x004061d0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004061d0
                                                                                                                0x00406186
                                                                                                                0x00406189
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406198
                                                                                                                0x0040619a
                                                                                                                0x0040619c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040619c
                                                                                                                0x00000000
                                                                                                                0x004061d5
                                                                                                                0x0040615d
                                                                                                                0x00000000
                                                                                                                0x0040611b
                                                                                                                0x00406136
                                                                                                                0x0040613b
                                                                                                                0x0040613e
                                                                                                                0x004061de
                                                                                                                0x004061de
                                                                                                                0x004061e2
                                                                                                                0x004061ea
                                                                                                                0x004061ea
                                                                                                                0x00000000
                                                                                                                0x004061e2
                                                                                                                0x00406148
                                                                                                                0x004061d9
                                                                                                                0x004061d9
                                                                                                                0x004061dc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004061dc
                                                                                                                0x00406119
                                                                                                                0x004060ec
                                                                                                                0x004060f0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004060f2
                                                                                                                0x004060f6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004060f8
                                                                                                                0x004060fc
                                                                                                                0x00000000
                                                                                                                0x004060fe
                                                                                                                0x004060fe
                                                                                                                0x00000000
                                                                                                                0x004060fe
                                                                                                                0x004060fc
                                                                                                                0x00406261
                                                                                                                0x0040626b
                                                                                                                0x00406277
                                                                                                                0x00406277
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 0040615D
                                                                                                                • GetWindowsDirectoryA.KERNEL32(Remove folder: ,00000400,?,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00000000,0040516F,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00000000), ref: 00406170
                                                                                                                • SHGetSpecialFolderLocation.SHELL32(0040516F,766DEA30,?,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00000000,0040516F,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00000000), ref: 004061AC
                                                                                                                • SHGetPathFromIDListA.SHELL32(766DEA30,Remove folder: ), ref: 004061BA
                                                                                                                • CoTaskMemFree.OLE32(766DEA30), ref: 004061C6
                                                                                                                • lstrcatA.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 004061EA
                                                                                                                • lstrlenA.KERNEL32(Remove folder: ,?,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00000000,0040516F,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00000000,00000000,00423A28,766DEA30), ref: 0040623C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                • String ID: 0x0000565B$Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                • API String ID: 717251189-353861997
                                                                                                                • Opcode ID: b5f21783dff86301b55f28ea11f9c7815398c55a2ca1ca21ed943f87329636d9
                                                                                                                • Instruction ID: 0eb145c1bee873094c14c85ea59bbbcbcc52f889deb60e0de917f7e6e63be494
                                                                                                                • Opcode Fuzzy Hash: b5f21783dff86301b55f28ea11f9c7815398c55a2ca1ca21ed943f87329636d9
                                                                                                                • Instruction Fuzzy Hash: F1610171900114AEDF24AF64CC84BBE3BA5AB15314F52417FE913BA2D2C77C49A2CB5E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401759 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 147stringtimeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 560 401759-40177c call 402b2c call 405a15 565 401786-401798 call 406010 call 4059a8 lstrcatA 560->565 566 40177e-401784 call 406010 560->566 572 40179d-4017a3 call 40627a 565->572 566->572 576 4017a8-4017ac 572->576 577 4017ae-4017b8 call 406313 576->577 578 4017df-4017e2 576->578 586 4017ca-4017dc 577->586 587 4017ba-4017c8 CompareFileTime 577->587 580 4017e4-4017e5 call 405b84 578->580 581 4017ea-401806 call 405ba9 578->581 580->581 588 401808-40180b 581->588 589 40187e-4018a7 call 405137 call 402ffb 581->589 586->578 587->586 590 401860-40186a call 405137 588->590 591 40180d-40184f call 406010 * 2 call 406032 call 406010 call 40572c 588->591 603 4018a9-4018ad 589->603 604 4018af-4018bb SetFileTime 589->604 601 401873-401879 590->601 591->576 624 401855-401856 591->624 605 4029c1 601->605 603->604 607 4018c1-4018cc FindCloseChangeNotification 603->607 604->607 609 4029c3-4029c7 605->609 610 4018d2-4018d5 607->610 611 4029b8-4029bb 607->611 612 4018d7-4018e8 call 406032 lstrcatA 610->612 613 4018ea-4018ed call 406032 610->613 611->605 619 4018f2-402353 call 40572c 612->619 613->619 619->609 619->611 624->601 625 401858-401859 624->625 625->590
                                                                                                                C-Code - Quality: 60%
                                                                                                                			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402B2C(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x34) & 0x00000007;
				_t33 = E00405A15(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E004059A8(E00406010(0x40a418, "C:\\Program Files\\Wildix\\WIService")), ??);
				} else {
					_push(0x40a418);
					E00406010();
				}
				E0040627A(0x40a418);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00406313(0x40a418);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x28);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405B84(0x40a418);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405BA9(0x40a418, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00405137(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x42f4a8;
						goto L32;
					} else {
						E00406010(0x40ac18, "0x0000565B");
						E00406010("0x0000565B", 0x40a418);
						E00406032(_t75, 0x40ac18, 0x40a418, "C:\Users\alfons\AppData\Local\Temp\nstFA32.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x20)));
						E00406010("0x0000565B", 0x40ac18);
						_t62 = E0040572C("C:\Users\alfons\AppData\Local\Temp\nstFA32.tmp\System.dll",  *(_t85 - 0x34) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x42f4a8 =  &( *0x42f4a8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x40a418);
								_push(0xfffffffa);
								E00405137();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00405137(0xffffffea,  *(_t85 - 8)); // executed
				 *0x42f4d4 =  *0x42f4d4 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 0xc));
				_push( *((intOrPtr*)(_t85 - 0x2c)));
				_t43 = E00402FFB(); // executed
				 *0x42f4d4 =  *0x42f4d4 - 1;
				__eflags =  *(_t85 - 0x28) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x28) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x28, _t75, _t85 - 0x28); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x24)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x24)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00406032(_t75, _t80, 0x40a418, 0x40a418, 0xffffffee);
					} else {
						E00406032(_t75, _t80, 0x40a418, 0x40a418, 0xffffffe9);
						lstrcatA(0x40a418,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x40a418);
					E0040572C();
					goto L29;
				}
				goto L33;
			}
















                                                                                                                0x00401759
                                                                                                                0x00401760
                                                                                                                0x00401769
                                                                                                                0x0040176c
                                                                                                                0x0040176f
                                                                                                                0x00401774
                                                                                                                0x0040177c
                                                                                                                0x00401798
                                                                                                                0x0040177e
                                                                                                                0x0040177e
                                                                                                                0x0040177f
                                                                                                                0x0040177f
                                                                                                                0x0040179e
                                                                                                                0x004017a8
                                                                                                                0x004017a8
                                                                                                                0x004017ac
                                                                                                                0x004017af
                                                                                                                0x004017b4
                                                                                                                0x004017b6
                                                                                                                0x004017b8
                                                                                                                0x004017bd
                                                                                                                0x004017bd
                                                                                                                0x004017c8
                                                                                                                0x004017c8
                                                                                                                0x004017d9
                                                                                                                0x004017db
                                                                                                                0x004017db
                                                                                                                0x004017dc
                                                                                                                0x004017dc
                                                                                                                0x004017df
                                                                                                                0x004017e2
                                                                                                                0x004017e5
                                                                                                                0x004017e5
                                                                                                                0x004017ec
                                                                                                                0x004017fb
                                                                                                                0x00401800
                                                                                                                0x00401803
                                                                                                                0x00401806
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401808
                                                                                                                0x0040180b
                                                                                                                0x00401865
                                                                                                                0x0040186a
                                                                                                                0x004015b0
                                                                                                                0x00402783
                                                                                                                0x00402783
                                                                                                                0x004029b8
                                                                                                                0x004029bb
                                                                                                                0x004029bb
                                                                                                                0x00000000
                                                                                                                0x0040180d
                                                                                                                0x00401813
                                                                                                                0x0040181e
                                                                                                                0x0040182b
                                                                                                                0x00401836
                                                                                                                0x0040184c
                                                                                                                0x0040184c
                                                                                                                0x0040184f
                                                                                                                0x00000000
                                                                                                                0x00401855
                                                                                                                0x00401855
                                                                                                                0x00401856
                                                                                                                0x00401873
                                                                                                                0x004029c1
                                                                                                                0x004029c1
                                                                                                                0x004029c1
                                                                                                                0x00401858
                                                                                                                0x00401858
                                                                                                                0x00401859
                                                                                                                0x00401492
                                                                                                                0x0040234e
                                                                                                                0x0040234e
                                                                                                                0x0040234e
                                                                                                                0x00401856
                                                                                                                0x0040184f
                                                                                                                0x004029c3
                                                                                                                0x004029c7
                                                                                                                0x004029c7
                                                                                                                0x00401883
                                                                                                                0x00401888
                                                                                                                0x0040188e
                                                                                                                0x0040188f
                                                                                                                0x00401890
                                                                                                                0x00401893
                                                                                                                0x00401896
                                                                                                                0x0040189b
                                                                                                                0x004018a1
                                                                                                                0x004018a5
                                                                                                                0x004018a7
                                                                                                                0x004018af
                                                                                                                0x004018bb
                                                                                                                0x004018a9
                                                                                                                0x004018a9
                                                                                                                0x004018ad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004018ad
                                                                                                                0x004018c4
                                                                                                                0x004018ca
                                                                                                                0x004018cc
                                                                                                                0x00000000
                                                                                                                0x004018d2
                                                                                                                0x004018d2
                                                                                                                0x004018d5
                                                                                                                0x004018ed
                                                                                                                0x004018d7
                                                                                                                0x004018da
                                                                                                                0x004018e3
                                                                                                                0x004018e3
                                                                                                                0x004018f2
                                                                                                                0x004018f7
                                                                                                                0x00402349
                                                                                                                0x00000000
                                                                                                                0x00402349
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Program Files\Wildix\WIService,00000000,00000000,00000031), ref: 00401798
                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Program Files\Wildix\WIService,00000000,00000000,00000031), ref: 004017C2
                                                                                                                  • Part of subcall function 00406010: lstrcpynA.KERNEL32(?,?,00000400,0040333D,Wildix Integration Service v3.11.3 Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040601D
                                                                                                                  • Part of subcall function 00405137: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00000000,00423A28,766DEA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                                                                  • Part of subcall function 00405137: lstrlenA.KERNEL32(00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00000000,00423A28,766DEA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                                                                  • Part of subcall function 00405137: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00403156,00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00000000,00423A28,766DEA30), ref: 00405193
                                                                                                                  • Part of subcall function 00405137: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\), ref: 004051A5
                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004051CB
                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004051E5
                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32(?,00001013,?,00000000), ref: 004051F3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                • String ID: 0x0000565B$C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\nstFA32.tmp$C:\Users\user\AppData\Local\Temp\nstFA32.tmp\System.dll$Call
                                                                                                                • API String ID: 1941528284-4289815159
                                                                                                                • Opcode ID: d2d4c9be4c77887772f7a063183bc6da9d3610935c72e1bf3270bbb4a4cc9717
                                                                                                                • Instruction ID: fcac4804817dd72ce497849c2c59a0292666c96c0e268c836f952ab8254f0f2b
                                                                                                                • Opcode Fuzzy Hash: d2d4c9be4c77887772f7a063183bc6da9d3610935c72e1bf3270bbb4a4cc9717
                                                                                                                • Instruction Fuzzy Hash: 5941E571900114BACF10BBB5CD45E9F3A79EF45369F20823BF412F20E2DA7C8A519A6D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405137 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 627 405137-40514c 628 405202-405206 627->628 629 405152-405164 627->629 630 405166-40516a call 406032 629->630 631 40516f-40517b lstrlenA 629->631 630->631 633 405198-40519c 631->633 634 40517d-40518d lstrlenA 631->634 636 4051ab-4051af 633->636 637 40519e-4051a5 SetWindowTextA 633->637 634->628 635 40518f-405193 lstrcatA 634->635 635->633 638 4051b1-4051f3 SendMessageA * 3 636->638 639 4051f5-4051f7 636->639 637->636 638->639 639->628 640 4051f9-4051fc 639->640 640->628
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405137(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x42ebe4; // 0x1043c
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x42f4d4;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00406032(0, _t39, 0x42a050, 0x42a050, _a4);
					}
					_t26 = lstrlenA(0x42a050);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x42ebc8, 0x42a050); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42a050;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52); // executed
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x42a050)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x42a050, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                                0x0040513d
                                                                                                                0x00405149
                                                                                                                0x0040514c
                                                                                                                0x00405152
                                                                                                                0x0040515e
                                                                                                                0x00405161
                                                                                                                0x00405164
                                                                                                                0x0040516a
                                                                                                                0x0040516a
                                                                                                                0x00405170
                                                                                                                0x00405178
                                                                                                                0x0040517b
                                                                                                                0x00405198
                                                                                                                0x0040519c
                                                                                                                0x004051a5
                                                                                                                0x004051a5
                                                                                                                0x004051af
                                                                                                                0x004051b8
                                                                                                                0x004051c4
                                                                                                                0x004051cb
                                                                                                                0x004051cf
                                                                                                                0x004051d2
                                                                                                                0x004051e5
                                                                                                                0x004051f3
                                                                                                                0x004051f3
                                                                                                                0x004051f7
                                                                                                                0x004051f9
                                                                                                                0x004051fc
                                                                                                                0x00000000
                                                                                                                0x004051fc
                                                                                                                0x0040517d
                                                                                                                0x00405185
                                                                                                                0x0040518d
                                                                                                                0x00405193
                                                                                                                0x00000000
                                                                                                                0x00405193
                                                                                                                0x0040518d
                                                                                                                0x0040517b
                                                                                                                0x00405206

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00000000,00423A28,766DEA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                                                                • lstrlenA.KERNEL32(00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00000000,00423A28,766DEA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                                                                • lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00403156,00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00000000,00423A28,766DEA30), ref: 00405193
                                                                                                                • SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\), ref: 004051A5
                                                                                                                • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004051CB
                                                                                                                • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004051E5
                                                                                                                • SendMessageA.USER32(?,00001013,?,00000000), ref: 004051F3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\
                                                                                                                • API String ID: 2531174081-1072658530
                                                                                                                • Opcode ID: 2f522a59394b9be444cbcacf3a1b4d18be92345b96de9eacb0d1f76aaf85f54b
                                                                                                                • Instruction ID: 7d4789c60296e211bada9a9e2a19d16c38d622f2d1b0cadef69f4b7d7b7d07eb
                                                                                                                • Opcode Fuzzy Hash: 2f522a59394b9be444cbcacf3a1b4d18be92345b96de9eacb0d1f76aaf85f54b
                                                                                                                • Instruction Fuzzy Hash: CE21A971900118BFDB119FA5CD85ADEBFA9EF08354F04807AF844A6291C7398E408FA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402FFB Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 166COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 641 402ffb-40300f 642 403011 641->642 643 403018-403021 641->643 642->643 644 403023 643->644 645 40302a-40302f 643->645 644->645 646 403031-40303a call 403223 645->646 647 40303f-40304c call 40320d 645->647 646->647 651 403052-403056 647->651 652 4031fb 647->652 653 4031a6-4031a8 651->653 654 40305c-4030a5 GetTickCount 651->654 655 4031fd-4031fe 652->655 659 4031e8-4031eb 653->659 660 4031aa-4031ad 653->660 656 403203 654->656 657 4030ab-4030b3 654->657 658 403206-40320a 655->658 656->658 661 4030b5 657->661 662 4030b8-4030c6 call 40320d 657->662 663 4031f0-4031f9 call 40320d 659->663 664 4031ed 659->664 660->656 665 4031af 660->665 661->662 662->652 674 4030cc-4030d5 662->674 663->652 675 403200 663->675 664->663 666 4031b2-4031b8 665->666 669 4031ba 666->669 670 4031bc-4031ca call 40320d 666->670 669->670 670->652 678 4031cc-4031d8 call 405c50 670->678 677 4030db-4030fb call 4064cd 674->677 675->656 683 403101-403114 GetTickCount 677->683 684 40319e-4031a0 677->684 685 4031a2-4031a4 678->685 686 4031da-4031e4 678->686 687 403116-40311e 683->687 688 403159-40315b 683->688 684->655 685->655 686->666 691 4031e6 686->691 692 403120-403124 687->692 693 403126-403151 MulDiv wsprintfA call 405137 687->693 689 403192-403196 688->689 690 40315d-403161 688->690 689->657 696 40319c 689->696 694 403163-40316a call 405c50 690->694 695 403178-403183 690->695 691->656 692->688 692->693 700 403156 693->700 701 40316f-403171 694->701 699 403186-40318a 695->699 696->656 699->677 702 403190 699->702 700->688 701->685 703 403173-403176 701->703 702->656 703->699
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E00402FFB(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t65;
				long _t70;
				intOrPtr _t75;
				long _t76;
				intOrPtr _t77;
				void* _t78;
				int _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t96;
				signed int _t97;
				int _t98;
				int _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;

				_t97 = _a16;
				_t92 = _a12;
				_v12 = _t97;
				if(_t92 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t92;
				if(_t92 == 0) {
					_v16 = 0x421428;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E00403223( *0x42f478 + _t62);
				}
				if(E0040320D( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t92 != 0) {
							if(_a16 < _t97) {
								_t97 = _a16;
							}
							if(E0040320D(_t92, _t97) != 0) {
								_v8 = _t97;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t92) {
							goto L44;
						}
						_t88 = _v12;
						while(1) {
							_t98 = _a16;
							if(_a16 >= _t88) {
								_t98 = _t88;
							}
							if(E0040320D(0x41d428, _t98) == 0) {
								goto L41;
							}
							if(E00405C50(_a8, 0x41d428, _t98) == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t98;
							_a16 = _a16 - _t98;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x40bd8c =  *0x40bd8c & 0x00000000;
					 *0x40bd88 =  *0x40bd88 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x40b870 = 8;
					 *0x415418 = 0x40d410;
					 *0x415414 = 0x40d410;
					 *0x415410 = 0x415410;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E0040320D(0x41d428, _t99) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t99;
						 *0x40b860 = 0x41d428;
						 *0x40b864 = _t99;
						while(1) {
							_t95 = _v16;
							 *0x40b868 = _t95;
							 *0x40b86c = _v12;
							_t75 = E004064CD("@\xef\xbf							_v24 = _t75;
							if(_t75 < 0) {
								break;
							}
							_t100 =  *0x40b868; // 0x423a28
							_t101 = _t100 - _t95;
							_t76 = GetTickCount();
							_t96 = _t76;
							if(( *0x42f4d4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00405137(0,  &_v88); // executed
								_v20 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t77 =  *0x40b868; // 0x423a28
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_v16 = _t77;
									L23:
									if(_v24 != 1) {
										continue;
									}
									goto L44;
								}
								_t78 = E00405C50(_a8, _v16, _t101); // executed
								if(_t78 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t101;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}

























                                                                                                                0x00403003
                                                                                                                0x00403007
                                                                                                                0x0040300a
                                                                                                                0x0040300f
                                                                                                                0x00403011
                                                                                                                0x00403011
                                                                                                                0x00403018
                                                                                                                0x0040301c
                                                                                                                0x00403021
                                                                                                                0x00403023
                                                                                                                0x00403023
                                                                                                                0x0040302a
                                                                                                                0x0040302f
                                                                                                                0x0040303a
                                                                                                                0x0040303a
                                                                                                                0x0040304c
                                                                                                                0x004031fb
                                                                                                                0x004031fb
                                                                                                                0x00000000
                                                                                                                0x00403052
                                                                                                                0x00403056
                                                                                                                0x004031a8
                                                                                                                0x004031eb
                                                                                                                0x004031ed
                                                                                                                0x004031ed
                                                                                                                0x004031f9
                                                                                                                0x00403200
                                                                                                                0x00403203
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004031f9
                                                                                                                0x004031ad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004031af
                                                                                                                0x004031b2
                                                                                                                0x004031b5
                                                                                                                0x004031b8
                                                                                                                0x004031ba
                                                                                                                0x004031ba
                                                                                                                0x004031ca
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004031d8
                                                                                                                0x004031a2
                                                                                                                0x004031a2
                                                                                                                0x004031fd
                                                                                                                0x004031fd
                                                                                                                0x00000000
                                                                                                                0x004031fd
                                                                                                                0x004031da
                                                                                                                0x004031dd
                                                                                                                0x004031e4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004031e6
                                                                                                                0x00000000
                                                                                                                0x004031b2
                                                                                                                0x00403062
                                                                                                                0x00403064
                                                                                                                0x0040306b
                                                                                                                0x00403072
                                                                                                                0x00403072
                                                                                                                0x00403079
                                                                                                                0x00403081
                                                                                                                0x0040308b
                                                                                                                0x00403090
                                                                                                                0x00403098
                                                                                                                0x004030a2
                                                                                                                0x004030a5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004030ab
                                                                                                                0x004030ab
                                                                                                                0x004030ab
                                                                                                                0x004030b3
                                                                                                                0x004030b5
                                                                                                                0x004030b5
                                                                                                                0x004030c6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004030cc
                                                                                                                0x004030cf
                                                                                                                0x004030d5
                                                                                                                0x004030db
                                                                                                                0x004030db
                                                                                                                0x004030e6
                                                                                                                0x004030ec
                                                                                                                0x004030f1
                                                                                                                0x004030f8
                                                                                                                0x004030fb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403101
                                                                                                                0x00403107
                                                                                                                0x00403109
                                                                                                                0x00403112
                                                                                                                0x00403114
                                                                                                                0x00403142
                                                                                                                0x00403148
                                                                                                                0x00403151
                                                                                                                0x00403156
                                                                                                                0x00403156
                                                                                                                0x0040315b
                                                                                                                0x00403196
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040315d
                                                                                                                0x00403161
                                                                                                                0x00403178
                                                                                                                0x0040317d
                                                                                                                0x00403180
                                                                                                                0x00403183
                                                                                                                0x00403186
                                                                                                                0x0040318a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403190
                                                                                                                0x0040316a
                                                                                                                0x00403171
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403173
                                                                                                                0x00000000
                                                                                                                0x00403173
                                                                                                                0x0040315b
                                                                                                                0x0040319e
                                                                                                                0x00000000
                                                                                                                0x0040319e
                                                                                                                0x00000000
                                                                                                                0x004030ab

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CountTick$wsprintf
                                                                                                                • String ID: (:B$... %d%%$@A
                                                                                                                • API String ID: 551687249-3855023115
                                                                                                                • Opcode ID: fadbfff98126c3f33fc218ff52c7570f2bc54738a50a490896210387b9f65f46
                                                                                                                • Instruction ID: 2f86f0e091d903dd4c8dc1f0d7d1d97a23866136c8ad304ef4da6da149bc5d25
                                                                                                                • Opcode Fuzzy Hash: fadbfff98126c3f33fc218ff52c7570f2bc54738a50a490896210387b9f65f46
                                                                                                                • Instruction Fuzzy Hash: D2518D71801219EBDB10DF65DA44A9E7FB8EF08316F10817BE810B72E1C7789B44CBA9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004055FD Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 704 4055fd-405648 CreateDirectoryA 705 40564a-40564c 704->705 706 40564e-40565b GetLastError 704->706 707 405675-405677 705->707 706->707 708 40565d-405671 SetFileSecurityA 706->708 708->705 709 405673 GetLastError 708->709 709->707
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004055FD(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40837c;
				_v36.Group = 0x40837c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40836c;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                                                0x00405608
                                                                                                                0x0040560c
                                                                                                                0x0040560f
                                                                                                                0x00405615
                                                                                                                0x00405619
                                                                                                                0x0040561d
                                                                                                                0x00405625
                                                                                                                0x0040562c
                                                                                                                0x00405632
                                                                                                                0x00405639
                                                                                                                0x00405640
                                                                                                                0x00405648
                                                                                                                0x0040564a
                                                                                                                0x00000000
                                                                                                                0x0040564a
                                                                                                                0x00405654
                                                                                                                0x0040565b
                                                                                                                0x00405671
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405673
                                                                                                                0x00405677

                                                                                                                APIs
                                                                                                                • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405640
                                                                                                                • GetLastError.KERNEL32 ref: 00405654
                                                                                                                • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405669
                                                                                                                • GetLastError.KERNEL32 ref: 00405673
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405623
                                                                                                                • C:\Users\user\Desktop, xrefs: 004055FD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                                                                                • API String ID: 3449924974-1521822154
                                                                                                                • Opcode ID: 3f07113bbed92aa299f899006a5ac68722d9e9d13463f273e10feef126da3ab7
                                                                                                                • Instruction ID: eb9787142c6b7489d22a19a099e3bfbf20428df61be735a73e08cf58b85abbae
                                                                                                                • Opcode Fuzzy Hash: 3f07113bbed92aa299f899006a5ac68722d9e9d13463f273e10feef126da3ab7
                                                                                                                • Instruction Fuzzy Hash: 89010871C00219EAEF009FA1C904BEFBBB8EB14354F00847AD545B6290DB7996088FA9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040633A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 710 40633a-40635a GetSystemDirectoryA 711 40635c 710->711 712 40635e-406360 710->712 711->712 713 406370-406372 712->713 714 406362-40636a 712->714 715 406373-4063a5 wsprintfA LoadLibraryExA 713->715 714->713 716 40636c-40636e 714->716 716->715
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040633A(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                                                                                0x00406351
                                                                                                                0x0040635a
                                                                                                                0x0040635c
                                                                                                                0x0040635c
                                                                                                                0x00406360
                                                                                                                0x00406372
                                                                                                                0x0040636c
                                                                                                                0x0040636c
                                                                                                                0x0040636c
                                                                                                                0x00406376
                                                                                                                0x0040638a
                                                                                                                0x0040639e
                                                                                                                0x004063a5

                                                                                                                APIs
                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 00406351
                                                                                                                • wsprintfA.USER32 ref: 0040638A
                                                                                                                • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040639E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                • String ID: %s%s.dll$UXTHEME$\
                                                                                                                • API String ID: 2200240437-4240819195
                                                                                                                • Opcode ID: 99878a05f639d6717cee7e73d8174e66263622090e4b33b6bcde024c159c7dc8
                                                                                                                • Instruction ID: 4d0fdf3fe302aa3e605d302367287b0bc06203fc89102858e08200231af957cf
                                                                                                                • Opcode Fuzzy Hash: 99878a05f639d6717cee7e73d8174e66263622090e4b33b6bcde024c159c7dc8
                                                                                                                • Instruction Fuzzy Hash: 9EF0F670510609ABEB24AB74DD0DFEB366CAB08305F14057AAA86E11D1EA78D9358BDC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040206A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 717 40206a-402076 718 402131-402133 717->718 719 40207c-402092 call 402b2c * 2 717->719 720 4022a4-4022a9 call 401423 718->720 728 4020a1-4020af LoadLibraryExA 719->728 729 402094-40209f GetModuleHandleA 719->729 726 4029b8-4029c7 720->726 731 4020b1-4020be GetProcAddress 728->731 732 40212a-40212c 728->732 729->728 729->731 734 4020c0-4020c6 731->734 735 4020fd-402102 call 405137 731->735 732->720 736 4020c8-4020d4 call 401423 734->736 737 4020df-4020f3 734->737 740 402107-40210a 735->740 736->740 748 4020d6-4020dd 736->748 743 4020f8-4020fb 737->743 740->726 741 402110-402118 call 4037cd 740->741 741->726 747 40211e-402125 FreeLibrary 741->747 743->740 747->726 748->740
                                                                                                                C-Code - Quality: 60%
                                                                                                                			E0040206A(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x42f4d8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42f4a8 =  *0x42f4a8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402B2C(0xfffffff0);
				 *(_t34 + 8) = E00402B2C(1);
				if( *((intOrPtr*)(_t34 - 0x24)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00405137(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x2c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, "0x0000565B", 0x40b858, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x2c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x28)) == _t27 && E004037CD(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                0x0040206a
                                                                                                                0x0040206a
                                                                                                                0x0040206f
                                                                                                                0x00402076
                                                                                                                0x00402131
                                                                                                                0x004022a4
                                                                                                                0x004022a4
                                                                                                                0x004029b8
                                                                                                                0x004029bb
                                                                                                                0x004029c7
                                                                                                                0x004029c7
                                                                                                                0x00402085
                                                                                                                0x0040208f
                                                                                                                0x00402092
                                                                                                                0x004020a1
                                                                                                                0x004020a5
                                                                                                                0x004020ab
                                                                                                                0x004020af
                                                                                                                0x0040212a
                                                                                                                0x00000000
                                                                                                                0x0040212a
                                                                                                                0x004020b1
                                                                                                                0x004020ba
                                                                                                                0x004020be
                                                                                                                0x00402102
                                                                                                                0x004020c0
                                                                                                                0x004020c3
                                                                                                                0x004020c6
                                                                                                                0x004020f6
                                                                                                                0x004020c8
                                                                                                                0x004020cb
                                                                                                                0x004020d4
                                                                                                                0x004020d6
                                                                                                                0x004020d6
                                                                                                                0x004020d4
                                                                                                                0x004020c6
                                                                                                                0x0040210a
                                                                                                                0x0040211f
                                                                                                                0x0040211f
                                                                                                                0x00000000
                                                                                                                0x0040210a
                                                                                                                0x00402095
                                                                                                                0x0040209b
                                                                                                                0x0040209f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00402095
                                                                                                                  • Part of subcall function 00405137: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00000000,00423A28,766DEA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                                                                  • Part of subcall function 00405137: lstrlenA.KERNEL32(00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00000000,00423A28,766DEA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                                                                  • Part of subcall function 00405137: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00403156,00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00000000,00423A28,766DEA30), ref: 00405193
                                                                                                                  • Part of subcall function 00405137: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\), ref: 004051A5
                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004051CB
                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004051E5
                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32(?,00001013,?,00000000), ref: 004051F3
                                                                                                                • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020A5
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 004020B5
                                                                                                                • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040211F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                • String ID: 0x0000565B
                                                                                                                • API String ID: 2987980305-2500309308
                                                                                                                • Opcode ID: 532ce0de4b0eb58012e9db3c58e41f5788510b7f5f76953fa1d2d9dfe9513583
                                                                                                                • Instruction ID: 166643d80e3f452ca3a3677f95ea327ecca8534a485506fba34b2def260d9046
                                                                                                                • Opcode Fuzzy Hash: 532ce0de4b0eb58012e9db3c58e41f5788510b7f5f76953fa1d2d9dfe9513583
                                                                                                                • Instruction Fuzzy Hash: EA21C671900214ABCF217FA4CF89AAE7A74AF15318F20413BF601B62D0D6FD49829A5E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405BD8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 749 405bd8-405be2 750 405be3-405c0e GetTickCount GetTempFileNameA 749->750 751 405c10-405c12 750->751 752 405c1d-405c1f 750->752 751->750 754 405c14 751->754 753 405c17-405c1a 752->753 754->753
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405BD8(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3b4; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                                                                                                0x00405bdc
                                                                                                                0x00405be2
                                                                                                                0x00405be3
                                                                                                                0x00405be3
                                                                                                                0x00405be8
                                                                                                                0x00405be9
                                                                                                                0x00405bec
                                                                                                                0x00405bf6
                                                                                                                0x00405c03
                                                                                                                0x00405c06
                                                                                                                0x00405c0e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405c12
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405c14
                                                                                                                0x00000000
                                                                                                                0x00405c14
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetTickCount.KERNEL32 ref: 00405BEC
                                                                                                                • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000006,00000008,0000000A), ref: 00405C06
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BDB
                                                                                                                • nsa, xrefs: 00405BE3
                                                                                                                • "C:\Users\user\Desktop\SetupWIService.exe", xrefs: 00405BD8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                • String ID: "C:\Users\user\Desktop\SetupWIService.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                • API String ID: 1716503409-766695869
                                                                                                                • Opcode ID: 81a8a72dc23b4af90602e2553ee1124644ae594fa0167b908fb3a738e8e2aa10
                                                                                                                • Instruction ID: 7981c9ddf24778652055132877b92488972f9a5eb9cf132aa873dca7e4a118a1
                                                                                                                • Opcode Fuzzy Hash: 81a8a72dc23b4af90602e2553ee1124644ae594fa0167b908fb3a738e8e2aa10
                                                                                                                • Instruction Fuzzy Hash: 0FF082363183046BEB109F56DD04B9B7BA9DFD2750F14803BFA489B290D6B4A9548B58
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401D41 Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 755 401d41-401d45 756 401d54-401d58 GetDlgItem 755->756 757 401d47-401d52 call 402b0a 755->757 759 401d5e-401d87 756->759 757->759 761 401d91 759->761 762 401d89-401d8f call 402b2c 759->762 764 401d95-401de5 GetClientRect LoadImageA SendMessageA 761->764 762->764 766 4029b8-4029c7 764->766 767 401deb-401ded 764->767 767->766 768 401df3-401dfa DeleteObject 767->768 768->766
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E00401D41(int __edx) {
				struct HWND__* _t24;
				CHAR* _t30;
				long _t39;
				void* _t40;
				void* _t44;
				signed int _t46;
				int _t50;
				signed int _t53;
				void* _t57;

				_t48 = __edx;
				if(( *(_t57 - 0x2b) & 0x00000001) == 0) {
					_t24 = GetDlgItem( *(_t57 - 8), __edx);
				} else {
					_t24 = E00402B0A(1);
					 *(_t57 - 0x10) = _t48;
				}
				_t46 =  *(_t57 - 0x2c);
				 *(_t57 + 8) = _t24;
				 *(_t57 - 8) = _t46 >> 0x1f;
				_t50 = _t46 & 0x00000003;
				_t53 = _t46 & 0x00000004;
				 *(_t57 - 0x1c) = _t46 >> 0x0000001e & 0x00000001;
				if((_t46 & 0x00010000) == 0) {
					_t30 =  *(_t57 - 0x34) & 0x0000ffff;
				} else {
					_t30 = E00402B2C(_t44);
				}
				 *(_t57 - 0xc) = _t30;
				GetClientRect( *(_t57 + 8), _t57 - 0x58);
				asm("sbb esi, esi");
				_t39 = LoadImageA( ~_t53 &  *0x42f400,  *(_t57 - 0xc), _t50,  *(_t57 - 0x50) *  *(_t57 - 8),  *(_t57 - 0x4c) *  *(_t57 - 0x1c),  *(_t57 - 0x2c) & 0x0000fef0); // executed
				_t40 = SendMessageA( *(_t57 + 8), 0x172, _t50, _t39); // executed
				if(_t40 != _t44 && _t50 == _t44) {
					DeleteObject(_t40);
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t57 - 4));
				return 0;
			}












                                                                                                                0x00401d41
                                                                                                                0x00401d45
                                                                                                                0x00401d58
                                                                                                                0x00401d47
                                                                                                                0x00401d49
                                                                                                                0x00401d4f
                                                                                                                0x00401d4f
                                                                                                                0x00401d5e
                                                                                                                0x00401d61
                                                                                                                0x00401d6b
                                                                                                                0x00401d72
                                                                                                                0x00401d78
                                                                                                                0x00401d84
                                                                                                                0x00401d87
                                                                                                                0x00401d91
                                                                                                                0x00401d89
                                                                                                                0x00401d8a
                                                                                                                0x00401d8a
                                                                                                                0x00401d95
                                                                                                                0x00401d9f
                                                                                                                0x00401dc4
                                                                                                                0x00401dcd
                                                                                                                0x00401ddd
                                                                                                                0x00401de5
                                                                                                                0x00401df4
                                                                                                                0x00401df4
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 1849352358-0
                                                                                                                • Opcode ID: 00f1612270fd0f543acd8efcffc28e16e01318b1b3b826732ee9862bf9fbfd2f
                                                                                                                • Instruction ID: 7a7dd6c208c7a4d57f36c402fdb0fe657614a2e015b6db45afd3f1aca9992802
                                                                                                                • Opcode Fuzzy Hash: 00f1612270fd0f543acd8efcffc28e16e01318b1b3b826732ee9862bf9fbfd2f
                                                                                                                • Instruction Fuzzy Hash: 30215172E00109AFDB05DF98DE44AEEBBB9FB58310F10403AF945F62A1CB789941CB58
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401C0A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 59%
                                                                                                                			E00401C0A(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402B0A(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402B0A(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x20) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402B2C(0x33);
				}
				__eflags =  *(_t64 - 0x20) & 0x00000002;
				if(( *(_t64 - 0x20) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402B2C(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x38)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402B2C();
					_t32 = E00402B2C();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32); // executed
					goto L10;
				} else {
					_t61 = E00402B0A();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402B0A(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x20) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8)); // executed
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x34)) >= _t46) {
					_push( *(_t64 - 0xc));
					E00405F6E();
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                                                0x00401c0a
                                                                                                                0x00401c0c
                                                                                                                0x00401c13
                                                                                                                0x00401c16
                                                                                                                0x00401c19
                                                                                                                0x00401c23
                                                                                                                0x00401c27
                                                                                                                0x00401c2a
                                                                                                                0x00401c33
                                                                                                                0x00401c33
                                                                                                                0x00401c36
                                                                                                                0x00401c3a
                                                                                                                0x00401c43
                                                                                                                0x00401c43
                                                                                                                0x00401c46
                                                                                                                0x00401c4a
                                                                                                                0x00401c4c
                                                                                                                0x00401ca1
                                                                                                                0x00401ca3
                                                                                                                0x00401cac
                                                                                                                0x00401cb4
                                                                                                                0x00401cb7
                                                                                                                0x00401cb7
                                                                                                                0x00401cc0
                                                                                                                0x00000000
                                                                                                                0x00401c4e
                                                                                                                0x00401c55
                                                                                                                0x00401c57
                                                                                                                0x00401c5a
                                                                                                                0x00401c60
                                                                                                                0x00401c67
                                                                                                                0x00401c6a
                                                                                                                0x00401c92
                                                                                                                0x00401cc6
                                                                                                                0x00401cc6
                                                                                                                0x00401c6c
                                                                                                                0x00401c7a
                                                                                                                0x00401c82
                                                                                                                0x00401c85
                                                                                                                0x00401c85
                                                                                                                0x00401c6a
                                                                                                                0x00401cc9
                                                                                                                0x00401ccc
                                                                                                                0x00401cd2
                                                                                                                0x00402960
                                                                                                                0x00402960
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C7A
                                                                                                                • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C92
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                • String ID: !
                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                • Opcode ID: d1a5455d7aacc09bf912e97d7887ce2258fe7abf1a6a230a252a42dd7e2e40c1
                                                                                                                • Instruction ID: f2250e9d7a54984aac42e0f48c7b57cae310fb8b86675e6ff90c870375dfe4cb
                                                                                                                • Opcode Fuzzy Hash: d1a5455d7aacc09bf912e97d7887ce2258fe7abf1a6a230a252a42dd7e2e40c1
                                                                                                                • Instruction Fuzzy Hash: 4D216BB1944208BEEF06AFA4D98AAAD7FB5EB44304F10447EF501B61D1C7B88640DB18
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040243D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E0040243D(void* __eax, int __ebx, intOrPtr __edx, void* __eflags) {
				void* _t18;
				void* _t19;
				int _t22;
				long _t23;
				int _t28;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t35;
				void* _t37;
				void* _t40;

				_t40 = __eflags;
				_t31 = __edx;
				_t28 = __ebx;
				_t35 =  *((intOrPtr*)(_t37 - 0x24));
				_t32 = __eax;
				 *(_t37 - 0x10) =  *(_t37 - 0x20);
				 *(_t37 - 0x4c) = E00402B2C(2);
				_t18 = E00402B2C(0x11);
				 *(_t37 - 4) = 1;
				_t19 = E00402BBC(_t40, _t32, _t18, 2); // executed
				 *(_t37 + 8) = _t19;
				if(_t19 != __ebx) {
					_t22 = 0;
					if(_t35 == 1) {
						E00402B2C(0x23);
						_t22 = lstrlenA(0x40ac18) + 1;
					}
					if(_t35 == 4) {
						 *0x40ac18 = E00402B0A(3);
						 *((intOrPtr*)(_t37 - 0x44)) = _t31;
						_t22 = _t35;
					}
					if(_t35 == 3) {
						_t22 = E00402FFB( *((intOrPtr*)(_t37 - 0x28)), _t28, 0x40ac18, 0xc00);
					}
					_t23 = RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x4c), _t28,  *(_t37 - 0x10), 0x40ac18, _t22); // executed
					if(_t23 == 0) {
						 *(_t37 - 4) = _t28;
					}
					_push( *(_t37 + 8));
					RegCloseKey(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *(_t37 - 4);
				return 0;
			}













                                                                                                                0x0040243d
                                                                                                                0x0040243d
                                                                                                                0x0040243d
                                                                                                                0x0040243d
                                                                                                                0x00402440
                                                                                                                0x00402447
                                                                                                                0x00402451
                                                                                                                0x00402454
                                                                                                                0x0040245d
                                                                                                                0x00402464
                                                                                                                0x0040246b
                                                                                                                0x0040246e
                                                                                                                0x00402474
                                                                                                                0x0040247e
                                                                                                                0x00402482
                                                                                                                0x0040248d
                                                                                                                0x0040248d
                                                                                                                0x00402491
                                                                                                                0x0040249b
                                                                                                                0x004024a1
                                                                                                                0x004024a4
                                                                                                                0x004024a4
                                                                                                                0x004024a8
                                                                                                                0x004024b4
                                                                                                                0x004024b4
                                                                                                                0x004024c5
                                                                                                                0x004024cd
                                                                                                                0x004024cf
                                                                                                                0x004024cf
                                                                                                                0x004024d2
                                                                                                                0x004025a9
                                                                                                                0x004025a9
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nstFA32.tmp,00000023,00000011,00000002), ref: 00402488
                                                                                                                • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nstFA32.tmp,00000000,00000011,00000002), ref: 004024C5
                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nstFA32.tmp,00000000,00000011,00000002), ref: 004025A9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseValuelstrlen
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nstFA32.tmp
                                                                                                                • API String ID: 2655323295-4102880380
                                                                                                                • Opcode ID: f1dd4037575d159028695845c9c4be7eecc0a8903ea0084234afb2cd50fea4d1
                                                                                                                • Instruction ID: 559559637a649bcd28a1cc64439ef7fed2494afba8ff337a7fe29a68e97d1b61
                                                                                                                • Opcode Fuzzy Hash: f1dd4037575d159028695845c9c4be7eecc0a8903ea0084234afb2cd50fea4d1
                                                                                                                • Instruction Fuzzy Hash: 26115E71E00218AFEB01AFA58E49EAE7AB4EB48314F21443BF504B71C1D6F95D419B68
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405A96 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E00405A96(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00406010(0x42bc78, _a4);
				_t21 = E00405A41(0x42bc78);
				if(_t21 != 0) {
					E0040627A(_t21);
					if(( *0x42f41c & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x42bc78;
						while(1) {
							_t11 = lstrlenA(0x42bc78);
							_push(0x42bc78);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00406313();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E004059EF(0x42bc78);
								continue;
							} else {
								goto L1;
							}
						}
						E004059A8();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                                                0x00405aa2
                                                                                                                0x00405aad
                                                                                                                0x00405ab1
                                                                                                                0x00405ab8
                                                                                                                0x00405ac4
                                                                                                                0x00405ad0
                                                                                                                0x00405ad0
                                                                                                                0x00405ae8
                                                                                                                0x00405ae9
                                                                                                                0x00405af0
                                                                                                                0x00405af1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405ad4
                                                                                                                0x00405adb
                                                                                                                0x00405ae3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405adb
                                                                                                                0x00405af3
                                                                                                                0x00405af9
                                                                                                                0x00000000
                                                                                                                0x00405b07
                                                                                                                0x00405ac6
                                                                                                                0x00405aca
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405aca
                                                                                                                0x00405ab3
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00406010: lstrcpynA.KERNEL32(?,?,00000400,0040333D,Wildix Integration Service v3.11.3 Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040601D
                                                                                                                  • Part of subcall function 00405A41: CharNextA.USER32(?,?,C:\,?,00405AAD,C:\,C:\,766DFA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A4F
                                                                                                                  • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A54
                                                                                                                  • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A68
                                                                                                                • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,766DFA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405AE9
                                                                                                                • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,766DFA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,766DFA90,C:\Users\user\AppData\Local\Temp\), ref: 00405AF9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                                                                                • API String ID: 3248276644-1964270705
                                                                                                                • Opcode ID: a0e90dbc06f1550ade5f4dfcb0fddeac6c7db65a8ba4490088ce0944d0043635
                                                                                                                • Instruction ID: 19c9bca0149f7da3aa3ccb8fe98c792d35a3de88cc2685bd8f8020a319c38c36
                                                                                                                • Opcode Fuzzy Hash: a0e90dbc06f1550ade5f4dfcb0fddeac6c7db65a8ba4490088ce0944d0043635
                                                                                                                • Instruction Fuzzy Hash: 94F0F425305D6116DA22323A5D85AAF2A44CED632471A073BF852B12C3DB3C89439DFE
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402C2E Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E00402C2E(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				char _v272;
				void* _t19;
				signed int _t25;
				intOrPtr* _t27;
				signed int _t32;
				signed int _t33;
				signed int _t34;

				_t33 = _a12;
				_t34 = _t33 & 0x00000300;
				_t32 = _t33 & 0x00000001;
				_t19 = E00405E96(__eflags, _a4, _a8, _t34 | 0x00000008,  &_v8); // executed
				if(_t19 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _t32;
						if(__eflags != 0) {
							RegCloseKey(_v8);
							return 0x3eb;
						}
						_t25 = E00402C2E(__eflags, _v8,  &_v272, _a12);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E004063A8(3);
					if(_t27 == 0) {
						return RegDeleteKeyA(_a4, _a8);
					}
					return  *_t27(_a4, _a8, _t34, 0);
				}
				return _t19;
			}











                                                                                                                0x00402c39
                                                                                                                0x00402c42
                                                                                                                0x00402c4b
                                                                                                                0x00402c57
                                                                                                                0x00402c5e
                                                                                                                0x00402c82
                                                                                                                0x00402c68
                                                                                                                0x00402c6a
                                                                                                                0x00402cbd
                                                                                                                0x00000000
                                                                                                                0x00402cc3
                                                                                                                0x00402c79
                                                                                                                0x00402c7e
                                                                                                                0x00402c80
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402c80
                                                                                                                0x00402c9c
                                                                                                                0x00402ca4
                                                                                                                0x00402cab
                                                                                                                0x00000000
                                                                                                                0x00402cd0
                                                                                                                0x00000000
                                                                                                                0x00402cb6
                                                                                                                0x00402cda

                                                                                                                APIs
                                                                                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402C93
                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402C9C
                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402CBD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Close$Enum
                                                                                                                • String ID:
                                                                                                                • API String ID: 464197530-0
                                                                                                                • Opcode ID: effb832a44eae474ef75c518ed00afd6638a3a1b55d5a88c518eff5d822b0912
                                                                                                                • Instruction ID: 2c23bb11d6ae01cf130d195ddd5538b48d854d6e1d77fd04796d14e07e1bb179
                                                                                                                • Opcode Fuzzy Hash: effb832a44eae474ef75c518ed00afd6638a3a1b55d5a88c518eff5d822b0912
                                                                                                                • Instruction Fuzzy Hash: 70116A32504109FBEF129F90DF09B9E7B6DEB54340F204036BD45B61E0E7B59E15ABA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 87%
                                                                                                                			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402B2C(0xfffffff0);
				_t13 = E00405A41(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E004059D3(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E0040567A(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x2c)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x2c)) == _t26 || E00405697(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E004055FD(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x30)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406010("C:\\Program Files\\Wildix\\WIService", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                                                                                0x004015bb
                                                                                                                0x004015c2
                                                                                                                0x004015c5
                                                                                                                0x004015ca
                                                                                                                0x004015ce
                                                                                                                0x004015d0
                                                                                                                0x004015d8
                                                                                                                0x004015da
                                                                                                                0x004015dc
                                                                                                                0x004015e0
                                                                                                                0x004015e3
                                                                                                                0x004015fb
                                                                                                                0x004015fc
                                                                                                                0x004015e5
                                                                                                                0x004015e5
                                                                                                                0x004015e8
                                                                                                                0x00000000
                                                                                                                0x004015f3
                                                                                                                0x004015f4
                                                                                                                0x004015f4
                                                                                                                0x004015e8
                                                                                                                0x00401603
                                                                                                                0x0040160a
                                                                                                                0x00401617
                                                                                                                0x00401617
                                                                                                                0x0040160c
                                                                                                                0x0040160d
                                                                                                                0x00401615
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401615
                                                                                                                0x0040160a
                                                                                                                0x0040161a
                                                                                                                0x0040161d
                                                                                                                0x0040161f
                                                                                                                0x00401620
                                                                                                                0x004015d0
                                                                                                                0x00401627
                                                                                                                0x00401652
                                                                                                                0x004022a4
                                                                                                                0x00401629
                                                                                                                0x0040162b
                                                                                                                0x00401636
                                                                                                                0x0040163c
                                                                                                                0x00401644
                                                                                                                0x0040164a
                                                                                                                0x0040164a
                                                                                                                0x00401644
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405A41: CharNextA.USER32(?,?,C:\,?,00405AAD,C:\,C:\,766DFA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A4F
                                                                                                                  • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A54
                                                                                                                  • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A68
                                                                                                                • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                                                                                  • Part of subcall function 004055FD: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405640
                                                                                                                • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Program Files\Wildix\WIService,00000000,00000000,000000F0), ref: 0040163C
                                                                                                                Strings
                                                                                                                • C:\Program Files\Wildix\WIService, xrefs: 00401631
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                • String ID: C:\Program Files\Wildix\WIService
                                                                                                                • API String ID: 1892508949-2436880260
                                                                                                                • Opcode ID: 08a3087bb2a30077ba34e7e92968e352eff6a2b7baf1aa2c3a4ea80dfe544a50
                                                                                                                • Instruction ID: 1afb8a6b6fc663fc0b529d5452f3d1f5a7876e1f873962654dbae4e79628cbca
                                                                                                                • Opcode Fuzzy Hash: 08a3087bb2a30077ba34e7e92968e352eff6a2b7baf1aa2c3a4ea80dfe544a50
                                                                                                                • Instruction Fuzzy Hash: 08112731508141EBCB217FB54D41A7F36B4AE96324F68093FE4D1B22E2D63D4842AA2F
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401EC3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 69%
                                                                                                                			E00401EC3(void* __ecx, void* __eflags) {
				intOrPtr _t20;
				void* _t39;
				void* _t42;
				void* _t47;

				_t42 = __ecx;
				_t45 = E00402B2C(_t39);
				_t20 = E00402B2C(0x31);
				_t43 = E00402B2C(0x22);
				E00402B2C(0x15);
				E00401423(0xffffffec);
				 *(_t47 - 0x80) =  *(_t47 - 0x24);
				 *((intOrPtr*)(_t47 - 0x7c)) =  *((intOrPtr*)(_t47 - 8));
				 *((intOrPtr*)(_t47 - 0x68)) =  *((intOrPtr*)(_t47 - 0x28));
				asm("sbb eax, eax");
				 *((intOrPtr*)(_t47 - 0x74)) = _t20;
				 *(_t47 - 0x78) =  ~( *_t19) & _t45;
				asm("sbb eax, eax");
				 *(_t47 - 0x6c) = "C:\\Program Files\\Wildix\\WIService";
				 *(_t47 - 0x70) =  ~( *_t21) & _t43;
				if(E004056F2(_t47 - 0x84) == 0) {
					 *((intOrPtr*)(_t47 - 4)) = 1;
				} else {
					if(( *(_t47 - 0x80) & 0x00000040) != 0) {
						E0040641D(_t42,  *((intOrPtr*)(_t47 - 0x4c)));
						_push( *((intOrPtr*)(_t47 - 0x4c)));
						FindCloseChangeNotification(); // executed
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t47 - 4));
				return 0;
			}







                                                                                                                0x00401ec3
                                                                                                                0x00401ecb
                                                                                                                0x00401ecd
                                                                                                                0x00401edd
                                                                                                                0x00401edf
                                                                                                                0x00401ee6
                                                                                                                0x00401eee
                                                                                                                0x00401ef4
                                                                                                                0x00401efa
                                                                                                                0x00401f01
                                                                                                                0x00401f03
                                                                                                                0x00401f08
                                                                                                                0x00401f0f
                                                                                                                0x00401f11
                                                                                                                0x00401f1a
                                                                                                                0x00401f2b
                                                                                                                0x00402783
                                                                                                                0x00401f31
                                                                                                                0x00401f35
                                                                                                                0x00401f3e
                                                                                                                0x00401f43
                                                                                                                0x00401f8d
                                                                                                                0x00401f8d
                                                                                                                0x00401f35
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                  • Part of subcall function 004056F2: ShellExecuteExA.SHELL32(?,004044E5,?), ref: 00405701
                                                                                                                  • Part of subcall function 0040641D: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040642E
                                                                                                                  • Part of subcall function 0040641D: GetExitCodeProcess.KERNELBASE ref: 00406450
                                                                                                                • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401F8D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ChangeCloseCodeExecuteExitFindNotificationObjectProcessShellSingleWait
                                                                                                                • String ID: @$C:\Program Files\Wildix\WIService
                                                                                                                • API String ID: 4215836453-3745962701
                                                                                                                • Opcode ID: cf3c511861800785f352644d97d65b582d51a86a7b2ce5ffa791d17948a500f0
                                                                                                                • Instruction ID: 577b900a760e5ca89da3760b6b8950c99b83f280e087cd582299b2594771d0cd
                                                                                                                • Opcode Fuzzy Hash: cf3c511861800785f352644d97d65b582d51a86a7b2ce5ffa791d17948a500f0
                                                                                                                • Instruction Fuzzy Hash: 66113D71E042049ACB11EFB98A45A8DBFF4AF08314F64057BE450F72C2D7B88805DF18
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405EF7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E00405EF7(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x400;
				_t21 = E00405E96(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8); // executed
					_t21 = RegCloseKey(_a20); // executed
					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                                                0x00405f05
                                                                                                                0x00405f07
                                                                                                                0x00405f1f
                                                                                                                0x00405f24
                                                                                                                0x00405f29
                                                                                                                0x00405f66
                                                                                                                0x00405f66
                                                                                                                0x00405f2b
                                                                                                                0x00405f3d
                                                                                                                0x00405f48
                                                                                                                0x00405f4e
                                                                                                                0x00405f58
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405f58
                                                                                                                0x00405f6b

                                                                                                                APIs
                                                                                                                • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,00000400,Remove folder: ,?,?,?,?,00000002,Remove folder: ,?,0040613B,80000002), ref: 00405F3D
                                                                                                                • RegCloseKey.KERNELBASE(?,?,0040613B,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,?,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\), ref: 00405F48
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseQueryValue
                                                                                                                • String ID: Remove folder:
                                                                                                                • API String ID: 3356406503-1958208860
                                                                                                                • Opcode ID: 074503bd4819f587f33d8f4257f8029770edcc3592d90d126d241b317bef6944
                                                                                                                • Instruction ID: 2ff6a7a209fcbf00177f68e0cac6a7fed3d2e9df1b1dc864ec66af95abe17f1f
                                                                                                                • Opcode Fuzzy Hash: 074503bd4819f587f33d8f4257f8029770edcc3592d90d126d241b317bef6944
                                                                                                                • Instruction Fuzzy Hash: 63017C7250060AABDF228F61CD09FDB3FA8EF59364F04403AF955E2190D2B8DA54CFA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004056AF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004056AF(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x42c078->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x42c078,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                0x004056b8
                                                                                                                0x004056d8
                                                                                                                0x004056e0
                                                                                                                0x004056e5
                                                                                                                0x00000000
                                                                                                                0x004056eb
                                                                                                                0x004056ef

                                                                                                                APIs
                                                                                                                • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C078,Error launching installer), ref: 004056D8
                                                                                                                • CloseHandle.KERNEL32(?), ref: 004056E5
                                                                                                                Strings
                                                                                                                • Error launching installer, xrefs: 004056C2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                • String ID: Error launching installer
                                                                                                                • API String ID: 3712363035-66219284
                                                                                                                • Opcode ID: a2b9ecb8406674d5a7d1aded78611502900df459338db245270d40db8d5eaf79
                                                                                                                • Instruction ID: d682804100e664e073205113f6b11307167482a28e2818ee20dd6d85df95f7a7
                                                                                                                • Opcode Fuzzy Hash: a2b9ecb8406674d5a7d1aded78611502900df459338db245270d40db8d5eaf79
                                                                                                                • Instruction Fuzzy Hash: CFE046F0640209BFEB109FA0EE49F7F7AADEB00704F404521BD00F2190EA7498088A7C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403798 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00403798() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x429834; // 0x0
				_t3 = E0040377D(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8)); // executed
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x429834 =  *0x429834 & 0x00000000;
				return _t3;
			}







                                                                                                                0x00403799
                                                                                                                0x004037a1
                                                                                                                0x004037a8
                                                                                                                0x004037ab
                                                                                                                0x004037ab
                                                                                                                0x004037ad
                                                                                                                0x004037b2
                                                                                                                0x004037b9
                                                                                                                0x004037bf
                                                                                                                0x004037c3
                                                                                                                0x004037c4
                                                                                                                0x004037cc

                                                                                                                APIs
                                                                                                                • FreeLibrary.KERNELBASE(?,766DFA90,00000000,C:\Users\user\AppData\Local\Temp\,00403770,0040358A,?,?,00000006,00000008,0000000A), ref: 004037B2
                                                                                                                • GlobalFree.KERNEL32 ref: 004037B9
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00403798
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Free$GlobalLibrary
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                • API String ID: 1100898210-823278215
                                                                                                                • Opcode ID: 248c780681ff10c09d9810c58c710ba8abcca500869ff380da07a7f320702544
                                                                                                                • Instruction ID: 06ba742c3ad1fb67bc09d12af4c86e1058789e05b1a36190638fabe2eea0851a
                                                                                                                • Opcode Fuzzy Hash: 248c780681ff10c09d9810c58c710ba8abcca500869ff380da07a7f320702544
                                                                                                                • Instruction Fuzzy Hash: EAE0C27352212097C7312F15EE04B1AB7A86F86F22F09403AE8407B2A087741C438BCC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401B63 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 59%
                                                                                                                			E00401B63(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x2c));
				_t30 =  *0x40b858; // 0x6c4b88
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x404); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E00406032(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x34)));
						_t11 =  *0x40b858; // 0x6c4b88
						 *_t34 = _t11;
						 *0x40b858 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x6c4b8c
							E00406010(_t33, _t2);
							_push(_t30);
							 *0x40b858 =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								E00406010(0x40a418, _t30 + 4);
								_t21 =  *0x40b858; // 0x6c4b88
								E00406010(_t32, _t21 + 4);
								_t24 =  *0x40b858; // 0x6c4b88
								_push(0x40a418);
								_push(_t24 + 4);
								E00406010();
								L15:
								 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E00406032(_t27, _t30, _t33, _t27, 0xffffffe8));
					E0040572C();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}













                                                                                                                0x00401b63
                                                                                                                0x00401b63
                                                                                                                0x00401b66
                                                                                                                0x00401b6e
                                                                                                                0x00401bb6
                                                                                                                0x00401be4
                                                                                                                0x00401bed
                                                                                                                0x00401bef
                                                                                                                0x00401bf3
                                                                                                                0x00401bf8
                                                                                                                0x00401bfd
                                                                                                                0x00401bff
                                                                                                                0x00401bb8
                                                                                                                0x00401bba
                                                                                                                0x00402783
                                                                                                                0x00401bc0
                                                                                                                0x00401bc0
                                                                                                                0x00401bc5
                                                                                                                0x00401bcc
                                                                                                                0x00401bcd
                                                                                                                0x00401bd2
                                                                                                                0x00401bd2
                                                                                                                0x00401bba
                                                                                                                0x00000000
                                                                                                                0x00401b70
                                                                                                                0x00401b70
                                                                                                                0x00401b70
                                                                                                                0x00401b73
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401b79
                                                                                                                0x00401b7d
                                                                                                                0x00000000
                                                                                                                0x00401b7f
                                                                                                                0x00401b81
                                                                                                                0x00000000
                                                                                                                0x00401b87
                                                                                                                0x00401b87
                                                                                                                0x00401b91
                                                                                                                0x00401b96
                                                                                                                0x00401ba0
                                                                                                                0x00401ba5
                                                                                                                0x00401baa
                                                                                                                0x00401bae
                                                                                                                0x004028d6
                                                                                                                0x004029b8
                                                                                                                0x004029bb
                                                                                                                0x004029c1
                                                                                                                0x004029c1
                                                                                                                0x00401b81
                                                                                                                0x00000000
                                                                                                                0x00401b7d
                                                                                                                0x0040233b
                                                                                                                0x00402348
                                                                                                                0x00402349
                                                                                                                0x0040234e
                                                                                                                0x0040234e
                                                                                                                0x004029c3
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • GlobalFree.KERNEL32 ref: 00401BD2
                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401BE4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$AllocFree
                                                                                                                • String ID: Call
                                                                                                                • API String ID: 3394109436-1824292864
                                                                                                                • Opcode ID: 6d7ff2a269b29df243dac5a31b31c390212993cd2cb387205d16563d3155f2c3
                                                                                                                • Instruction ID: d4b557a109d17d81ab43e8b3f8c0bc9708487bd5a7f62e569783b32eaae16c6e
                                                                                                                • Opcode Fuzzy Hash: 6d7ff2a269b29df243dac5a31b31c390212993cd2cb387205d16563d3155f2c3
                                                                                                                • Instruction Fuzzy Hash: 8D2193B2640140ABC710FFA8DA88A5E73ADEB44314B21843BF142F72D1D77899919B9D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040254C Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E0040254C(int* __ebx, intOrPtr __edx, char* __esi) {
				void* _t9;
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				void* _t22;
				char* _t24;
				void* _t26;
				void* _t29;

				_t24 = __esi;
				_t21 = __edx;
				_t16 = __ebx;
				_t9 = E00402B6C(_t29, 0x20019); // executed
				_t22 = _t9;
				_t10 = E00402B0A(3);
				 *((intOrPtr*)(_t26 - 0x10)) = _t21;
				 *__esi = __ebx;
				if(_t22 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x24)) == __ebx) {
						_t13 = RegEnumValueA(_t22, _t10, __esi, _t26 + 8, __ebx, __ebx, __ebx, __ebx); // executed
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyA(_t22, _t10, __esi, 0x3ff);
					}
					_t24[0x3ff] = _t16;
					_push(_t22); // executed
					RegCloseKey(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}












                                                                                                                0x0040254c
                                                                                                                0x0040254c
                                                                                                                0x0040254c
                                                                                                                0x00402551
                                                                                                                0x00402558
                                                                                                                0x0040255a
                                                                                                                0x00402562
                                                                                                                0x00402565
                                                                                                                0x00402567
                                                                                                                0x00402783
                                                                                                                0x0040256d
                                                                                                                0x00402575
                                                                                                                0x00402578
                                                                                                                0x00402591
                                                                                                                0x00402597
                                                                                                                0x00402599
                                                                                                                0x0040259b
                                                                                                                0x0040259b
                                                                                                                0x0040257a
                                                                                                                0x0040257e
                                                                                                                0x0040257e
                                                                                                                0x004025a2
                                                                                                                0x004025a8
                                                                                                                0x004025a9
                                                                                                                0x004025a9
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 0040257E
                                                                                                                • RegEnumValueA.KERNELBASE ref: 00402591
                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nstFA32.tmp,00000000,00000011,00000002), ref: 004025A9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Enum$CloseValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 397863658-0
                                                                                                                • Opcode ID: 37e738cec324d61a2f70768af6b191aeff6b55d76fe7f4a5df61323c4f48b18c
                                                                                                                • Instruction ID: 759f5540e81814690deb71b34766d19dbbd7be08400e999f0e3afb18397e9514
                                                                                                                • Opcode Fuzzy Hash: 37e738cec324d61a2f70768af6b191aeff6b55d76fe7f4a5df61323c4f48b18c
                                                                                                                • Instruction Fuzzy Hash: 7501BCB1A01205FFE7119F699E89ABF7ABCEB40344F10003EF442B62C0D6F84E049669
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405790 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 41%
                                                                                                                			E00405790(void* __eflags, CHAR* _a4, signed int _a8) {
				int _t9;
				long _t13;
				CHAR* _t14;

				_t14 = _a4;
				_t13 = E00405B84(_t14);
				if(_t13 == 0xffffffff) {
					L8:
					return 0;
				}
				_push(_t14);
				if((_a8 & 0x00000001) == 0) {
					_t9 = DeleteFileA(); // executed
				} else {
					_t9 = RemoveDirectoryA(); // executed
				}
				if(_t9 == 0) {
					if((_a8 & 0x00000004) == 0) {
						SetFileAttributesA(_t14, _t13);
					}
					goto L8;
				} else {
					return 1;
				}
			}






                                                                                                                0x00405791
                                                                                                                0x0040579c
                                                                                                                0x004057a1
                                                                                                                0x004057d1
                                                                                                                0x00000000
                                                                                                                0x004057d1
                                                                                                                0x004057a8
                                                                                                                0x004057a9
                                                                                                                0x004057b3
                                                                                                                0x004057ab
                                                                                                                0x004057ab
                                                                                                                0x004057ab
                                                                                                                0x004057bb
                                                                                                                0x004057c7
                                                                                                                0x004057cb
                                                                                                                0x004057cb
                                                                                                                0x00000000
                                                                                                                0x004057bd
                                                                                                                0x00000000
                                                                                                                0x004057bf

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405B84: GetFileAttributesA.KERNELBASE(?,?,0040579C,?,?,00000000,0040597F,?,?,?,?), ref: 00405B89
                                                                                                                  • Part of subcall function 00405B84: SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405B9D
                                                                                                                • RemoveDirectoryA.KERNELBASE(?,?,?,00000000,0040597F), ref: 004057AB
                                                                                                                • DeleteFileA.KERNELBASE(?,?,?,00000000,0040597F), ref: 004057B3
                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 004057CB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                • String ID:
                                                                                                                • API String ID: 1655745494-0
                                                                                                                • Opcode ID: 1b58439dbc4d5c75e8d4a1b60800a1a05f091bf10d9841f58e7402e1275724a5
                                                                                                                • Instruction ID: 506f0000beea922c53fa0ef56bc3bb9d2703a559d1119bf8978eeb103538cabb
                                                                                                                • Opcode Fuzzy Hash: 1b58439dbc4d5c75e8d4a1b60800a1a05f091bf10d9841f58e7402e1275724a5
                                                                                                                • Instruction Fuzzy Hash: 6CE0E531115AA197D61057308E0CB5B3AA8DF86328F19093BF992B31D0C7784446DA7E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040641D Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040641D(void* __ecx, void* _a4) {
				long _v8;
				long _t6;

				_t6 = WaitForSingleObject(_a4, 0x64);
				while(_t6 == 0x102) {
					E004063E4(0xf);
					_t6 = WaitForSingleObject(_a4, 0x64);
				}
				GetExitCodeProcess(_a4,  &_v8); // executed
				return _v8;
			}





                                                                                                                0x0040642e
                                                                                                                0x00406445
                                                                                                                0x00406439
                                                                                                                0x00406443
                                                                                                                0x00406443
                                                                                                                0x00406450
                                                                                                                0x0040645c

                                                                                                                APIs
                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064), ref: 0040642E
                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406443
                                                                                                                • GetExitCodeProcess.KERNELBASE ref: 00406450
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ObjectSingleWait$CodeExitProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 2567322000-0
                                                                                                                • Opcode ID: ba1f5f7b1c079a3fea216180ff6ccd943cd28908d0f0f38788cddc90b9a261d1
                                                                                                                • Instruction ID: 6f56b437189419413ec573bccc3706163814273e018c7f0254a54b1a0f200d97
                                                                                                                • Opcode Fuzzy Hash: ba1f5f7b1c079a3fea216180ff6ccd943cd28908d0f0f38788cddc90b9a261d1
                                                                                                                • Instruction Fuzzy Hash: 20E09271600118BBDB009B44CD06E9E7B6EDB44704F118037BA01B6191D7B59E21AAA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404077 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00404077(int _a4) {
				long _t3;

				if(_a4 == 0x78) {
					 *0x42ebcc =  *0x42ebcc + 1;
				}
				_t3 = SendMessageA( *0x42f408, 0x408, _a4, 0); // executed
				return _t3;
			}




                                                                                                                0x0040407c
                                                                                                                0x0040407e
                                                                                                                0x0040407e
                                                                                                                0x00404095
                                                                                                                0x0040409b

                                                                                                                APIs
                                                                                                                • SendMessageA.USER32(00000408,?,00000000,00403CD8), ref: 00404095
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID: x
                                                                                                                • API String ID: 3850602802-2363233923
                                                                                                                • Opcode ID: d0add7324732fce91589cd8bfabcb93b1107eecee7d8e80373a82594021fe62f
                                                                                                                • Instruction ID: 6e6e0ac04f30e7c890d5ef3c8d8e3b01949096d6229b6743b87dfda34c58e9b9
                                                                                                                • Opcode Fuzzy Hash: d0add7324732fce91589cd8bfabcb93b1107eecee7d8e80373a82594021fe62f
                                                                                                                • Instruction Fuzzy Hash: BBC012B1244202AADB209B01DF04F167A30BBA0702F60803DF791210B186701422DF1C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004024DA Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E004024DA(int* __ebx, char* __esi) {
				void* _t17;
				char* _t18;
				long _t21;
				void* _t33;
				void* _t37;
				void* _t40;

				_t35 = __esi;
				_t27 = __ebx;
				_t17 = E00402B6C(_t40, 0x20019); // executed
				_t33 = _t17;
				_t18 = E00402B2C(0x33);
				 *__esi = __ebx;
				if(_t33 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x10) = 0x400;
					_t21 = RegQueryValueExA(_t33, _t18, __ebx, _t37 + 8, __esi, _t37 - 0x10); // executed
					if(_t21 != 0) {
						L7:
						 *_t35 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x24) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x24) == __ebx;
							E00405F6E(__esi,  *__esi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x24);
								_t35[0x3ff] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t33); // executed
					RegCloseKey(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *(_t37 - 4);
				return 0;
			}









                                                                                                                0x004024da
                                                                                                                0x004024da
                                                                                                                0x004024df
                                                                                                                0x004024e6
                                                                                                                0x004024e8
                                                                                                                0x004024ef
                                                                                                                0x004024f1
                                                                                                                0x00402783
                                                                                                                0x004024f7
                                                                                                                0x004024fa
                                                                                                                0x0040250a
                                                                                                                0x00402515
                                                                                                                0x00402545
                                                                                                                0x00402545
                                                                                                                0x00402547
                                                                                                                0x00402517
                                                                                                                0x0040251b
                                                                                                                0x00402534
                                                                                                                0x0040253b
                                                                                                                0x0040253e
                                                                                                                0x0040251d
                                                                                                                0x00402520
                                                                                                                0x0040252b
                                                                                                                0x004025a2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402520
                                                                                                                0x0040251b
                                                                                                                0x004025a8
                                                                                                                0x004025a9
                                                                                                                0x004025a9
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • RegQueryValueExA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040250A
                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nstFA32.tmp,00000000,00000011,00000002), ref: 004025A9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseQueryValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3356406503-0
                                                                                                                • Opcode ID: a37d31d288198b64adb47b8aa86d19c7af9168ca8919097579984168ba4b2254
                                                                                                                • Instruction ID: 8c7c89e59df7b4709da067e0fd7ec9be99446db0afc11a297a964fac99c2b4a6
                                                                                                                • Opcode Fuzzy Hash: a37d31d288198b64adb47b8aa86d19c7af9168ca8919097579984168ba4b2254
                                                                                                                • Instruction Fuzzy Hash: E5116A71901205EEDB11CF64CA599AEBAB4AB19348F60447FE042B62C0D6B88A45DB6D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 59%
                                                                                                                			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42f450;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42ebec =  *0x42ebec + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42ebec, 0x7530,  *0x42ebd4), 0); // executed
					}
				}
				return 0;
			}











                                                                                                                0x0040138a
                                                                                                                0x004013fa
                                                                                                                0x0040139b
                                                                                                                0x004013a0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004013a2
                                                                                                                0x004013a3
                                                                                                                0x004013ad
                                                                                                                0x00000000
                                                                                                                0x00401404
                                                                                                                0x004013b0
                                                                                                                0x004013b7
                                                                                                                0x004013bd
                                                                                                                0x004013be
                                                                                                                0x004013c0
                                                                                                                0x004013c2
                                                                                                                0x004013b9
                                                                                                                0x004013b9
                                                                                                                0x004013ba
                                                                                                                0x004013ba
                                                                                                                0x004013c9
                                                                                                                0x004013cb
                                                                                                                0x004013f4
                                                                                                                0x004013f4
                                                                                                                0x004013c9
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: 3ffebd5fca59fb87aab51f7597ede924ce92eaed1a0ec0a619fe9c5b1ad01a7d
                                                                                                                • Instruction ID: 5ed4d9c38c73c282456bb639181f16eab54b9a7fb1a82fe129ff52a3f74c88ba
                                                                                                                • Opcode Fuzzy Hash: 3ffebd5fca59fb87aab51f7597ede924ce92eaed1a0ec0a619fe9c5b1ad01a7d
                                                                                                                • Instruction Fuzzy Hash: B101F4317242109BE7199B399D04B6A3698E710719F54823FF852F61F1D678EC028B4C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004023E8 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004023E8(void* __ebx, void* __edx) {
				long _t6;
				void* _t9;
				long _t11;
				void* _t13;
				long _t18;
				void* _t20;
				void* _t22;
				void* _t23;

				_t13 = __ebx;
				_t26 =  *(_t23 - 0x24) - __ebx;
				_t20 = __edx;
				if( *(_t23 - 0x24) != __ebx) {
					_t6 = E00402BEA(_t20, E00402B2C(0x22),  *(_t23 - 0x24) >> 1); // executed
					_t18 = _t6;
					goto L4;
				} else {
					_t9 = E00402B6C(_t26, 2); // executed
					_t22 = _t9;
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t11 = RegDeleteValueA(_t22, E00402B2C(0x33)); // executed
						_t18 = _t11; // executed
						RegCloseKey(_t22); // executed
						L4:
						if(_t18 != _t13) {
							goto L6;
						}
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}











                                                                                                                0x004023e8
                                                                                                                0x004023e8
                                                                                                                0x004023eb
                                                                                                                0x004023ed
                                                                                                                0x00402429
                                                                                                                0x0040242e
                                                                                                                0x00000000
                                                                                                                0x004023ef
                                                                                                                0x004023f1
                                                                                                                0x004023f6
                                                                                                                0x004023fa
                                                                                                                0x00402783
                                                                                                                0x00402783
                                                                                                                0x00402400
                                                                                                                0x00402409
                                                                                                                0x00402410
                                                                                                                0x00402412
                                                                                                                0x00402430
                                                                                                                0x00402432
                                                                                                                0x00000000
                                                                                                                0x00402438
                                                                                                                0x00402432
                                                                                                                0x004023fa
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • RegDeleteValueA.KERNELBASE(00000000,00000000,00000033), ref: 00402409
                                                                                                                • RegCloseKey.KERNELBASE(00000000), ref: 00402412
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseDeleteValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 2831762973-0
                                                                                                                • Opcode ID: e7d8a32b6411c19df594e44ef8f442ab4c5114c567b1e7e96baca4bbbe39ce49
                                                                                                                • Instruction ID: 992cd2d97de9e3103286cc81bf95427654d5587fd7cb6228862516595ad29640
                                                                                                                • Opcode Fuzzy Hash: e7d8a32b6411c19df594e44ef8f442ab4c5114c567b1e7e96baca4bbbe39ce49
                                                                                                                • Instruction Fuzzy Hash: 17F0BB32A00120ABD701AFB89B4DBAE72B9DB54314F15017FF502B72C1D5F85E01876D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405209 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 50%
                                                                                                                			E00405209(signed int __eax) {
				intOrPtr _v0;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t12;

				_t11 =  *0x42f448;
				_t10 =  *0x42f44c;
				__imp__OleInitialize(0);
				 *0x42f4d8 =  *0x42f4d8 | __eax;
				E004040EA(0);
				if(_t10 != 0) {
					_t12 = _t11 + 0xc;
					while(1) {
						_t10 = _t10 - 1;
						if(( *(_t12 - 4) & 0x00000001) != 0 && E00401389( *_t12, _v0) != 0) {
							break;
						}
						_t12 = _t12 + 0x418;
						if(_t10 != 0) {
							continue;
						} else {
						}
						goto L7;
					}
					 *0x42f4ac =  *0x42f4ac + 1;
				}
				L7:
				E004040EA(0x404); // executed
				__imp__OleUninitialize(); // executed
				return  *0x42f4ac;
			}







                                                                                                                0x0040520a
                                                                                                                0x00405211
                                                                                                                0x00405219
                                                                                                                0x0040521f
                                                                                                                0x00405227
                                                                                                                0x0040522e
                                                                                                                0x00405230
                                                                                                                0x00405233
                                                                                                                0x00405233
                                                                                                                0x00405238
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405249
                                                                                                                0x00405251
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405253
                                                                                                                0x00000000
                                                                                                                0x00405251
                                                                                                                0x00405255
                                                                                                                0x00405255
                                                                                                                0x0040525b
                                                                                                                0x00405260
                                                                                                                0x00405265
                                                                                                                0x00405272

                                                                                                                APIs
                                                                                                                • OleInitialize.OLE32(00000000), ref: 00405219
                                                                                                                  • Part of subcall function 004040EA: SendMessageA.USER32(001000FA,00000000,00000000,00000000), ref: 004040FC
                                                                                                                • OleUninitialize.OLE32(00000404,00000000), ref: 00405265
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeMessageSendUninitialize
                                                                                                                • String ID:
                                                                                                                • API String ID: 2896919175-0
                                                                                                                • Opcode ID: ff5a6a7b65a814117e5c60406d4b68c11f41b4a06df9feb66e55404f69fd7fd5
                                                                                                                • Instruction ID: 9a3391529ab878983223843ca161e5b6bea3d4eac8d78fefe4e57b08d02bc963
                                                                                                                • Opcode Fuzzy Hash: ff5a6a7b65a814117e5c60406d4b68c11f41b4a06df9feb66e55404f69fd7fd5
                                                                                                                • Instruction Fuzzy Hash: 7CF02E76600A009BE7607B419D00B2773B0EFE4304F89407EEF84B32E0C6B4480A8E2D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401E8F Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 00401EAD
                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 00401EB8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$EnableShow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1136574915-0
                                                                                                                • Opcode ID: 60579c61b8fc3e92e0b20083f3f7482ea71f5cfdf734f7dc30cff7867d3a32c3
                                                                                                                • Instruction ID: 7fbf7b0d0ba3701f7dde453fb78fdd8a50fc9e37effb985a404cedd6fc5a31c1
                                                                                                                • Opcode Fuzzy Hash: 60579c61b8fc3e92e0b20083f3f7482ea71f5cfdf734f7dc30cff7867d3a32c3
                                                                                                                • Instruction Fuzzy Hash: 72E09272A04210DFD705DFA8AA849AE73B4FB40325F10093BE102F11C1C7B44840866C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004063A8 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004063A8(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a240);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a240));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a244));
				}
				_t5 = E0040633A(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                                                0x004063b0
                                                                                                                0x004063b3
                                                                                                                0x004063ba
                                                                                                                0x004063c2
                                                                                                                0x004063ce
                                                                                                                0x00000000
                                                                                                                0x004063d5
                                                                                                                0x004063c5
                                                                                                                0x004063cc
                                                                                                                0x00000000
                                                                                                                0x004063dd
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(?,?,?,004032DE,0000000A), ref: 004063BA
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 004063D5
                                                                                                                  • Part of subcall function 0040633A: GetSystemDirectoryA.KERNEL32 ref: 00406351
                                                                                                                  • Part of subcall function 0040633A: wsprintfA.USER32 ref: 0040638A
                                                                                                                  • Part of subcall function 0040633A: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040639E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 2547128583-0
                                                                                                                • Opcode ID: dd9300423111a071ed2c714751f7876f95e5d132df45129638b184150075da19
                                                                                                                • Instruction ID: 650a49b09a3c495eabc0f371936d9c907298e200c4f2363c251d84495e191d7a
                                                                                                                • Opcode Fuzzy Hash: dd9300423111a071ed2c714751f7876f95e5d132df45129638b184150075da19
                                                                                                                • Instruction Fuzzy Hash: B4E08C32604220ABD2106A74AE0493B72A89E94710302083EF947F2240DB389C3697AD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405BA9 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E00405BA9(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                0x00405bad
                                                                                                                0x00405bba
                                                                                                                0x00405bcf
                                                                                                                0x00405bd5

                                                                                                                APIs
                                                                                                                • GetFileAttributesA.KERNELBASE(00000003,00402E04,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405BAD
                                                                                                                • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BCF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$AttributesCreate
                                                                                                                • String ID:
                                                                                                                • API String ID: 415043291-0
                                                                                                                • Opcode ID: 80243517f436f95d2d00e5b5224d95f101b34955670c918b0becce4e09b30ec3
                                                                                                                • Instruction ID: 6905ba7dec075751c4c8bdaf1e97cd52a4ed4154a0977e2bcfee25d1bc4df630
                                                                                                                • Opcode Fuzzy Hash: 80243517f436f95d2d00e5b5224d95f101b34955670c918b0becce4e09b30ec3
                                                                                                                • Instruction Fuzzy Hash: F5D09E31254201EFEF098F20DE16F2EBBA2EB94B00F11952CB682944E1DA715819AB19
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405B84 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405B84(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





                                                                                                                0x00405b89
                                                                                                                0x00405b8f
                                                                                                                0x00405b94
                                                                                                                0x00405b9d
                                                                                                                0x00405b9d
                                                                                                                0x00405ba6

                                                                                                                APIs
                                                                                                                • GetFileAttributesA.KERNELBASE(?,?,0040579C,?,?,00000000,0040597F,?,?,?,?), ref: 00405B89
                                                                                                                • SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405B9D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 3188754299-0
                                                                                                                • Opcode ID: a53a5738952024e77fe51bdf82e6835a24f68a8863f167a8e3b3ad13dd9f075c
                                                                                                                • Instruction ID: 89bb1c08115ccb47c9876ad1094a3663263f91dea81084495bed50ebcc9a35d2
                                                                                                                • Opcode Fuzzy Hash: a53a5738952024e77fe51bdf82e6835a24f68a8863f167a8e3b3ad13dd9f075c
                                                                                                                • Instruction Fuzzy Hash: B7D0C972504421ABD2102728AE0889BBBA5DB542717028A36F9A5A22B1DB304C569A99
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403753 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00403753() {
				void* _t1;
				void* _t3;
				signed int _t6;

				_t1 =  *0x40a018; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
					_t6 =  *0x40a018;
				}
				E00403798();
				_t3 = E004057D8(_t6, "C:\\Users\\alfons\\AppData\\Local\\Temp\\nstFA32.tmp\\", 7); // executed
				return _t3;
			}






                                                                                                                0x00403753
                                                                                                                0x0040375b
                                                                                                                0x0040375e
                                                                                                                0x00403764
                                                                                                                0x00403764
                                                                                                                0x00403764
                                                                                                                0x0040376b
                                                                                                                0x00403777
                                                                                                                0x0040377c

                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,0040358A,?,?,00000006,00000008,0000000A), ref: 0040375E
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp\nstFA32.tmp\, xrefs: 00403772
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\
                                                                                                                • API String ID: 2962429428-3919070137
                                                                                                                • Opcode ID: 4bfc4a86c4512e3107b8fb86be471d5238cf24995b86bfa467bc0e008276a2a3
                                                                                                                • Instruction ID: fc3c4bd29221364ca44687d693abbcbbd121fb750d4ff3e3919dc32638d5829b
                                                                                                                • Opcode Fuzzy Hash: 4bfc4a86c4512e3107b8fb86be471d5238cf24995b86bfa467bc0e008276a2a3
                                                                                                                • Instruction Fuzzy Hash: F6C012B0540700B6C5647F799E8F9053A545B41736F608726B0B8F20F1C73C4659556F
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040567A Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040567A(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                                                0x00405680
                                                                                                                0x00405688
                                                                                                                0x00000000
                                                                                                                0x0040568e
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • CreateDirectoryA.KERNELBASE(?,00000000,0040325E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 00405680
                                                                                                                • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 0040568E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateDirectoryErrorLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 1375471231-0
                                                                                                                • Opcode ID: f012ed4f2e447eb03a7c1a9074efbf4aa4d4dcf66ab1e3e2b7403bfb804529af
                                                                                                                • Instruction ID: cb450b3a329ff4c2b820c3640ee2c86a22e1ba63869c3c930ac7c2b00640337e
                                                                                                                • Opcode Fuzzy Hash: f012ed4f2e447eb03a7c1a9074efbf4aa4d4dcf66ab1e3e2b7403bfb804529af
                                                                                                                • Instruction Fuzzy Hash: B3C04C302145029EDA515B319E08B1B7A59AB90781F528839654AE81B0DE768455DD2E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401F48 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 78%
                                                                                                                			E00401F48(void* __ecx) {
				void* _t8;
				void* _t12;
				void* _t14;
				void* _t16;
				void* _t17;
				void* _t20;
				void* _t22;

				_t16 = __ecx;
				_t19 = E00402B2C(_t14);
				E00405137(0xffffffeb, _t6); // executed
				_t8 = E004056AF(_t19); // executed
				_t20 = _t8;
				if(_t20 == _t14) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x2c)) != _t14) {
						_t12 = E0040641D(_t16, _t20); // executed
						if( *((intOrPtr*)(_t22 - 0x30)) < _t14) {
							if(_t12 != _t14) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E00405F6E(_t17, _t12);
						}
					}
					_push(_t20); // executed
					FindCloseChangeNotification(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}










                                                                                                                0x00401f48
                                                                                                                0x00401f4e
                                                                                                                0x00401f53
                                                                                                                0x00401f59
                                                                                                                0x00401f5e
                                                                                                                0x00401f62
                                                                                                                0x00402783
                                                                                                                0x00401f68
                                                                                                                0x00401f6b
                                                                                                                0x00401f6e
                                                                                                                0x00401f76
                                                                                                                0x00401f83
                                                                                                                0x00401f85
                                                                                                                0x00401f85
                                                                                                                0x00401f78
                                                                                                                0x00401f7a
                                                                                                                0x00401f7a
                                                                                                                0x00401f76
                                                                                                                0x00401f8c
                                                                                                                0x00401f8d
                                                                                                                0x00401f8d
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405137: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00000000,00423A28,766DEA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                                                                  • Part of subcall function 00405137: lstrlenA.KERNEL32(00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00000000,00423A28,766DEA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                                                                  • Part of subcall function 00405137: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00403156,00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,00000000,00423A28,766DEA30), ref: 00405193
                                                                                                                  • Part of subcall function 00405137: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nstFA32.tmp\), ref: 004051A5
                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004051CB
                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004051E5
                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32(?,00001013,?,00000000), ref: 004051F3
                                                                                                                  • Part of subcall function 004056AF: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C078,Error launching installer), ref: 004056D8
                                                                                                                  • Part of subcall function 004056AF: CloseHandle.KERNEL32(?), ref: 004056E5
                                                                                                                • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401F8D
                                                                                                                  • Part of subcall function 0040641D: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040642E
                                                                                                                  • Part of subcall function 0040641D: GetExitCodeProcess.KERNELBASE ref: 00406450
                                                                                                                  • Part of subcall function 00405F6E: wsprintfA.USER32 ref: 00405F7B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 1543427666-0
                                                                                                                • Opcode ID: f8363799d4078e813ba25254c12b07cb01106bdfe0a7eb29a0760d46d4749358
                                                                                                                • Instruction ID: 496c5526ea8919913ac139df2c9003272b56504e991eb5cf70cacdc6c7c0cc95
                                                                                                                • Opcode Fuzzy Hash: f8363799d4078e813ba25254c12b07cb01106bdfe0a7eb29a0760d46d4749358
                                                                                                                • Instruction Fuzzy Hash: B2F09072A04121ABCB21BBA59A849EF72A8DF41314F51017BE901B72D1C37C0A428ABE
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004026EF Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 40%
                                                                                                                			E004026EF(intOrPtr __edx, void* __eflags) {
				long _t7;
				long _t9;
				LONG* _t11;
				void* _t13;
				intOrPtr _t14;
				void* _t17;
				void* _t19;

				_t14 = __edx;
				_push(ds);
				if(__eflags != 0) {
					_t7 = E00402B0A(2);
					_pop(_t13);
					 *((intOrPtr*)(_t19 - 0x10)) = _t14;
					_t9 = SetFilePointer(E00405F87(_t13, _t17), _t7, _t11,  *(_t19 - 0x28)); // executed
					if( *((intOrPtr*)(_t19 - 0x30)) >= _t11) {
						_push(_t9);
						E00405F6E();
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}










                                                                                                                0x004026ef
                                                                                                                0x004026ef
                                                                                                                0x004026f0
                                                                                                                0x004026f8
                                                                                                                0x004026fd
                                                                                                                0x004026fe
                                                                                                                0x0040270d
                                                                                                                0x00402716
                                                                                                                0x0040295e
                                                                                                                0x00402960
                                                                                                                0x00402960
                                                                                                                0x00402716
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 0040270D
                                                                                                                  • Part of subcall function 00405F6E: wsprintfA.USER32 ref: 00405F7B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FilePointerwsprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 327478801-0
                                                                                                                • Opcode ID: e2356404ccad4a8935ddbf8fc280853e41599541898f6f199fb76157ee16f907
                                                                                                                • Instruction ID: 342abdd748c97434aad0a636f6a3342ea7e6d44647dfd0d52b4034c74de68662
                                                                                                                • Opcode Fuzzy Hash: e2356404ccad4a8935ddbf8fc280853e41599541898f6f199fb76157ee16f907
                                                                                                                • Instruction Fuzzy Hash: 32E06DB2700215ABD702ABA4AE89DBF776CEB44314F10043BF200F10C0C6B948428A69
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040273B Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 41%
                                                                                                                			E0040273B(char __ebx, void* __ecx, char* __esi, void* __eflags) {
				void* _t5;
				int _t8;
				char _t11;
				void* _t15;
				void* _t19;

				_t17 = __esi;
				_t11 = __ebx;
				_t5 = E00405F87(__ecx, _t15);
				if(_t5 == __ebx) {
					L2:
					 *((intOrPtr*)(_t19 - 4)) = 1;
					 *_t17 = _t11;
				} else {
					_t8 = FindNextFileA(_t5, _t19 - 0x1c8); // executed
					if(_t8 != 0) {
						_push(_t19 - 0x19c);
						_push(__esi);
						E00406010();
					} else {
						goto L2;
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}








                                                                                                                0x0040273b
                                                                                                                0x0040273b
                                                                                                                0x0040273c
                                                                                                                0x00402743
                                                                                                                0x00402757
                                                                                                                0x00402757
                                                                                                                0x0040275e
                                                                                                                0x00402745
                                                                                                                0x0040274d
                                                                                                                0x00402755
                                                                                                                0x0040279c
                                                                                                                0x0040279d
                                                                                                                0x004028d6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402755
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • FindNextFileA.KERNELBASE(00000000,?), ref: 0040274D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileFindNext
                                                                                                                • String ID:
                                                                                                                • API String ID: 2029273394-0
                                                                                                                • Opcode ID: 6c16fb3265d5434a67bbc3a754364c03fa3765a95b5e2a99f6dd1015abf345d3
                                                                                                                • Instruction ID: d4e75fc674a14897d4eb9114d760336efd11fbe9bbc54defada1aced3dc9a7b2
                                                                                                                • Opcode Fuzzy Hash: 6c16fb3265d5434a67bbc3a754364c03fa3765a95b5e2a99f6dd1015abf345d3
                                                                                                                • Instruction Fuzzy Hash: E7E06D726001159BD711EBA49A88AAEB3ACEB15314F60447BD142F31C0E6B999869B29
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405EC4 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405EC4(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00405E1B(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExA(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                                                0x00405ece
                                                                                                                0x00405ed7
                                                                                                                0x00405eed
                                                                                                                0x00000000
                                                                                                                0x00405eed
                                                                                                                0x00405edb
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • RegCreateKeyExA.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402BDD,00000000,?,?), ref: 00405EED
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Create
                                                                                                                • String ID:
                                                                                                                • API String ID: 2289755597-0
                                                                                                                • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                • Instruction ID: 1d4fb08659ff36ace7b23f5759770be8a1f2413d8495cc917bdfefdc51ec9cff
                                                                                                                • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                • Instruction Fuzzy Hash: 64E0E67201050DBEDF195F50DD0AD7B371DE704304F10492EFA45D5150E6B5AA716B78
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405C50 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405C50(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                0x00405c54
                                                                                                                0x00405c64
                                                                                                                0x00405c6c
                                                                                                                0x00000000
                                                                                                                0x00405c73
                                                                                                                0x00000000
                                                                                                                0x00405c75

                                                                                                                APIs
                                                                                                                • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004031D6,00000000,0041D428,000000FF,0041D428,000000FF,000000FF,00000004,00000000), ref: 00405C64
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 3934441357-0
                                                                                                                • Opcode ID: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
                                                                                                                • Instruction ID: df976955bb7b77361248817f919be03bb6bd2f6f3b4dc1c0c3d16748aaf5f5c5
                                                                                                                • Opcode Fuzzy Hash: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
                                                                                                                • Instruction Fuzzy Hash: 65E0EC3221476EABEF509F559D04EEB7B6CEB06360F004436FE25E2550D631E9219BA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405C21 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405C21(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                0x00405c25
                                                                                                                0x00405c35
                                                                                                                0x00405c3d
                                                                                                                0x00000000
                                                                                                                0x00405c44
                                                                                                                0x00000000
                                                                                                                0x00405c46

                                                                                                                APIs
                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403220,00000000,00000000,0040304A,000000FF,00000004,00000000,00000000,00000000), ref: 00405C35
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 2738559852-0
                                                                                                                • Opcode ID: c828ac78080eafadef002e80ceae40fa9d69551b6ff84e56452d6cc727993955
                                                                                                                • Instruction ID: 6d14d449f293f6f00ca5a49b865ea561f53b7d8d8b79739f6419f9b8fb6d3ad5
                                                                                                                • Opcode Fuzzy Hash: c828ac78080eafadef002e80ceae40fa9d69551b6ff84e56452d6cc727993955
                                                                                                                • Instruction Fuzzy Hash: 9EE0EC3221476AABEF109E559C00EEB7B6CEB05361F008836F915E3150D631E8219FA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405E96 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405E96(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00405E1B(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExA(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                                                0x00405ea0
                                                                                                                0x00405ea7
                                                                                                                0x00405eba
                                                                                                                0x00000000
                                                                                                                0x00405eba
                                                                                                                0x00405eab
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,?,?,?,?,?,00405F24,?,?,?,?,00000002,Remove folder: ), ref: 00405EBA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Open
                                                                                                                • String ID:
                                                                                                                • API String ID: 71445658-0
                                                                                                                • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                • Instruction ID: 4562f56e26d1b405a4b2aa3aa7a0366252bc09d65f2ff82b9814b1ce5e7315b9
                                                                                                                • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                • Instruction Fuzzy Hash: 19D0EC3200020DBADF115F90DD05FAB3B2EEB04310F004426FA45A50A0D775D630AA58
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040409E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040409E(intOrPtr _a12) {
				intOrPtr _v0;
				struct HWND__* _v4;
				int _t7;
				void* _t8;
				void* _t9;
				void* _t10;

				_t7 = SetDlgItemTextA(_v4, _v0 + 0x3e8, E00406032(_t8, _t9, _t10, 0, _a12)); // executed
				return _t7;
			}









                                                                                                                0x004040b8
                                                                                                                0x004040bd

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ItemText
                                                                                                                • String ID:
                                                                                                                • API String ID: 3367045223-0
                                                                                                                • Opcode ID: 3342009c4bcc52ea6558533371d894f69e84579cd7c87dcd0a7fc8e4b7aae4f8
                                                                                                                • Instruction ID: 6a473d6abd2afb14868c07d698b52ed5b96812309ea8467a529f180f5ae5c3ae
                                                                                                                • Opcode Fuzzy Hash: 3342009c4bcc52ea6558533371d894f69e84579cd7c87dcd0a7fc8e4b7aae4f8
                                                                                                                • Instruction Fuzzy Hash: 7BC04C75188300FFD641E769CC42F1FB7DDEFA4716F40C52EB15CA11D1C63589209A26
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004040EA Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004040EA(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x42ebd8; // 0x1000fa
				if(_t2 != 0) {
					_t3 = SendMessageA(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                                                                0x004040ea
                                                                                                                0x004040f1
                                                                                                                0x004040fc
                                                                                                                0x00000000
                                                                                                                0x004040fc
                                                                                                                0x00404102

                                                                                                                APIs
                                                                                                                • SendMessageA.USER32(001000FA,00000000,00000000,00000000), ref: 004040FC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: 72d0fdd0e21cb56c477cf419d385c95605940825065c69d2cee1e8d6d2b2924a
                                                                                                                • Instruction ID: 7943fe6562f209d381c89a283f4c80e3b99f892abcbfa0530db3e7c971cb473d
                                                                                                                • Opcode Fuzzy Hash: 72d0fdd0e21cb56c477cf419d385c95605940825065c69d2cee1e8d6d2b2924a
                                                                                                                • Instruction Fuzzy Hash: D1C04C717406006AEA20CB519D4DF0677556750B01F5484797351E50D0C674E850DA1C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403223 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00403223(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                0x00403231
                                                                                                                0x00403237

                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402F89,?), ref: 00403231
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FilePointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 973152223-0
                                                                                                                • Opcode ID: af556f1437a27586b8d302be8c6d190c2fb2fb51029204f11d8d070fc2108142
                                                                                                                • Instruction ID: 81fdcbbc46e9ac73494c3809a02cbb86869920566b24394b282a4516d046c7b0
                                                                                                                • Opcode Fuzzy Hash: af556f1437a27586b8d302be8c6d190c2fb2fb51029204f11d8d070fc2108142
                                                                                                                • Instruction Fuzzy Hash: 32B01231140300BFDA214F00DF09F057B21AB90700F10C034B384780F086711075EB0D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004040D3 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004040D3(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x42f408, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                                                0x004040e1
                                                                                                                0x004040e7

                                                                                                                APIs
                                                                                                                • SendMessageA.USER32(00000028,?,00000001,00403F03), ref: 004040E1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: 2bf10b83fa6dd9bc40a18547b02fbce2a65827e50004d0a7ab2884d4d9fdcea2
                                                                                                                • Instruction ID: 0adc9c0e194aa77c868d6ef978719a9753de7db756a7c543b14a3307e76eee0a
                                                                                                                • Opcode Fuzzy Hash: 2bf10b83fa6dd9bc40a18547b02fbce2a65827e50004d0a7ab2884d4d9fdcea2
                                                                                                                • Instruction Fuzzy Hash: B2B09235280A00AAEA215B00DE09F467A62A764701F408038B240250B1CAB200A6DB18
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004040C0 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004040C0(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x42a86c, _a4); // executed
				return _t2;
			}




                                                                                                                0x004040ca
                                                                                                                0x004040d0

                                                                                                                APIs
                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00403E9C), ref: 004040CA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 2492992576-0
                                                                                                                • Opcode ID: a5e593389213340eb0093cabe197c3c64578a6f34cb7028dbabfa569c0510a2c
                                                                                                                • Instruction ID: d750239a91494785f156a03a2b8d5ac9aaa4eec5ddabb582aaccf4f48b9497e5
                                                                                                                • Opcode Fuzzy Hash: a5e593389213340eb0093cabe197c3c64578a6f34cb7028dbabfa569c0510a2c
                                                                                                                • Instruction Fuzzy Hash: C9A012710000009BCB015B00EF04C057F61AB507007018434A2404003186310432FF1D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004014D6(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402B0A(_t7);
				 *((intOrPtr*)(_t13 - 0x10)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                                                                                0x004014d6
                                                                                                                0x004014d7
                                                                                                                0x004014e0
                                                                                                                0x004014e3
                                                                                                                0x004014e7
                                                                                                                0x004014e7
                                                                                                                0x004014e9
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • Sleep.KERNELBASE(00000000), ref: 004014E9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Sleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 3472027048-0
                                                                                                                • Opcode ID: 304e40c09ca84ea39dbdbc89486c3f13133389b82dc946018d0dbde829e4e3d0
                                                                                                                • Instruction ID: bd841e02301729f6c733b5dcab67e03884b535d4bcf0bc385101bf129f75e5b0
                                                                                                                • Opcode Fuzzy Hash: 304e40c09ca84ea39dbdbc89486c3f13133389b82dc946018d0dbde829e4e3d0
                                                                                                                • Instruction Fuzzy Hash: A6D05E73B10201CBD710EBB8AE8485F73B8E7503257604837D542F2191E6B8C9428668
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 00404530 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 274stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 78%
                                                                                                                			E00404530(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;
				void* _t205;

				_t156 = __edx;
				_t82 =  *0x42a048; // 0x67d0c4
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + "0x0000565B";
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405710(0x3fb, _t146);
					E0040627A(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405710(0x3fb, _t146);
							if(E00405A96(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00406010(0x429840, _t146);
							_t87 = E004063A8(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406010(0x429840, _t146);
								_t89 = E00405A41(0x429840);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x429840,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x429840) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x429840,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E004059EF(0x429840);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x429840) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E004049C4(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42ebdc; // 0x689455
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E004049AC(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x429830);
									} else {
										E004048E7(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42f4c4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E004040C0(0 | _v8 == _t158);
								if(_v8 == _t158) {
									_t205 =  *0x42a860 - _t158; // 0x0
									if(_t205 == 0) {
										E00404489();
									}
								}
								 *0x42a860 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x42a870;
							_v60 = E00404881;
							_v56 = _t146;
							_v68 = E00406032(_t146, 0x42a870, _t166, 0x429c48, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004059A8(_t146);
								_t125 =  *((intOrPtr*)( *0x42f414 + 0x11c));
								if( *((intOrPtr*)( *0x42f414 + 0x11c)) != 0 && _t146 == "C:\\Program Files\\Wildix\\WIService") {
									E00406032(_t146, 0x42a870, _t166, 0, _t125);
									if(lstrcmpiA(0x42e3a0, 0x42a870) != 0) {
										lstrcatA(_t146, 0x42e3a0);
									}
								}
								 *0x42a860 =  *0x42a860 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					} else {
						_a8 = 0x40f;
						goto L12;
					}
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405A15(_t146) != 0 && E00405A41(_t146) == 0) {
						E004059A8(_t146);
					}
					 *0x42ebd8 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E0040409E(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E0040409E(_t166);
					E004040D3(_t165);
					_t138 = E004063A8(7);
					if(_t138 == 0) {
						L53:
						return E00404105(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}















































                                                                                                                0x00404530
                                                                                                                0x00404536
                                                                                                                0x0040453c
                                                                                                                0x00404549
                                                                                                                0x00404557
                                                                                                                0x0040455a
                                                                                                                0x00404562
                                                                                                                0x00404568
                                                                                                                0x00404568
                                                                                                                0x00404574
                                                                                                                0x00404577
                                                                                                                0x004045e5
                                                                                                                0x004045ec
                                                                                                                0x004046c3
                                                                                                                0x004046ca
                                                                                                                0x004046d9
                                                                                                                0x004046d9
                                                                                                                0x004046dd
                                                                                                                0x004046e7
                                                                                                                0x004046f4
                                                                                                                0x004046f6
                                                                                                                0x004046f6
                                                                                                                0x00404704
                                                                                                                0x0040470b
                                                                                                                0x00404712
                                                                                                                0x00404715
                                                                                                                0x0040474c
                                                                                                                0x0040474e
                                                                                                                0x00404754
                                                                                                                0x00404759
                                                                                                                0x0040475d
                                                                                                                0x0040475f
                                                                                                                0x0040475f
                                                                                                                0x0040477b
                                                                                                                0x00000000
                                                                                                                0x0040477d
                                                                                                                0x00404780
                                                                                                                0x0040478e
                                                                                                                0x00404794
                                                                                                                0x00404795
                                                                                                                0x00404798
                                                                                                                0x0040479b
                                                                                                                0x00000000
                                                                                                                0x0040479b
                                                                                                                0x00404717
                                                                                                                0x00404719
                                                                                                                0x0040471d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040471f
                                                                                                                0x0040471f
                                                                                                                0x0040472c
                                                                                                                0x00404731
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404735
                                                                                                                0x00404737
                                                                                                                0x00404737
                                                                                                                0x0040473f
                                                                                                                0x00404741
                                                                                                                0x00404744
                                                                                                                0x00404747
                                                                                                                0x0040474a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040474a
                                                                                                                0x004047a7
                                                                                                                0x004047b1
                                                                                                                0x004047b4
                                                                                                                0x004047b7
                                                                                                                0x004047be
                                                                                                                0x004047be
                                                                                                                0x004047c0
                                                                                                                0x004047c0
                                                                                                                0x004047c5
                                                                                                                0x004047c7
                                                                                                                0x004047cf
                                                                                                                0x004047d6
                                                                                                                0x004047d8
                                                                                                                0x004047e3
                                                                                                                0x004047e3
                                                                                                                0x004047d8
                                                                                                                0x004047ea
                                                                                                                0x004047f3
                                                                                                                0x004047fd
                                                                                                                0x00404805
                                                                                                                0x00404820
                                                                                                                0x00404807
                                                                                                                0x00404810
                                                                                                                0x00404810
                                                                                                                0x00404805
                                                                                                                0x00404825
                                                                                                                0x0040482a
                                                                                                                0x0040482f
                                                                                                                0x00404838
                                                                                                                0x00404838
                                                                                                                0x00404841
                                                                                                                0x00404843
                                                                                                                0x00404843
                                                                                                                0x0040484f
                                                                                                                0x00404857
                                                                                                                0x00404859
                                                                                                                0x0040485f
                                                                                                                0x00404861
                                                                                                                0x00404861
                                                                                                                0x0040485f
                                                                                                                0x00404866
                                                                                                                0x00000000
                                                                                                                0x00404866
                                                                                                                0x00404715
                                                                                                                0x004046cc
                                                                                                                0x004046d3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004046d3
                                                                                                                0x004045f2
                                                                                                                0x004045fb
                                                                                                                0x00404615
                                                                                                                0x0040461a
                                                                                                                0x00404624
                                                                                                                0x0040462b
                                                                                                                0x00404637
                                                                                                                0x0040463a
                                                                                                                0x0040463d
                                                                                                                0x00404644
                                                                                                                0x0040464c
                                                                                                                0x0040464f
                                                                                                                0x00404653
                                                                                                                0x0040465a
                                                                                                                0x00404662
                                                                                                                0x004046bc
                                                                                                                0x00404664
                                                                                                                0x00404665
                                                                                                                0x0040466c
                                                                                                                0x00404676
                                                                                                                0x0040467e
                                                                                                                0x0040468b
                                                                                                                0x0040469f
                                                                                                                0x004046a3
                                                                                                                0x004046a3
                                                                                                                0x0040469f
                                                                                                                0x004046a8
                                                                                                                0x004046b5
                                                                                                                0x004046b5
                                                                                                                0x00404662
                                                                                                                0x00000000
                                                                                                                0x0040461a
                                                                                                                0x00404608
                                                                                                                0x00000000
                                                                                                                0x0040460e
                                                                                                                0x0040460e
                                                                                                                0x00000000
                                                                                                                0x0040460e
                                                                                                                0x00404579
                                                                                                                0x00404586
                                                                                                                0x0040458f
                                                                                                                0x0040459c
                                                                                                                0x0040459c
                                                                                                                0x004045a3
                                                                                                                0x004045a9
                                                                                                                0x004045b2
                                                                                                                0x004045b5
                                                                                                                0x004045b8
                                                                                                                0x004045c0
                                                                                                                0x004045c3
                                                                                                                0x004045c6
                                                                                                                0x004045cc
                                                                                                                0x004045d3
                                                                                                                0x004045da
                                                                                                                0x0040486c
                                                                                                                0x0040487e
                                                                                                                0x004045e0
                                                                                                                0x004045e3
                                                                                                                0x00000000
                                                                                                                0x004045e3
                                                                                                                0x004045da

                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32 ref: 0040457F
                                                                                                                • SetWindowTextA.USER32(00000000,?), ref: 004045A9
                                                                                                                • SHBrowseForFolderA.SHELL32(?,00429C48,?), ref: 0040465A
                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404665
                                                                                                                • lstrcmpiA.KERNEL32(Remove folder: ,Wildix Integration Service v3.11.3 Setup ,00000000,?,?), ref: 00404697
                                                                                                                • lstrcatA.KERNEL32(?,Remove folder: ), ref: 004046A3
                                                                                                                • SetDlgItemTextA.USER32 ref: 004046B5
                                                                                                                  • Part of subcall function 00405710: GetDlgItemTextA.USER32 ref: 00405723
                                                                                                                  • Part of subcall function 0040627A: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SetupWIService.exe",766DFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062D2
                                                                                                                  • Part of subcall function 0040627A: CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004062DF
                                                                                                                  • Part of subcall function 0040627A: CharNextA.USER32(?,"C:\Users\user\Desktop\SetupWIService.exe",766DFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062E4
                                                                                                                  • Part of subcall function 0040627A: CharPrevA.USER32(?,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062F4
                                                                                                                • GetDiskFreeSpaceA.KERNEL32(00429840,?,?,0000040F,?,00429840,00429840,?,00000001,00429840,?,?,000003FB,?), ref: 00404773
                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040478E
                                                                                                                  • Part of subcall function 004048E7: lstrlenA.KERNEL32(Wildix Integration Service v3.11.3 Setup ,Wildix Integration Service v3.11.3 Setup ,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404802,000000DF,00000000,00000400,?), ref: 00404985
                                                                                                                  • Part of subcall function 004048E7: wsprintfA.USER32 ref: 0040498D
                                                                                                                  • Part of subcall function 004048E7: SetDlgItemTextA.USER32 ref: 004049A0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                • String ID: 0x0000565B$A$C:\Program Files\Wildix\WIService$Remove folder: $Wildix Integration Service v3.11.3 Setup
                                                                                                                • API String ID: 2624150263-1947673845
                                                                                                                • Opcode ID: f8c5b323b79a30612e5f20638997160abd30a80c2805ffb51c5d0b55a3138d2a
                                                                                                                • Instruction ID: 05eea3de79cf24fe9bb33e9012793c4f482d3b98f46f23a5f19240ee3c7d349e
                                                                                                                • Opcode Fuzzy Hash: f8c5b323b79a30612e5f20638997160abd30a80c2805ffb51c5d0b55a3138d2a
                                                                                                                • Instruction Fuzzy Hash: 78A160B1900218ABDB11AFA6CD45AAF77B8AF85314F14843BF601B62D1D77C8A418B6D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004067ED Relevance: .3, Instructions: 334COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E004067ED(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E00406F5C( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x408400; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x408400; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E00406FC4( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M00406F1C))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x42e388;
												if( *0x42e388 != 0) {
													L22:
													_t412 =  *0x40a40c; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x40a410; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x42d204; // 0x42db08
													_t446[5] = _t414;
													_t415 =  *0x42d200; // 0x42e308
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x42d208;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x42d688;
													if(_t416 < 0x42d688) {
														L15:
														__eflags = _t416 - 0x42d444;
														_t438 = 8;
														if(_t416 > 0x42d444) {
															__eflags = _t416 - 0x42d608;
															if(_t416 >= 0x42d608) {
																__eflags = _t416 - 0x42d668;
																if(_t416 < 0x42d668) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E00406FC4(0x42d208, 0x120, 0x101, 0x408414, 0x408454, 0x42d204, 0x40a40c, 0x42db08, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x42d208, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x42d208 + _t440;
														E00406FC4(0x42d208, 0x1e, 0, 0x408494, 0x4084d0, 0x42d200, 0x40a410, 0x42db08, _t448 - 8);
														 *0x42e388 =  *0x42e388 + 1;
														__eflags =  *0x42e388;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405B64( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E00406FC4( &(__esi[3]), __edi, 0x101, 0x408414, 0x408454, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E00406FC4(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x408494, 0x4084d0, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                                                                                                0x004067ed
                                                                                                                0x004067ed
                                                                                                                0x004067ed
                                                                                                                0x004067ed
                                                                                                                0x004067ed
                                                                                                                0x004067f1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004067f7
                                                                                                                0x004067f7
                                                                                                                0x004067fa
                                                                                                                0x004067fd
                                                                                                                0x00406802
                                                                                                                0x00406804
                                                                                                                0x00406807
                                                                                                                0x0040680a
                                                                                                                0x0040680d
                                                                                                                0x0040680d
                                                                                                                0x00406810
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406812
                                                                                                                0x00406812
                                                                                                                0x00406815
                                                                                                                0x0040681a
                                                                                                                0x0040681c
                                                                                                                0x0040681f
                                                                                                                0x00406825
                                                                                                                0x00406584
                                                                                                                0x00406584
                                                                                                                0x00406587
                                                                                                                0x0040658d
                                                                                                                0x00406593
                                                                                                                0x0040659c
                                                                                                                0x004065a2
                                                                                                                0x004065a5
                                                                                                                0x004065ac
                                                                                                                0x004065b1
                                                                                                                0x004065b7
                                                                                                                0x004065c2
                                                                                                                0x004065c2
                                                                                                                0x0040682b
                                                                                                                0x0040682b
                                                                                                                0x00406835
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040683b
                                                                                                                0x0040683b
                                                                                                                0x0040683f
                                                                                                                0x00406842
                                                                                                                0x00406842
                                                                                                                0x00406846
                                                                                                                0x0040684c
                                                                                                                0x0040684c
                                                                                                                0x0040684f
                                                                                                                0x00406852
                                                                                                                0x00406858
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040685a
                                                                                                                0x0040687c
                                                                                                                0x0040687c
                                                                                                                0x0040687f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040685c
                                                                                                                0x00406860
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406866
                                                                                                                0x00406866
                                                                                                                0x00406869
                                                                                                                0x0040686c
                                                                                                                0x00406871
                                                                                                                0x00406873
                                                                                                                0x00406876
                                                                                                                0x00406879
                                                                                                                0x00406879
                                                                                                                0x00406881
                                                                                                                0x00406881
                                                                                                                0x00406887
                                                                                                                0x0040688a
                                                                                                                0x0040688d
                                                                                                                0x0040688d
                                                                                                                0x00406894
                                                                                                                0x00406898
                                                                                                                0x0040689c
                                                                                                                0x0040689f
                                                                                                                0x004068a2
                                                                                                                0x004068a8
                                                                                                                0x004068ad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004068af
                                                                                                                0x004068c3
                                                                                                                0x004068c3
                                                                                                                0x004068c7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004068b1
                                                                                                                0x004068b4
                                                                                                                0x004068b4
                                                                                                                0x004068bb
                                                                                                                0x004068c0
                                                                                                                0x004068c0
                                                                                                                0x004068c0
                                                                                                                0x004068c9
                                                                                                                0x004068c9
                                                                                                                0x004068cc
                                                                                                                0x004068da
                                                                                                                0x004068e0
                                                                                                                0x004068e5
                                                                                                                0x004068eb
                                                                                                                0x004068f1
                                                                                                                0x004068f7
                                                                                                                0x004068fe
                                                                                                                0x00406912
                                                                                                                0x00406912
                                                                                                                0x00406ee1
                                                                                                                0x00406ee1
                                                                                                                0x00406ee1
                                                                                                                0x00406ee6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040651e
                                                                                                                0x0040651e
                                                                                                                0x00000000
                                                                                                                0x00406b19
                                                                                                                0x00406b19
                                                                                                                0x00406b1d
                                                                                                                0x00406b20
                                                                                                                0x00406b23
                                                                                                                0x00406b26
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406b2c
                                                                                                                0x00406b2c
                                                                                                                0x00406b51
                                                                                                                0x00406b51
                                                                                                                0x00406b51
                                                                                                                0x00406b53
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406b31
                                                                                                                0x00406b31
                                                                                                                0x00406b35
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406b3b
                                                                                                                0x00406b3b
                                                                                                                0x00406b3e
                                                                                                                0x00406b41
                                                                                                                0x00406b44
                                                                                                                0x00406b46
                                                                                                                0x00406b48
                                                                                                                0x00406b4b
                                                                                                                0x00406b4e
                                                                                                                0x00406b4e
                                                                                                                0x00406b4e
                                                                                                                0x00406b55
                                                                                                                0x00406b55
                                                                                                                0x00406b5d
                                                                                                                0x00406b60
                                                                                                                0x00406b63
                                                                                                                0x00406b66
                                                                                                                0x00406b6a
                                                                                                                0x00406b6d
                                                                                                                0x00406b6f
                                                                                                                0x00406b72
                                                                                                                0x00406b74
                                                                                                                0x00406b88
                                                                                                                0x00406b88
                                                                                                                0x00406b8b
                                                                                                                0x00406ba5
                                                                                                                0x00406ba5
                                                                                                                0x00406ba8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406bae
                                                                                                                0x00406bae
                                                                                                                0x00406bb1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406bb7
                                                                                                                0x00406bb7
                                                                                                                0x00000000
                                                                                                                0x00406bb7
                                                                                                                0x00406b8d
                                                                                                                0x00406b90
                                                                                                                0x00406b97
                                                                                                                0x00406b9a
                                                                                                                0x00000000
                                                                                                                0x00406b9a
                                                                                                                0x00406b76
                                                                                                                0x00406b7a
                                                                                                                0x00406b7d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406bc2
                                                                                                                0x00406bc2
                                                                                                                0x00406be7
                                                                                                                0x00406be7
                                                                                                                0x00406be7
                                                                                                                0x00406be9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406bc7
                                                                                                                0x00406bc7
                                                                                                                0x00406bcb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406bd1
                                                                                                                0x00406bd1
                                                                                                                0x00406bd4
                                                                                                                0x00406bd7
                                                                                                                0x00406bda
                                                                                                                0x00406bdc
                                                                                                                0x00406bde
                                                                                                                0x00406be1
                                                                                                                0x00406be4
                                                                                                                0x00406be4
                                                                                                                0x00406be4
                                                                                                                0x00406beb
                                                                                                                0x00406bf3
                                                                                                                0x00406bf6
                                                                                                                0x00406bf9
                                                                                                                0x00406bfb
                                                                                                                0x00406bfe
                                                                                                                0x00406bfe
                                                                                                                0x00406c00
                                                                                                                0x00406c04
                                                                                                                0x00406c07
                                                                                                                0x00406c0a
                                                                                                                0x00406c0d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406c13
                                                                                                                0x00406c13
                                                                                                                0x00406c38
                                                                                                                0x00406c38
                                                                                                                0x00406c38
                                                                                                                0x00406c3a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406c18
                                                                                                                0x00406c18
                                                                                                                0x00406c1c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406c22
                                                                                                                0x00406c22
                                                                                                                0x00406c25
                                                                                                                0x00406c28
                                                                                                                0x00406c2b
                                                                                                                0x00406c2d
                                                                                                                0x00406c2f
                                                                                                                0x00406c32
                                                                                                                0x00406c35
                                                                                                                0x00406c35
                                                                                                                0x00406c35
                                                                                                                0x00406c3c
                                                                                                                0x00406c3c
                                                                                                                0x00406c44
                                                                                                                0x00406c47
                                                                                                                0x00406c4a
                                                                                                                0x00406c4d
                                                                                                                0x00406c51
                                                                                                                0x00406c54
                                                                                                                0x00406c56
                                                                                                                0x00406c59
                                                                                                                0x00406c5c
                                                                                                                0x00406c76
                                                                                                                0x00406c76
                                                                                                                0x00406c79
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406c7f
                                                                                                                0x00406c7f
                                                                                                                0x00406c82
                                                                                                                0x00406c89
                                                                                                                0x00000000
                                                                                                                0x00406c89
                                                                                                                0x00406c5e
                                                                                                                0x00406c61
                                                                                                                0x00406c68
                                                                                                                0x00406c6b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406c91
                                                                                                                0x00406c91
                                                                                                                0x00406cb6
                                                                                                                0x00406cb6
                                                                                                                0x00406cb6
                                                                                                                0x00406cb8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406c96
                                                                                                                0x00406c96
                                                                                                                0x00406c9a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406ca0
                                                                                                                0x00406ca0
                                                                                                                0x00406ca3
                                                                                                                0x00406ca6
                                                                                                                0x00406ca9
                                                                                                                0x00406cab
                                                                                                                0x00406cad
                                                                                                                0x00406cb0
                                                                                                                0x00406cb3
                                                                                                                0x00406cb3
                                                                                                                0x00406cb3
                                                                                                                0x00406cba
                                                                                                                0x00406cc2
                                                                                                                0x00406cc5
                                                                                                                0x00406cc8
                                                                                                                0x00406cca
                                                                                                                0x00406ccd
                                                                                                                0x00406ccd
                                                                                                                0x00406ccf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406cd5
                                                                                                                0x00406cd5
                                                                                                                0x00406cd8
                                                                                                                0x00406cdd
                                                                                                                0x00406cdf
                                                                                                                0x00406ce5
                                                                                                                0x00406ce7
                                                                                                                0x00406cfc
                                                                                                                0x00406cfe
                                                                                                                0x00406cfe
                                                                                                                0x00406ce9
                                                                                                                0x00406cef
                                                                                                                0x00406cf1
                                                                                                                0x00406cf3
                                                                                                                0x00406cf3
                                                                                                                0x00406d00
                                                                                                                0x00406d04
                                                                                                                0x00406d07
                                                                                                                0x00406d0d
                                                                                                                0x00406d0d
                                                                                                                0x00406d10
                                                                                                                0x00406d10
                                                                                                                0x00406d10
                                                                                                                0x00406d12
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406d18
                                                                                                                0x00406d18
                                                                                                                0x00406d1e
                                                                                                                0x00406d20
                                                                                                                0x00406d45
                                                                                                                0x00406d48
                                                                                                                0x00406d4e
                                                                                                                0x00406d53
                                                                                                                0x00406d59
                                                                                                                0x00406d5f
                                                                                                                0x00406d61
                                                                                                                0x00406d64
                                                                                                                0x00406d6d
                                                                                                                0x00406d73
                                                                                                                0x00406d73
                                                                                                                0x00406d66
                                                                                                                0x00406d68
                                                                                                                0x00406d6a
                                                                                                                0x00406d6a
                                                                                                                0x00406d75
                                                                                                                0x00406d7b
                                                                                                                0x00406d7d
                                                                                                                0x00406d80
                                                                                                                0x00406d82
                                                                                                                0x00406d88
                                                                                                                0x00406d8a
                                                                                                                0x00406d8c
                                                                                                                0x00406d8e
                                                                                                                0x00406d90
                                                                                                                0x00406d93
                                                                                                                0x00406d9c
                                                                                                                0x00406d9f
                                                                                                                0x00406d9f
                                                                                                                0x00406d95
                                                                                                                0x00406d95
                                                                                                                0x00406d98
                                                                                                                0x00406d98
                                                                                                                0x00406d93
                                                                                                                0x00406d8a
                                                                                                                0x00406da1
                                                                                                                0x00406da3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406da3
                                                                                                                0x00406d22
                                                                                                                0x00406d22
                                                                                                                0x00406d28
                                                                                                                0x00406d2e
                                                                                                                0x00406d30
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406d32
                                                                                                                0x00406d32
                                                                                                                0x00406d34
                                                                                                                0x00406d36
                                                                                                                0x00406d3f
                                                                                                                0x00406d3f
                                                                                                                0x00406d38
                                                                                                                0x00406d38
                                                                                                                0x00406d3b
                                                                                                                0x00406d3b
                                                                                                                0x00406d41
                                                                                                                0x00406d43
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406da9
                                                                                                                0x00406da9
                                                                                                                0x00406dae
                                                                                                                0x00406db0
                                                                                                                0x00406db1
                                                                                                                0x00406db2
                                                                                                                0x00406db3
                                                                                                                0x00406db9
                                                                                                                0x00406dbc
                                                                                                                0x00406dbf
                                                                                                                0x00406dc2
                                                                                                                0x00406dc4
                                                                                                                0x00406dca
                                                                                                                0x00406dca
                                                                                                                0x00406dcd
                                                                                                                0x00406dcd
                                                                                                                0x00406dcd
                                                                                                                0x00406dcd
                                                                                                                0x00406dd6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406ddb
                                                                                                                0x00406ddb
                                                                                                                0x00406dde
                                                                                                                0x00406de1
                                                                                                                0x00406de3
                                                                                                                0x00406e7a
                                                                                                                0x00406e7a
                                                                                                                0x00406e7d
                                                                                                                0x00406e7f
                                                                                                                0x00406e80
                                                                                                                0x00406e81
                                                                                                                0x00406e84
                                                                                                                0x00000000
                                                                                                                0x00406e84
                                                                                                                0x00406de9
                                                                                                                0x00406de9
                                                                                                                0x00406def
                                                                                                                0x00406df1
                                                                                                                0x00406e16
                                                                                                                0x00406e19
                                                                                                                0x00406e1f
                                                                                                                0x00406e24
                                                                                                                0x00406e2a
                                                                                                                0x00406e30
                                                                                                                0x00406e32
                                                                                                                0x00406e35
                                                                                                                0x00406e3e
                                                                                                                0x00406e44
                                                                                                                0x00406e44
                                                                                                                0x00406e37
                                                                                                                0x00406e39
                                                                                                                0x00406e3b
                                                                                                                0x00406e3b
                                                                                                                0x00406e46
                                                                                                                0x00406e4c
                                                                                                                0x00406e4e
                                                                                                                0x00406e51
                                                                                                                0x00406e53
                                                                                                                0x00406e59
                                                                                                                0x00406e5b
                                                                                                                0x00406e5d
                                                                                                                0x00406e5f
                                                                                                                0x00406e61
                                                                                                                0x00406e64
                                                                                                                0x00406e6d
                                                                                                                0x00406e70
                                                                                                                0x00406e70
                                                                                                                0x00406e66
                                                                                                                0x00406e66
                                                                                                                0x00406e69
                                                                                                                0x00406e69
                                                                                                                0x00406e64
                                                                                                                0x00406e5b
                                                                                                                0x00406e72
                                                                                                                0x00406e74
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406e74
                                                                                                                0x00406df3
                                                                                                                0x00406df3
                                                                                                                0x00406df9
                                                                                                                0x00406dff
                                                                                                                0x00406e01
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406e03
                                                                                                                0x00406e03
                                                                                                                0x00406e05
                                                                                                                0x00406e07
                                                                                                                0x00406e0e
                                                                                                                0x00406e0e
                                                                                                                0x00406e10
                                                                                                                0x00406e09
                                                                                                                0x00406e09
                                                                                                                0x00406e0b
                                                                                                                0x00406e0b
                                                                                                                0x00406e12
                                                                                                                0x00406e14
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406e8c
                                                                                                                0x00406e8c
                                                                                                                0x00406e8f
                                                                                                                0x00406e91
                                                                                                                0x00406e94
                                                                                                                0x00406e97
                                                                                                                0x00406e97
                                                                                                                0x00406e97
                                                                                                                0x00406e97
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406545
                                                                                                                0x00406529
                                                                                                                0x00000000
                                                                                                                0x0040652f
                                                                                                                0x00406532
                                                                                                                0x0040653c
                                                                                                                0x0040653f
                                                                                                                0x00406542
                                                                                                                0x00000000
                                                                                                                0x00406542
                                                                                                                0x00406529
                                                                                                                0x0040654d
                                                                                                                0x00406550
                                                                                                                0x00406554
                                                                                                                0x0040655e
                                                                                                                0x00406568
                                                                                                                0x0040656b
                                                                                                                0x00406571
                                                                                                                0x004066a5
                                                                                                                0x004066a7
                                                                                                                0x004066ad
                                                                                                                0x004066b0
                                                                                                                0x004066b3
                                                                                                                0x00000000
                                                                                                                0x004066b3
                                                                                                                0x00406577
                                                                                                                0x00406577
                                                                                                                0x00406578
                                                                                                                0x004065d0
                                                                                                                0x004065d0
                                                                                                                0x004065d7
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x00406682
                                                                                                                0x00406685
                                                                                                                0x0040668a
                                                                                                                0x0040668d
                                                                                                                0x00406692
                                                                                                                0x00406695
                                                                                                                0x0040669a
                                                                                                                0x0040669d
                                                                                                                0x0040669d
                                                                                                                0x00000000
                                                                                                                0x004065dd
                                                                                                                0x004065dd
                                                                                                                0x004065dd
                                                                                                                0x004065dd
                                                                                                                0x004065e1
                                                                                                                0x004065e1
                                                                                                                0x00406603
                                                                                                                0x00406606
                                                                                                                0x00406608
                                                                                                                0x0040660b
                                                                                                                0x00406610
                                                                                                                0x004065e6
                                                                                                                0x004065e6
                                                                                                                0x004065eb
                                                                                                                0x004065ed
                                                                                                                0x004065ef
                                                                                                                0x004065f4
                                                                                                                0x004065fa
                                                                                                                0x004065ff
                                                                                                                0x00406601
                                                                                                                0x00406601
                                                                                                                0x004065f6
                                                                                                                0x004065f6
                                                                                                                0x004065f6
                                                                                                                0x004065f4
                                                                                                                0x00000000
                                                                                                                0x00406612
                                                                                                                0x0040663f
                                                                                                                0x00406644
                                                                                                                0x00406646
                                                                                                                0x00406647
                                                                                                                0x00406649
                                                                                                                0x0040664a
                                                                                                                0x0040664a
                                                                                                                0x0040664a
                                                                                                                0x00406672
                                                                                                                0x00406677
                                                                                                                0x00406677
                                                                                                                0x00000000
                                                                                                                0x00406677
                                                                                                                0x00406610
                                                                                                                0x004065d7
                                                                                                                0x0040657a
                                                                                                                0x0040657a
                                                                                                                0x0040657b
                                                                                                                0x004065c5
                                                                                                                0x00000000
                                                                                                                0x004065c5
                                                                                                                0x0040657d
                                                                                                                0x0040657e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004066da
                                                                                                                0x004066da
                                                                                                                0x004066da
                                                                                                                0x004066dd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004066ba
                                                                                                                0x004066ba
                                                                                                                0x004066be
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004066c4
                                                                                                                0x004066c4
                                                                                                                0x004066c7
                                                                                                                0x004066ca
                                                                                                                0x004066cf
                                                                                                                0x004066d1
                                                                                                                0x004066d4
                                                                                                                0x004066d7
                                                                                                                0x004066d7
                                                                                                                0x004066d7
                                                                                                                0x004066df
                                                                                                                0x004066df
                                                                                                                0x004066e2
                                                                                                                0x004066e4
                                                                                                                0x004066e9
                                                                                                                0x004066ec
                                                                                                                0x004066ee
                                                                                                                0x004066f1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004066f7
                                                                                                                0x004066f7
                                                                                                                0x004066f9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004066ff
                                                                                                                0x004066ff
                                                                                                                0x00406703
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406709
                                                                                                                0x00406709
                                                                                                                0x0040670c
                                                                                                                0x0040670e
                                                                                                                0x004067ac
                                                                                                                0x004067ac
                                                                                                                0x004067af
                                                                                                                0x004067b1
                                                                                                                0x004067b1
                                                                                                                0x004067b4
                                                                                                                0x004067b7
                                                                                                                0x004067b9
                                                                                                                0x004067bb
                                                                                                                0x004067bd
                                                                                                                0x004067bd
                                                                                                                0x004067c6
                                                                                                                0x004067cb
                                                                                                                0x004067ce
                                                                                                                0x004067d1
                                                                                                                0x004067d4
                                                                                                                0x004067d7
                                                                                                                0x004067d7
                                                                                                                0x004067d7
                                                                                                                0x004067da
                                                                                                                0x004067e0
                                                                                                                0x004067e0
                                                                                                                0x004067e6
                                                                                                                0x004067e6
                                                                                                                0x004067e6
                                                                                                                0x00000000
                                                                                                                0x004067da
                                                                                                                0x00406714
                                                                                                                0x00406714
                                                                                                                0x0040671a
                                                                                                                0x0040671d
                                                                                                                0x0040671f
                                                                                                                0x0040674a
                                                                                                                0x0040674d
                                                                                                                0x00406753
                                                                                                                0x00406758
                                                                                                                0x0040675e
                                                                                                                0x00406764
                                                                                                                0x00406766
                                                                                                                0x00406769
                                                                                                                0x00406772
                                                                                                                0x00406778
                                                                                                                0x00406778
                                                                                                                0x0040676b
                                                                                                                0x0040676d
                                                                                                                0x0040676f
                                                                                                                0x0040676f
                                                                                                                0x0040677a
                                                                                                                0x00406780
                                                                                                                0x00406783
                                                                                                                0x00406785
                                                                                                                0x00406787
                                                                                                                0x0040678d
                                                                                                                0x0040678f
                                                                                                                0x00406791
                                                                                                                0x00406794
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x0040679f
                                                                                                                0x00406796
                                                                                                                0x00406796
                                                                                                                0x00406799
                                                                                                                0x00406799
                                                                                                                0x004067a1
                                                                                                                0x004067a1
                                                                                                                0x0040678f
                                                                                                                0x004067a4
                                                                                                                0x004067a6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004067a6
                                                                                                                0x00406721
                                                                                                                0x00406721
                                                                                                                0x00406727
                                                                                                                0x0040672d
                                                                                                                0x0040672f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406731
                                                                                                                0x00406731
                                                                                                                0x00406733
                                                                                                                0x00406735
                                                                                                                0x00406738
                                                                                                                0x0040673f
                                                                                                                0x0040673f
                                                                                                                0x00406741
                                                                                                                0x0040673a
                                                                                                                0x0040673a
                                                                                                                0x0040673c
                                                                                                                0x0040673c
                                                                                                                0x00406743
                                                                                                                0x00406745
                                                                                                                0x00406748
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040684c
                                                                                                                0x0040684f
                                                                                                                0x00406852
                                                                                                                0x00406858
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406a2f
                                                                                                                0x00406a2f
                                                                                                                0x00406a2f
                                                                                                                0x00406a32
                                                                                                                0x00406a35
                                                                                                                0x00406a37
                                                                                                                0x00406a3a
                                                                                                                0x00406a40
                                                                                                                0x00406a47
                                                                                                                0x00406a49
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040691d
                                                                                                                0x0040691d
                                                                                                                0x00406945
                                                                                                                0x00406945
                                                                                                                0x00406945
                                                                                                                0x00406947
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406925
                                                                                                                0x00406925
                                                                                                                0x00406929
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040692f
                                                                                                                0x0040692f
                                                                                                                0x00406932
                                                                                                                0x00406935
                                                                                                                0x00406938
                                                                                                                0x0040693a
                                                                                                                0x0040693c
                                                                                                                0x0040693f
                                                                                                                0x00406942
                                                                                                                0x00406942
                                                                                                                0x00406942
                                                                                                                0x00406949
                                                                                                                0x00406949
                                                                                                                0x00406951
                                                                                                                0x00406954
                                                                                                                0x0040695a
                                                                                                                0x0040695d
                                                                                                                0x00406961
                                                                                                                0x00406965
                                                                                                                0x00406968
                                                                                                                0x0040696b
                                                                                                                0x00406983
                                                                                                                0x00406983
                                                                                                                0x00406986
                                                                                                                0x00406994
                                                                                                                0x00406997
                                                                                                                0x00406988
                                                                                                                0x00406988
                                                                                                                0x0040698a
                                                                                                                0x00406991
                                                                                                                0x00406991
                                                                                                                0x004069c0
                                                                                                                0x004069c0
                                                                                                                0x004069c0
                                                                                                                0x004069c3
                                                                                                                0x004069c5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004069a0
                                                                                                                0x004069a0
                                                                                                                0x004069a4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004069aa
                                                                                                                0x004069aa
                                                                                                                0x004069ad
                                                                                                                0x004069b0
                                                                                                                0x004069b3
                                                                                                                0x004069b5
                                                                                                                0x004069b7
                                                                                                                0x004069ba
                                                                                                                0x004069bd
                                                                                                                0x004069bd
                                                                                                                0x004069bd
                                                                                                                0x004069c7
                                                                                                                0x004069c7
                                                                                                                0x004069c9
                                                                                                                0x004069cb
                                                                                                                0x004069d6
                                                                                                                0x004069d9
                                                                                                                0x004069dc
                                                                                                                0x004069de
                                                                                                                0x004069e0
                                                                                                                0x004069e2
                                                                                                                0x004069e5
                                                                                                                0x004069e8
                                                                                                                0x004069ed
                                                                                                                0x004069f0
                                                                                                                0x004069f3
                                                                                                                0x004069f6
                                                                                                                0x004069fd
                                                                                                                0x00406a00
                                                                                                                0x00406a02
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406a08
                                                                                                                0x00406a08
                                                                                                                0x00406a0c
                                                                                                                0x00406a1d
                                                                                                                0x00406a1d
                                                                                                                0x00406a1d
                                                                                                                0x00406a1f
                                                                                                                0x00406a1f
                                                                                                                0x00406a23
                                                                                                                0x00406a23
                                                                                                                0x00406a23
                                                                                                                0x00406a25
                                                                                                                0x00406a26
                                                                                                                0x00406a29
                                                                                                                0x00406a29
                                                                                                                0x00406a29
                                                                                                                0x00406a2c
                                                                                                                0x00000000
                                                                                                                0x00406a2c
                                                                                                                0x00406a0e
                                                                                                                0x00406a0e
                                                                                                                0x00406a11
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406a17
                                                                                                                0x00406a17
                                                                                                                0x00000000
                                                                                                                0x00406a17
                                                                                                                0x0040696d
                                                                                                                0x0040696d
                                                                                                                0x0040696f
                                                                                                                0x00406971
                                                                                                                0x00406974
                                                                                                                0x00406977
                                                                                                                0x0040697b
                                                                                                                0x0040697b
                                                                                                                0x00406a4f
                                                                                                                0x00406a4f
                                                                                                                0x00406a52
                                                                                                                0x00406a59
                                                                                                                0x00406a5d
                                                                                                                0x00406a5f
                                                                                                                0x00406a62
                                                                                                                0x00406a65
                                                                                                                0x00406a6a
                                                                                                                0x00406a6d
                                                                                                                0x00406a6f
                                                                                                                0x00406a70
                                                                                                                0x00406a73
                                                                                                                0x00406a7e
                                                                                                                0x00406a81
                                                                                                                0x00406a98
                                                                                                                0x00406a9d
                                                                                                                0x00406aa4
                                                                                                                0x00406aa9
                                                                                                                0x00406aad
                                                                                                                0x00406aaf
                                                                                                                0x00406aaf
                                                                                                                0x00406aaf
                                                                                                                0x00406ab2
                                                                                                                0x00406ab4
                                                                                                                0x00000000
                                                                                                                0x00406aba
                                                                                                                0x00406aba
                                                                                                                0x00406abe
                                                                                                                0x00406ac9
                                                                                                                0x00406adc
                                                                                                                0x00406ae1
                                                                                                                0x00406ae6
                                                                                                                0x00406ae8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406aee
                                                                                                                0x00406aee
                                                                                                                0x00406af1
                                                                                                                0x00406af3
                                                                                                                0x00406b01
                                                                                                                0x00406b01
                                                                                                                0x00406b04
                                                                                                                0x00406b04
                                                                                                                0x00406b07
                                                                                                                0x00406b0a
                                                                                                                0x00406b0d
                                                                                                                0x00406b10
                                                                                                                0x00406b13
                                                                                                                0x00406b16
                                                                                                                0x00000000
                                                                                                                0x00406b16
                                                                                                                0x00406af5
                                                                                                                0x00406af5
                                                                                                                0x00406afb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406afb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406e9a
                                                                                                                0x00406e9a
                                                                                                                0x00406ea0
                                                                                                                0x00406ea6
                                                                                                                0x00406eab
                                                                                                                0x00406eb1
                                                                                                                0x00406eb7
                                                                                                                0x00406eb9
                                                                                                                0x00406ebc
                                                                                                                0x00406ec5
                                                                                                                0x00406ecb
                                                                                                                0x00406ecb
                                                                                                                0x00406ebe
                                                                                                                0x00406ec0
                                                                                                                0x00406ec2
                                                                                                                0x00406ec2
                                                                                                                0x00406ecd
                                                                                                                0x00406ecf
                                                                                                                0x00406ed2
                                                                                                                0x00406f0d
                                                                                                                0x00406f0d
                                                                                                                0x00000000
                                                                                                                0x00406ed4
                                                                                                                0x00406ed4
                                                                                                                0x00406ed4
                                                                                                                0x00406eda
                                                                                                                0x00406edd
                                                                                                                0x00406edf
                                                                                                                0x00406f14
                                                                                                                0x00406f16
                                                                                                                0x00000000
                                                                                                                0x00406f16
                                                                                                                0x00000000
                                                                                                                0x00406edf
                                                                                                                0x00000000
                                                                                                                0x0040651e
                                                                                                                0x00406eec
                                                                                                                0x00000000
                                                                                                                0x00406eec
                                                                                                                0x00406900
                                                                                                                0x00406902
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406904
                                                                                                                0x00406904
                                                                                                                0x00406907
                                                                                                                0x00000000
                                                                                                                0x00406907
                                                                                                                0x0040684c
                                                                                                                0x0040680d
                                                                                                                0x00406ef1
                                                                                                                0x00406ef4
                                                                                                                0x00406ef6
                                                                                                                0x00406eff
                                                                                                                0x00406f05
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 82a44bc8fd526afdff965e1cd5e7f2d0a246497ca5c27b0c944ad4ba04d420dd
                                                                                                                • Instruction ID: dc39b55080118b2a9f2c57fc2b953182458e36931565741e2945480d6a34e330
                                                                                                                • Opcode Fuzzy Hash: 82a44bc8fd526afdff965e1cd5e7f2d0a246497ca5c27b0c944ad4ba04d420dd
                                                                                                                • Instruction Fuzzy Hash: D2E19A7190070ADFDB24CF58D890BAAB7F1EB44305F15842EE897A76C1D738AA95CF44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406FC4 Relevance: .3, Instructions: 300COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00406FC4(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x42d688 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x42d688;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x42d688 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                                                                                0x00406fcf
                                                                                                                0x00406fd7
                                                                                                                0x00406fdb
                                                                                                                0x00406fdd
                                                                                                                0x00406fe0
                                                                                                                0x00406fe2
                                                                                                                0x00406fe2
                                                                                                                0x00406fe4
                                                                                                                0x00406feb
                                                                                                                0x00406fed
                                                                                                                0x00406fed
                                                                                                                0x00406ff3
                                                                                                                0x00407008
                                                                                                                0x00407010
                                                                                                                0x00407012
                                                                                                                0x00407014
                                                                                                                0x00407017
                                                                                                                0x00407018
                                                                                                                0x00407018
                                                                                                                0x0040701e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00407020
                                                                                                                0x00407023
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00407023
                                                                                                                0x00407027
                                                                                                                0x0040702a
                                                                                                                0x0040702c
                                                                                                                0x0040702c
                                                                                                                0x0040702f
                                                                                                                0x00407035
                                                                                                                0x00407036
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00407036
                                                                                                                0x0040703b
                                                                                                                0x0040703e
                                                                                                                0x00407040
                                                                                                                0x00407040
                                                                                                                0x00407046
                                                                                                                0x00407048
                                                                                                                0x00407059
                                                                                                                0x0040704c
                                                                                                                0x00407050
                                                                                                                0x004072f5
                                                                                                                0x00000000
                                                                                                                0x004072f5
                                                                                                                0x00407056
                                                                                                                0x00407057
                                                                                                                0x00407057
                                                                                                                0x0040705f
                                                                                                                0x00407062
                                                                                                                0x00407066
                                                                                                                0x00407068
                                                                                                                0x0040706a
                                                                                                                0x0040706d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00407075
                                                                                                                0x0040707b
                                                                                                                0x0040707d
                                                                                                                0x0040707f
                                                                                                                0x00407080
                                                                                                                0x00407095
                                                                                                                0x00407095
                                                                                                                0x00407098
                                                                                                                0x0040709a
                                                                                                                0x0040709a
                                                                                                                0x0040709c
                                                                                                                0x004070a1
                                                                                                                0x004070a3
                                                                                                                0x004070aa
                                                                                                                0x004070ac
                                                                                                                0x004070b4
                                                                                                                0x004070b4
                                                                                                                0x004070b6
                                                                                                                0x004070b7
                                                                                                                0x004070c6
                                                                                                                0x004070ca
                                                                                                                0x004070ce
                                                                                                                0x004070d1
                                                                                                                0x004070d4
                                                                                                                0x004070d9
                                                                                                                0x004070dc
                                                                                                                0x004070e2
                                                                                                                0x004070e9
                                                                                                                0x004070ef
                                                                                                                0x004072e8
                                                                                                                0x004072e8
                                                                                                                0x004072ed
                                                                                                                0x004072fc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004072ed
                                                                                                                0x004070fc
                                                                                                                0x004070ff
                                                                                                                0x00407102
                                                                                                                0x00407105
                                                                                                                0x00407109
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00407114
                                                                                                                0x00407117
                                                                                                                0x00407118
                                                                                                                0x0040711a
                                                                                                                0x00407120
                                                                                                                0x00407123
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00407129
                                                                                                                0x0040712a
                                                                                                                0x0040712d
                                                                                                                0x00407130
                                                                                                                0x00407133
                                                                                                                0x00407139
                                                                                                                0x0040713b
                                                                                                                0x0040713b
                                                                                                                0x00407143
                                                                                                                0x00407147
                                                                                                                0x0040714c
                                                                                                                0x00407171
                                                                                                                0x00407177
                                                                                                                0x00407179
                                                                                                                0x0040717b
                                                                                                                0x0040717e
                                                                                                                0x00407187
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040714e
                                                                                                                0x0040714e
                                                                                                                0x00407157
                                                                                                                0x0040715b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040716c
                                                                                                                0x0040716c
                                                                                                                0x0040716f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040715f
                                                                                                                0x00407162
                                                                                                                0x00407164
                                                                                                                0x00407168
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040716a
                                                                                                                0x0040716a
                                                                                                                0x00000000
                                                                                                                0x0040716c
                                                                                                                0x00407190
                                                                                                                0x00407196
                                                                                                                0x004071a0
                                                                                                                0x004071a2
                                                                                                                0x004071a7
                                                                                                                0x004071a9
                                                                                                                0x004071df
                                                                                                                0x004071ab
                                                                                                                0x004071ab
                                                                                                                0x004071ae
                                                                                                                0x004071b1
                                                                                                                0x004071bb
                                                                                                                0x004071be
                                                                                                                0x004071c5
                                                                                                                0x004071d0
                                                                                                                0x004071d7
                                                                                                                0x004071d7
                                                                                                                0x004071e1
                                                                                                                0x004071e4
                                                                                                                0x004071e6
                                                                                                                0x004071ec
                                                                                                                0x004071ec
                                                                                                                0x004071f5
                                                                                                                0x004071f8
                                                                                                                0x004071fd
                                                                                                                0x0040720c
                                                                                                                0x00407214
                                                                                                                0x00407219
                                                                                                                0x0040723d
                                                                                                                0x00407245
                                                                                                                0x00407249
                                                                                                                0x0040724f
                                                                                                                0x0040721b
                                                                                                                0x00407229
                                                                                                                0x0040722c
                                                                                                                0x00407232
                                                                                                                0x00407232
                                                                                                                0x00407253
                                                                                                                0x0040720e
                                                                                                                0x0040720e
                                                                                                                0x0040720e
                                                                                                                0x00407264
                                                                                                                0x00407268
                                                                                                                0x00407274
                                                                                                                0x0040726f
                                                                                                                0x00407272
                                                                                                                0x00407272
                                                                                                                0x0040727c
                                                                                                                0x00407281
                                                                                                                0x00407289
                                                                                                                0x00407285
                                                                                                                0x00407287
                                                                                                                0x00407287
                                                                                                                0x0040728f
                                                                                                                0x00407291
                                                                                                                0x00407298
                                                                                                                0x004072a2
                                                                                                                0x004072ac
                                                                                                                0x004072c8
                                                                                                                0x004072cc
                                                                                                                0x00407111
                                                                                                                0x00407117
                                                                                                                0x00407118
                                                                                                                0x0040711a
                                                                                                                0x00407120
                                                                                                                0x00407123
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00407123
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004072ae
                                                                                                                0x004072ae
                                                                                                                0x004072ae
                                                                                                                0x004072b3
                                                                                                                0x004072bc
                                                                                                                0x004072c5
                                                                                                                0x00000000
                                                                                                                0x004072c5
                                                                                                                0x004072d2
                                                                                                                0x004072d2
                                                                                                                0x004072d5
                                                                                                                0x004072dc
                                                                                                                0x004072df
                                                                                                                0x00000000
                                                                                                                0x00407102
                                                                                                                0x00407082
                                                                                                                0x00407084
                                                                                                                0x00407084
                                                                                                                0x00407088
                                                                                                                0x0040708b
                                                                                                                0x0040708c
                                                                                                                0x0040708c
                                                                                                                0x00000000
                                                                                                                0x00407084
                                                                                                                0x00406ff8
                                                                                                                0x00406ffe
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fca4b55698b2abcc8e5cbf272b741b12ffb4e3b740e9774b5bdfc5da95159218
                                                                                                                • Instruction ID: 2f0950e66cb79552dca6b2fc49cb98149526550dbc918883d7c1b9af38c738a1
                                                                                                                • Opcode Fuzzy Hash: fca4b55698b2abcc8e5cbf272b741b12ffb4e3b740e9774b5bdfc5da95159218
                                                                                                                • Instruction Fuzzy Hash: 42C13831E042598BCF18CF68D4905EEB7B2BF99314F25827ED8567B380D734A942CB95
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404AA3 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E00404AA3(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				void* _t205;
				intOrPtr _t206;
				intOrPtr _t208;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t287;
				long _t290;
				void* _t291;
				signed int _t300;
				signed int _t308;
				void* _t309;
				void* _t310;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x42f448;
				_v28 =  *0x42f414 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x42f41d & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E004049F1(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x418 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x42f41c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x42a854; // 0x0
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x42a868; // 0x0
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x42a854 = 0;
								 *0x42a868 = 0;
								 *0x42f480 = 0;
							}
							if(_a8 != 0x40f) {
								L88:
								if(_a8 == 0x420 && ( *0x42f41d & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L91;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404A71();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_t205 =  *0x42a868; // 0x0
									_v36 = _t205;
									_t206 =  *0x42f448;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42f44c <= 0) {
										L86:
										InvalidateRect(_v8, 0, 1);
										_t208 =  *0x42ebdc; // 0x689455
										if( *((intOrPtr*)(_t208 + 0x10)) != 0) {
											E004049AC(0x3ff, 0xfffffffb, E004049C4(5));
										}
										goto L88;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x106]);
									} while (_v24 <  *0x42f44c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x42a868);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L91;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L91;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x42f480 = _a4;
					_v20 = 2;
					 *0x42a868 = GlobalAlloc(0x40,  *0x42f44c << 2);
					_t264 = LoadImageA( *0x42f400, 0x6e, 0, 0, 0, 0);
					 *0x42a85c =  *0x42a85c | 0xffffffff;
					_v16 = _t264;
					 *0x42a864 = SetWindowLongA(_v8, 0xfffffffc, E004050AB);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x42a854 = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x42a854);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E00406032(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E0040409E(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E0040409E(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x42f44c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										_t287 = SendMessageA(_v8, 0x1100, 0,  &_v88);
										_t309 =  *0x42a868; // 0x0
										 *(_t309 + _t329 * 4) = _t287;
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_t310 =  *0x42a868; // 0x0
									_v36 = 1;
									 *(_t310 + _t329 * 4) = _t290;
									_t291 =  *0x42a868; // 0x0
									_v16 =  *(_t291 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x418]);
							_v32 = _t316;
						} while (_t329 <  *0x42f44c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004040D3(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004040D3(_v12);
								L91:
								return E00404105(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}































































                                                                                                                0x00404ac1
                                                                                                                0x00404ac9
                                                                                                                0x00404ad1
                                                                                                                0x00404ad7
                                                                                                                0x00404aef
                                                                                                                0x00404af2
                                                                                                                0x00404af3
                                                                                                                0x00404d20
                                                                                                                0x00404d27
                                                                                                                0x00404d3b
                                                                                                                0x00404d29
                                                                                                                0x00404d2b
                                                                                                                0x00404d2e
                                                                                                                0x00404d2f
                                                                                                                0x00404d36
                                                                                                                0x00404d36
                                                                                                                0x00404d47
                                                                                                                0x00404d55
                                                                                                                0x00404d58
                                                                                                                0x00404d6e
                                                                                                                0x00404de3
                                                                                                                0x00404de6
                                                                                                                0x00404de8
                                                                                                                0x00404df2
                                                                                                                0x00404e00
                                                                                                                0x00404e00
                                                                                                                0x00404e02
                                                                                                                0x00404e0c
                                                                                                                0x00404e12
                                                                                                                0x00404e15
                                                                                                                0x00404e18
                                                                                                                0x00404e33
                                                                                                                0x00404e1a
                                                                                                                0x00404e24
                                                                                                                0x00404e24
                                                                                                                0x00404e18
                                                                                                                0x00404e0c
                                                                                                                0x00000000
                                                                                                                0x00404de6
                                                                                                                0x00404d73
                                                                                                                0x00404d7e
                                                                                                                0x00404d83
                                                                                                                0x00404d8a
                                                                                                                0x00404d8f
                                                                                                                0x00404d93
                                                                                                                0x00404d9e
                                                                                                                0x00404d9e
                                                                                                                0x00404da2
                                                                                                                0x00404da6
                                                                                                                0x00404daa
                                                                                                                0x00404dbd
                                                                                                                0x00404dac
                                                                                                                0x00404dac
                                                                                                                0x00404db3
                                                                                                                0x00404db9
                                                                                                                0x00404db5
                                                                                                                0x00404db5
                                                                                                                0x00404db5
                                                                                                                0x00404db3
                                                                                                                0x00404dc1
                                                                                                                0x00404dc3
                                                                                                                0x00404dd6
                                                                                                                0x00404dd9
                                                                                                                0x00404ddc
                                                                                                                0x00404ddc
                                                                                                                0x00404da6
                                                                                                                0x00000000
                                                                                                                0x00404d93
                                                                                                                0x00404d75
                                                                                                                0x00404d7c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404e36
                                                                                                                0x00404e36
                                                                                                                0x00404e3d
                                                                                                                0x00404eae
                                                                                                                0x00404eb6
                                                                                                                0x00404ebe
                                                                                                                0x00404ebe
                                                                                                                0x00404ec7
                                                                                                                0x00404ec9
                                                                                                                0x00404ed0
                                                                                                                0x00404ed3
                                                                                                                0x00404ed3
                                                                                                                0x00404ed9
                                                                                                                0x00404ee0
                                                                                                                0x00404ee3
                                                                                                                0x00404ee3
                                                                                                                0x00404ee9
                                                                                                                0x00404eef
                                                                                                                0x00404ef5
                                                                                                                0x00404ef5
                                                                                                                0x00404f02
                                                                                                                0x00405058
                                                                                                                0x0040505f
                                                                                                                0x0040507c
                                                                                                                0x00405082
                                                                                                                0x00405094
                                                                                                                0x00405094
                                                                                                                0x00000000
                                                                                                                0x00404f08
                                                                                                                0x00404f0a
                                                                                                                0x00404f0f
                                                                                                                0x00404f14
                                                                                                                0x00404f19
                                                                                                                0x00404f1b
                                                                                                                0x00404f1b
                                                                                                                0x00404f1c
                                                                                                                0x00404f1d
                                                                                                                0x00404f1f
                                                                                                                0x00404f1f
                                                                                                                0x00404f27
                                                                                                                0x00404f68
                                                                                                                0x00404f6a
                                                                                                                0x00404f6f
                                                                                                                0x00404f7a
                                                                                                                0x00404f7d
                                                                                                                0x00404f82
                                                                                                                0x00404f89
                                                                                                                0x00404f8c
                                                                                                                0x0040502e
                                                                                                                0x00405034
                                                                                                                0x0040503a
                                                                                                                0x00405042
                                                                                                                0x00405053
                                                                                                                0x00405053
                                                                                                                0x00000000
                                                                                                                0x00405042
                                                                                                                0x00404f92
                                                                                                                0x00404f95
                                                                                                                0x00404f9b
                                                                                                                0x00404fa0
                                                                                                                0x00404fa2
                                                                                                                0x00404fa4
                                                                                                                0x00404faa
                                                                                                                0x00404fb1
                                                                                                                0x00404fb6
                                                                                                                0x00404fbd
                                                                                                                0x00404fc0
                                                                                                                0x00404fc0
                                                                                                                0x00404fc7
                                                                                                                0x00404fd3
                                                                                                                0x00404fd7
                                                                                                                0x00404fd9
                                                                                                                0x00404fd9
                                                                                                                0x00404fc9
                                                                                                                0x00404fcb
                                                                                                                0x00404fcb
                                                                                                                0x00404ff9
                                                                                                                0x00405005
                                                                                                                0x00405014
                                                                                                                0x00405014
                                                                                                                0x00405016
                                                                                                                0x00405019
                                                                                                                0x00405022
                                                                                                                0x00000000
                                                                                                                0x00404f29
                                                                                                                0x00404f34
                                                                                                                0x00404f37
                                                                                                                0x00404f3c
                                                                                                                0x00404f3e
                                                                                                                0x00404f42
                                                                                                                0x00404f52
                                                                                                                0x00404f5c
                                                                                                                0x00404f5e
                                                                                                                0x00404f61
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404f44
                                                                                                                0x00404f44
                                                                                                                0x00404f4a
                                                                                                                0x00404f4c
                                                                                                                0x00404f4c
                                                                                                                0x00404f4d
                                                                                                                0x00404f4e
                                                                                                                0x00000000
                                                                                                                0x00404f44
                                                                                                                0x00404f27
                                                                                                                0x00404f02
                                                                                                                0x00404e45
                                                                                                                0x00000000
                                                                                                                0x00404e5b
                                                                                                                0x00404e65
                                                                                                                0x00404e6a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404e7c
                                                                                                                0x00404e81
                                                                                                                0x00404e8d
                                                                                                                0x00404e8d
                                                                                                                0x00404e8f
                                                                                                                0x00404e9e
                                                                                                                0x00404ea0
                                                                                                                0x00404ea4
                                                                                                                0x00404ea7
                                                                                                                0x00000000
                                                                                                                0x00404ea7
                                                                                                                0x00404e45
                                                                                                                0x00404af9
                                                                                                                0x00404afc
                                                                                                                0x00404aff
                                                                                                                0x00404b0f
                                                                                                                0x00404b22
                                                                                                                0x00404b2d
                                                                                                                0x00404b33
                                                                                                                0x00404b41
                                                                                                                0x00404b54
                                                                                                                0x00404b59
                                                                                                                0x00404b64
                                                                                                                0x00404b6d
                                                                                                                0x00404b83
                                                                                                                0x00404b93
                                                                                                                0x00404b9f
                                                                                                                0x00404b9f
                                                                                                                0x00404ba4
                                                                                                                0x00404baa
                                                                                                                0x00404bac
                                                                                                                0x00404baf
                                                                                                                0x00404bb4
                                                                                                                0x00404bb9
                                                                                                                0x00404bbb
                                                                                                                0x00404bbb
                                                                                                                0x00404bdb
                                                                                                                0x00404bdb
                                                                                                                0x00404bdd
                                                                                                                0x00404bde
                                                                                                                0x00404be3
                                                                                                                0x00404be9
                                                                                                                0x00404bed
                                                                                                                0x00404bf2
                                                                                                                0x00404bfa
                                                                                                                0x00404bfe
                                                                                                                0x00404c03
                                                                                                                0x00404c08
                                                                                                                0x00404c10
                                                                                                                0x00404c13
                                                                                                                0x00404ce2
                                                                                                                0x00404cf5
                                                                                                                0x00000000
                                                                                                                0x00404c19
                                                                                                                0x00404c1c
                                                                                                                0x00404c1f
                                                                                                                0x00404c22
                                                                                                                0x00404c22
                                                                                                                0x00404c27
                                                                                                                0x00404c30
                                                                                                                0x00404c33
                                                                                                                0x00404c37
                                                                                                                0x00404c3a
                                                                                                                0x00404c3d
                                                                                                                0x00404c46
                                                                                                                0x00404c4f
                                                                                                                0x00404c52
                                                                                                                0x00404c55
                                                                                                                0x00404c58
                                                                                                                0x00404c96
                                                                                                                0x00404cb9
                                                                                                                0x00404cbb
                                                                                                                0x00404cc1
                                                                                                                0x00404c98
                                                                                                                0x00404ca7
                                                                                                                0x00404ca7
                                                                                                                0x00404c5a
                                                                                                                0x00404c5d
                                                                                                                0x00404c6b
                                                                                                                0x00404c75
                                                                                                                0x00404c77
                                                                                                                0x00404c7d
                                                                                                                0x00404c84
                                                                                                                0x00404c87
                                                                                                                0x00404c8f
                                                                                                                0x00404c8f
                                                                                                                0x00404c58
                                                                                                                0x00404cc7
                                                                                                                0x00404cc8
                                                                                                                0x00404cd4
                                                                                                                0x00404cd4
                                                                                                                0x00404ce0
                                                                                                                0x00404cfb
                                                                                                                0x00404cfe
                                                                                                                0x00404d1b
                                                                                                                0x00000000
                                                                                                                0x00404d00
                                                                                                                0x00404d05
                                                                                                                0x00404d0e
                                                                                                                0x00405096
                                                                                                                0x004050a8
                                                                                                                0x004050a8
                                                                                                                0x00404cfe
                                                                                                                0x00000000
                                                                                                                0x00404ce0
                                                                                                                0x00404c13

                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32 ref: 00404ABA
                                                                                                                • GetDlgItem.USER32 ref: 00404AC7
                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404B16
                                                                                                                • LoadImageA.USER32 ref: 00404B2D
                                                                                                                • SetWindowLongA.USER32 ref: 00404B47
                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404B59
                                                                                                                • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404B6D
                                                                                                                • SendMessageA.USER32(?,00001109,00000002), ref: 00404B83
                                                                                                                • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404B8F
                                                                                                                • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404B9F
                                                                                                                • DeleteObject.GDI32(00000110), ref: 00404BA4
                                                                                                                • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404BCF
                                                                                                                • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404BDB
                                                                                                                • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404C75
                                                                                                                • SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404CA5
                                                                                                                  • Part of subcall function 004040D3: SendMessageA.USER32(00000028,?,00000001,00403F03), ref: 004040E1
                                                                                                                • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404CB9
                                                                                                                • GetWindowLongA.USER32 ref: 00404CE7
                                                                                                                • SetWindowLongA.USER32 ref: 00404CF5
                                                                                                                • ShowWindow.USER32(?,00000005), ref: 00404D05
                                                                                                                • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404E00
                                                                                                                • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404E65
                                                                                                                • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404E7A
                                                                                                                • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404E9E
                                                                                                                • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404EBE
                                                                                                                • ImageList_Destroy.COMCTL32(00000000), ref: 00404ED3
                                                                                                                • GlobalFree.KERNEL32 ref: 00404EE3
                                                                                                                • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404F5C
                                                                                                                • SendMessageA.USER32(?,00001102,?,?), ref: 00405005
                                                                                                                • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00405014
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00405034
                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00405082
                                                                                                                • GetDlgItem.USER32 ref: 0040508D
                                                                                                                • ShowWindow.USER32(00000000), ref: 00405094
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                • String ID: $M$N
                                                                                                                • API String ID: 2564846305-813528018
                                                                                                                • Opcode ID: 7979eb89c2ba789210c478efbd40ca5770d0cf58fb7a2a7deeb4f629e08dd5c3
                                                                                                                • Instruction ID: b93138f0eedc2449d1e9bfda9be5258a8e47cdb0f0c7c2118b7039f3366b9e37
                                                                                                                • Opcode Fuzzy Hash: 7979eb89c2ba789210c478efbd40ca5770d0cf58fb7a2a7deeb4f629e08dd5c3
                                                                                                                • Instruction Fuzzy Hash: AA026EB0900209AFEB20DFA5DD45AAE7BB5FB44314F14813AF614B62E0C7799D52CF58
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404209 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E00404209(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				intOrPtr _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				signed int _t106;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L11:
						__eflags = _a8 - 0x4e;
						if(_a8 != 0x4e) {
							__eflags = _a8 - 0x40b;
							if(_a8 == 0x40b) {
								 *0x42983c =  *0x42983c + 1;
								__eflags =  *0x42983c;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00404105(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x70b;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b) {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x201;
							if( *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
								_t100 =  *((intOrPtr*)(_t110 + 0x1c));
								_t109 =  *((intOrPtr*)(_t110 + 0x18));
								_v12 = _t100;
								__eflags = _t100 - _t109 - 0x800;
								_v16 = _t109;
								_v8 = 0x42e3a0;
								if(_t100 - _t109 < 0x800) {
									SendMessageA(_t52, 0x44b, 0,  &_v16);
									SetCursor(LoadCursorA(0, 0x7f02));
									_push(1);
									E004044AD(_a4, _v8);
									SetCursor(LoadCursorA(0, 0x7f00));
									_t110 = _a16;
								}
							}
						}
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x700;
						if( *((intOrPtr*)(_t110 + 8)) != 0x700) {
							goto L26;
						} else {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x100;
							if( *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
								goto L26;
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0xd;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x42f408, 0x111, 1, 0);
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0x1b;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x42f408, 0x10, 0, 0);
							}
							return 1;
						}
					}
					__eflags = _a12 >> 0x10;
					if(_a12 >> 0x10 != 0) {
						goto L25;
					}
					__eflags =  *0x42983c; // 0x0
					if(__eflags != 0) {
						goto L25;
					}
					_t103 =  *0x42a048; // 0x67d0c4
					_t25 = _t103 + 0x14; // 0x67d0d8
					_t112 = _t25;
					__eflags =  *_t112 & 0x00000020;
					if(( *_t112 & 0x00000020) == 0) {
						goto L25;
					}
					_t106 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
					__eflags = _t106;
					 *_t112 = _t106;
					E004040C0(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
					E00404489();
					goto L11;
				} else {
					_t98 = _a16;
					_t113 =  *(_t98 + 0x30);
					if(_t113 < 0) {
						_t107 =  *0x42ebdc; // 0x689455
						_t113 =  *(_t107 - 4 + _t113 * 4);
					}
					_push( *((intOrPtr*)(_t98 + 0x34)));
					_t114 = _t113 +  *0x42f458;
					_push(0x22);
					_a16 =  *_t114;
					_v12 = _v12 & 0x00000000;
					_t115 = _t114 + 1;
					_v16 = _t115;
					_v8 = E004041D4;
					E0040409E(_a4);
					_push( *((intOrPtr*)(_t98 + 0x38)));
					_push(0x23);
					E0040409E(_a4);
					CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
					E004040C0( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
					_t99 = GetDlgItem(_a4, 0x3e8);
					E004040D3(_t99);
					SendMessageA(_t99, 0x45b, 1, 0);
					_t86 =  *( *0x42f414 + 0x68);
					if(_t86 < 0) {
						_t86 = GetSysColor( ~_t86);
					}
					SendMessageA(_t99, 0x443, 0, _t86);
					SendMessageA(_t99, 0x445, 0, 0x4010000);
					SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
					 *0x42983c = 0;
					SendMessageA(_t99, 0x449, _a16,  &_v16);
					 *0x42983c = 0;
					return 0;
				}
			}




















                                                                                                                0x00404219
                                                                                                                0x0040432b
                                                                                                                0x0040433e
                                                                                                                0x0040439a
                                                                                                                0x0040439a
                                                                                                                0x0040439e
                                                                                                                0x00404464
                                                                                                                0x0040446b
                                                                                                                0x0040446d
                                                                                                                0x0040446d
                                                                                                                0x0040446d
                                                                                                                0x00404473
                                                                                                                0x00404473
                                                                                                                0x00404476
                                                                                                                0x00000000
                                                                                                                0x0040447d
                                                                                                                0x004043ac
                                                                                                                0x004043ae
                                                                                                                0x004043b1
                                                                                                                0x004043b8
                                                                                                                0x004043ba
                                                                                                                0x004043c1
                                                                                                                0x004043c3
                                                                                                                0x004043c6
                                                                                                                0x004043c9
                                                                                                                0x004043ce
                                                                                                                0x004043d4
                                                                                                                0x004043d7
                                                                                                                0x004043de
                                                                                                                0x004043ec
                                                                                                                0x00404404
                                                                                                                0x00404406
                                                                                                                0x0040440e
                                                                                                                0x0040441d
                                                                                                                0x0040441f
                                                                                                                0x0040441f
                                                                                                                0x004043de
                                                                                                                0x004043c1
                                                                                                                0x00404422
                                                                                                                0x00404429
                                                                                                                0x00000000
                                                                                                                0x0040442b
                                                                                                                0x0040442b
                                                                                                                0x00404432
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404434
                                                                                                                0x00404438
                                                                                                                0x00404449
                                                                                                                0x00404449
                                                                                                                0x0040444b
                                                                                                                0x0040444f
                                                                                                                0x0040445d
                                                                                                                0x0040445d
                                                                                                                0x00000000
                                                                                                                0x00404461
                                                                                                                0x00404429
                                                                                                                0x00404346
                                                                                                                0x00404349
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404351
                                                                                                                0x00404357
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040435d
                                                                                                                0x00404363
                                                                                                                0x00404363
                                                                                                                0x00404366
                                                                                                                0x00404369
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040438c
                                                                                                                0x0040438c
                                                                                                                0x0040438e
                                                                                                                0x00404390
                                                                                                                0x00404395
                                                                                                                0x00000000
                                                                                                                0x0040421f
                                                                                                                0x0040421f
                                                                                                                0x00404222
                                                                                                                0x00404227
                                                                                                                0x00404229
                                                                                                                0x00404238
                                                                                                                0x00404238
                                                                                                                0x0040423f
                                                                                                                0x00404242
                                                                                                                0x00404244
                                                                                                                0x00404249
                                                                                                                0x00404252
                                                                                                                0x00404258
                                                                                                                0x00404264
                                                                                                                0x00404267
                                                                                                                0x00404270
                                                                                                                0x00404275
                                                                                                                0x00404278
                                                                                                                0x0040427d
                                                                                                                0x00404294
                                                                                                                0x0040429b
                                                                                                                0x004042ae
                                                                                                                0x004042b1
                                                                                                                0x004042c6
                                                                                                                0x004042cd
                                                                                                                0x004042d2
                                                                                                                0x004042d7
                                                                                                                0x004042d7
                                                                                                                0x004042e6
                                                                                                                0x004042f5
                                                                                                                0x00404307
                                                                                                                0x0040430c
                                                                                                                0x0040431c
                                                                                                                0x0040431e
                                                                                                                0x00000000
                                                                                                                0x00404324

                                                                                                                APIs
                                                                                                                • CheckDlgButton.USER32 ref: 00404294
                                                                                                                • GetDlgItem.USER32 ref: 004042A8
                                                                                                                • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004042C6
                                                                                                                • GetSysColor.USER32(?), ref: 004042D7
                                                                                                                • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004042E6
                                                                                                                • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004042F5
                                                                                                                • lstrlenA.KERNEL32(?), ref: 004042F8
                                                                                                                • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404307
                                                                                                                • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040431C
                                                                                                                • GetDlgItem.USER32 ref: 0040437E
                                                                                                                • SendMessageA.USER32(00000000), ref: 00404381
                                                                                                                • GetDlgItem.USER32 ref: 004043AC
                                                                                                                • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004043EC
                                                                                                                • LoadCursorA.USER32 ref: 004043FB
                                                                                                                • SetCursor.USER32(00000000), ref: 00404404
                                                                                                                • LoadCursorA.USER32 ref: 0040441A
                                                                                                                • SetCursor.USER32(00000000), ref: 0040441D
                                                                                                                • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404449
                                                                                                                • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040445D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                • String ID: N$Remove folder:
                                                                                                                • API String ID: 3103080414-3051863454
                                                                                                                • Opcode ID: 448c26d367fa4ce24fea73f86f3c1ebcb169a2680b3cc918c82a0762cc84cb42
                                                                                                                • Instruction ID: e1855738532d9be41fcebd9a9c4146cd0e241e622fdf0fb061f71f1fb699f553
                                                                                                                • Opcode Fuzzy Hash: 448c26d367fa4ce24fea73f86f3c1ebcb169a2680b3cc918c82a0762cc84cb42
                                                                                                                • Instruction Fuzzy Hash: 2661A4B1A40208BFDB109F61DD45F6A7B69FB84314F00803AFB057A1D1C7B8A952CF98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42f414;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "Wildix Integration Service v3.11.3 Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42f408;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                                                0x0040100a
                                                                                                                0x00401039
                                                                                                                0x00401047
                                                                                                                0x0040104d
                                                                                                                0x00401051
                                                                                                                0x0040105b
                                                                                                                0x00401061
                                                                                                                0x00401064
                                                                                                                0x004010f3
                                                                                                                0x00401089
                                                                                                                0x0040108c
                                                                                                                0x004010a6
                                                                                                                0x004010bd
                                                                                                                0x004010cc
                                                                                                                0x004010cf
                                                                                                                0x004010d5
                                                                                                                0x004010d9
                                                                                                                0x004010e4
                                                                                                                0x004010ed
                                                                                                                0x004010ef
                                                                                                                0x004010ef
                                                                                                                0x00401100
                                                                                                                0x00401105
                                                                                                                0x0040110d
                                                                                                                0x00401110
                                                                                                                0x00401112
                                                                                                                0x00401118
                                                                                                                0x0040111f
                                                                                                                0x00401126
                                                                                                                0x00401130
                                                                                                                0x00401142
                                                                                                                0x00401156
                                                                                                                0x00401160
                                                                                                                0x00401165
                                                                                                                0x00401165
                                                                                                                0x00401110
                                                                                                                0x0040116e
                                                                                                                0x00000000
                                                                                                                0x00401178
                                                                                                                0x00401010
                                                                                                                0x00401013
                                                                                                                0x00401015
                                                                                                                0x0040101f
                                                                                                                0x0040101f
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                • GetClientRect.USER32 ref: 0040105B
                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                • FillRect.USER32 ref: 004010E4
                                                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                • DrawTextA.USER32(00000000,Wildix Integration Service v3.11.3 Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                • String ID: F$Wildix Integration Service v3.11.3 Setup
                                                                                                                • API String ID: 941294808-2318693128
                                                                                                                • Opcode ID: 7b2e9886d4a0a86190cfd2eb73994447d751dd60ad8b28ccd238e082d53d4ecc
                                                                                                                • Instruction ID: a83fe4be3842045fa55e49ef5e4516223b86fcdf0b70f1128ddfc4a40beffe79
                                                                                                                • Opcode Fuzzy Hash: 7b2e9886d4a0a86190cfd2eb73994447d751dd60ad8b28ccd238e082d53d4ecc
                                                                                                                • Instruction Fuzzy Hash: 48418C71400209AFCB058FA5DE459BF7BB9FF45314F00842EF9A1AA1A0C7749955DFA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405C7F Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405C7F(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x42c600 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameA( *(_t52 + 0x1c), 0x42ca00, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x42c200, "%s=%s\r\n", 0x42c600, 0x42ca00);
						_t53 = _t52 + 0x10;
						E00406032(_t37, 0x400, 0x42ca00, 0x42ca00,  *((intOrPtr*)( *0x42f414 + 0x128)));
						_t12 = E00405BA9(0x42ca00, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405C21(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405B0E(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405B0E(_t38, _t21 + 0xa, 0x40a3b8);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405B64(_t24 + _t46, 0x42c200, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405C50(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405BA9(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x42c600, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                                                0x00405c7f
                                                                                                                0x00405c88
                                                                                                                0x00405c8f
                                                                                                                0x00405ca3
                                                                                                                0x00405ccb
                                                                                                                0x00405cd6
                                                                                                                0x00405cda
                                                                                                                0x00405cfa
                                                                                                                0x00405d01
                                                                                                                0x00405d0b
                                                                                                                0x00405d18
                                                                                                                0x00405d1d
                                                                                                                0x00405d22
                                                                                                                0x00405d26
                                                                                                                0x00405d35
                                                                                                                0x00405d37
                                                                                                                0x00405d44
                                                                                                                0x00405d48
                                                                                                                0x00405de3
                                                                                                                0x00000000
                                                                                                                0x00405d5e
                                                                                                                0x00405d6b
                                                                                                                0x00405d8f
                                                                                                                0x00405d93
                                                                                                                0x00405db2
                                                                                                                0x00405db6
                                                                                                                0x00405db6
                                                                                                                0x00405db8
                                                                                                                0x00405dc1
                                                                                                                0x00405dcc
                                                                                                                0x00405dd7
                                                                                                                0x00405ddd
                                                                                                                0x00000000
                                                                                                                0x00405ddd
                                                                                                                0x00405d95
                                                                                                                0x00405d98
                                                                                                                0x00405da3
                                                                                                                0x00405d9f
                                                                                                                0x00405da1
                                                                                                                0x00405da2
                                                                                                                0x00405da2
                                                                                                                0x00405daa
                                                                                                                0x00405dac
                                                                                                                0x00000000
                                                                                                                0x00405dac
                                                                                                                0x00405d76
                                                                                                                0x00405d7c
                                                                                                                0x00000000
                                                                                                                0x00405d7c
                                                                                                                0x00405d48
                                                                                                                0x00405d26
                                                                                                                0x00405ca5
                                                                                                                0x00405cb0
                                                                                                                0x00405cb9
                                                                                                                0x00405cbd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405cbd
                                                                                                                0x00405dee

                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405E10,?,?), ref: 00405CB0
                                                                                                                • GetShortPathNameA.KERNEL32 ref: 00405CB9
                                                                                                                  • Part of subcall function 00405B0E: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B1E
                                                                                                                  • Part of subcall function 00405B0E: lstrlenA.KERNEL32(00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B50
                                                                                                                • GetShortPathNameA.KERNEL32 ref: 00405CD6
                                                                                                                • wsprintfA.USER32 ref: 00405CF4
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,0042CA00,C0000000,00000004,0042CA00,?,?,?,?,?), ref: 00405D2F
                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405D3E
                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D76
                                                                                                                • SetFilePointer.KERNEL32(0040A3B8,00000000,00000000,00000000,00000000,0042C200,00000000,-0000000A,0040A3B8,00000000,[Rename],00000000,00000000,00000000), ref: 00405DCC
                                                                                                                • GlobalFree.KERNEL32 ref: 00405DDD
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405DE4
                                                                                                                  • Part of subcall function 00405BA9: GetFileAttributesA.KERNELBASE(00000003,00402E04,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405BAD
                                                                                                                  • Part of subcall function 00405BA9: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BCF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                • String ID: %s=%s$[Rename]
                                                                                                                • API String ID: 2171350718-1727408572
                                                                                                                • Opcode ID: f77fbfde1968c6cc6d109ac9641d83ed14e9d60a65f6ef3fc352fd67b9dcf635
                                                                                                                • Instruction ID: 5f10e72b046bb4c3808544f3b96a1b07f09bbbda3d3e46611c613b54f85f09c3
                                                                                                                • Opcode Fuzzy Hash: f77fbfde1968c6cc6d109ac9641d83ed14e9d60a65f6ef3fc352fd67b9dcf635
                                                                                                                • Instruction Fuzzy Hash: F631F231600B15ABD2207BA59D4DFAB3A6CDF42754F14443BFA01F62D2DA7CE8058ABD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040627A Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040627A(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405A15(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004059D3("*?|<>/\":", _t5))) == 0) {
							E00405B64(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                0x0040627c
                                                                                                                0x00406284
                                                                                                                0x00406298
                                                                                                                0x00406298
                                                                                                                0x0040629e
                                                                                                                0x004062ab
                                                                                                                0x004062ab
                                                                                                                0x004062ac
                                                                                                                0x004062ae
                                                                                                                0x004062b2
                                                                                                                0x004062b4
                                                                                                                0x004062bd
                                                                                                                0x004062bf
                                                                                                                0x004062d9
                                                                                                                0x004062e1
                                                                                                                0x004062e1
                                                                                                                0x004062e6
                                                                                                                0x004062e8
                                                                                                                0x004062ea
                                                                                                                0x004062ee
                                                                                                                0x004062ef
                                                                                                                0x004062f2
                                                                                                                0x004062fa
                                                                                                                0x004062fc
                                                                                                                0x00406300
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406306
                                                                                                                0x0040630b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040630b
                                                                                                                0x00406310

                                                                                                                APIs
                                                                                                                • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SetupWIService.exe",766DFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062D2
                                                                                                                • CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004062DF
                                                                                                                • CharNextA.USER32(?,"C:\Users\user\Desktop\SetupWIService.exe",766DFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062E4
                                                                                                                • CharPrevA.USER32(?,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062F4
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 0040627B
                                                                                                                • "C:\Users\user\Desktop\SetupWIService.exe", xrefs: 004062B6
                                                                                                                • *?|<>/":, xrefs: 004062C2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Char$Next$Prev
                                                                                                                • String ID: "C:\Users\user\Desktop\SetupWIService.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                • API String ID: 589700163-525100670
                                                                                                                • Opcode ID: a4ab23b94a56fbb4e4ab915d6a0181bd243ee2e30b5e95404a857257d08c8b81
                                                                                                                • Instruction ID: 6247d5b4c7038ff51e561e9c2f84ae45375c8bcee8d01d3c6d5c321a6abb2e6d
                                                                                                                • Opcode Fuzzy Hash: a4ab23b94a56fbb4e4ab915d6a0181bd243ee2e30b5e95404a857257d08c8b81
                                                                                                                • Instruction Fuzzy Hash: 2211E95180479029EB3226246C40BBB7F884F97751F1A00BFE8C2722C1C67C5C52867D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404105 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00404105(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                                                0x00404117
                                                                                                                0x004041cd
                                                                                                                0x00000000
                                                                                                                0x004041cd
                                                                                                                0x00404128
                                                                                                                0x0040412c
                                                                                                                0x00000000
                                                                                                                0x00404146
                                                                                                                0x00404146
                                                                                                                0x0040414f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404151
                                                                                                                0x0040415d
                                                                                                                0x00404160
                                                                                                                0x00404160
                                                                                                                0x00404166
                                                                                                                0x0040416c
                                                                                                                0x0040416c
                                                                                                                0x00404178
                                                                                                                0x0040417e
                                                                                                                0x00404185
                                                                                                                0x00404188
                                                                                                                0x0040418b
                                                                                                                0x0040418d
                                                                                                                0x0040418d
                                                                                                                0x00404195
                                                                                                                0x0040419b
                                                                                                                0x0040419b
                                                                                                                0x004041a5
                                                                                                                0x004041aa
                                                                                                                0x004041ad
                                                                                                                0x004041b2
                                                                                                                0x004041b5
                                                                                                                0x004041b5
                                                                                                                0x004041c5
                                                                                                                0x004041c5
                                                                                                                0x00000000
                                                                                                                0x004041c8

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2320649405-0
                                                                                                                • Opcode ID: 2fd397ab70c88e7053abfa2b1889d7e6adf273714bf8f91ffd366fbe1d5efa4b
                                                                                                                • Instruction ID: 549509973aaa983cd2a57f184cdff44cbcc336d3318ba047a0b32752f088f93e
                                                                                                                • Opcode Fuzzy Hash: 2fd397ab70c88e7053abfa2b1889d7e6adf273714bf8f91ffd366fbe1d5efa4b
                                                                                                                • Instruction Fuzzy Hash: 7D2162715007049BCB219F68DD4CB5BBBF8AF91714B048A3EEA96A66E0C734E984CB54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004049F1 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004049F1(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                0x004049ff
                                                                                                                0x00404a0c
                                                                                                                0x00404a12
                                                                                                                0x00404a50
                                                                                                                0x00404a50
                                                                                                                0x00404a5f
                                                                                                                0x00404a66
                                                                                                                0x00000000
                                                                                                                0x00404a68
                                                                                                                0x00404a14
                                                                                                                0x00404a23
                                                                                                                0x00404a2b
                                                                                                                0x00404a2e
                                                                                                                0x00404a40
                                                                                                                0x00404a46
                                                                                                                0x00404a4d
                                                                                                                0x00000000
                                                                                                                0x00404a4d
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404A0C
                                                                                                                • GetMessagePos.USER32 ref: 00404A14
                                                                                                                • ScreenToClient.USER32 ref: 00404A2E
                                                                                                                • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404A40
                                                                                                                • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404A66
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                • String ID: f
                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                • Opcode ID: b233b2991907e98a40282691d164461162982266b543cde43f51771bab81e11a
                                                                                                                • Instruction ID: dd2724b276b0829887a11dc4f26b79c7971af77995a7330ace4ae867cc8e4813
                                                                                                                • Opcode Fuzzy Hash: b233b2991907e98a40282691d164461162982266b543cde43f51771bab81e11a
                                                                                                                • Instruction Fuzzy Hash: 4B018071940218BADB00DB94DD81BFEBBB8AF95711F10412BBA11B61C0C7B455018FA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401DFF Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E00401DFF(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402B0A(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40b818->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b828 = E00402B0A(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x24));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40b82f = 1;
				 *0x40b82c = _t15 & 0x00000001;
				 *0x40b82d = _t15 & 0x00000002;
				 *0x40b82e = _t15 & 0x00000004;
				E00406032(_t9, _t31, _t33, "MS Shell Dlg",  *((intOrPtr*)(_t35 - 0x30)));
				_t18 = CreateFontIndirectA(0x40b818);
				_push(_t18);
				_push(_t33);
				E00405F6E();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                                                0x00401dff
                                                                                                                0x00401e0a
                                                                                                                0x00401e0c
                                                                                                                0x00401e19
                                                                                                                0x00401e30
                                                                                                                0x00401e35
                                                                                                                0x00401e42
                                                                                                                0x00401e47
                                                                                                                0x00401e4b
                                                                                                                0x00401e56
                                                                                                                0x00401e5d
                                                                                                                0x00401e6f
                                                                                                                0x00401e75
                                                                                                                0x00401e7a
                                                                                                                0x00401e84
                                                                                                                0x004025e4
                                                                                                                0x00401569
                                                                                                                0x00402960
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • GetDC.USER32(?), ref: 00401E02
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E1C
                                                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401E24
                                                                                                                • ReleaseDC.USER32 ref: 00401E35
                                                                                                                • CreateFontIndirectA.GDI32(0040B818), ref: 00401E84
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                • String ID: MS Shell Dlg
                                                                                                                • API String ID: 3808545654-76309092
                                                                                                                • Opcode ID: 4e2ac4968fbcfc45df335883300c5f964cad547b4711af948e6fa709055a9030
                                                                                                                • Instruction ID: a7e809a5f5c9b27870585acda152ffb90eb46fec6a88876af75f69e410eeec04
                                                                                                                • Opcode Fuzzy Hash: 4e2ac4968fbcfc45df335883300c5f964cad547b4711af948e6fa709055a9030
                                                                                                                • Instruction Fuzzy Hash: A6015672544240AFD7016B74AE4ABA93FB8EB59305F108839F141B61F2C7750505CB9C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402CDD Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00402CDD(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x41d420; // 0xd393bc
					_t11 =  *0x42942c; // 0xd3bcf0
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                                0x00402cea
                                                                                                                0x00402cf8
                                                                                                                0x00402cfe
                                                                                                                0x00402cfe
                                                                                                                0x00402d0c
                                                                                                                0x00402d0e
                                                                                                                0x00402d14
                                                                                                                0x00402d1b
                                                                                                                0x00402d1d
                                                                                                                0x00402d1d
                                                                                                                0x00402d33
                                                                                                                0x00402d43
                                                                                                                0x00402d55
                                                                                                                0x00402d55
                                                                                                                0x00402d5d

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • verifying installer: %d%%, xrefs: 00402D2D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                • String ID: verifying installer: %d%%
                                                                                                                • API String ID: 1451636040-82062127
                                                                                                                • Opcode ID: f8f7fb574b01a37347c2b5a7030e5195f98b1542352a9ab3f35e70a1f9b9ac5a
                                                                                                                • Instruction ID: 025fba79a5afffe449226ec8edfc98a8674e121caf39d96b1da50a976b993c92
                                                                                                                • Opcode Fuzzy Hash: f8f7fb574b01a37347c2b5a7030e5195f98b1542352a9ab3f35e70a1f9b9ac5a
                                                                                                                • Instruction Fuzzy Hash: AA01FF71640209FBEF249F60DE49FAE37A9FB04345F008039FA06B61D0DBB599568F59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004027A3 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E004027A3(int __ebx, void* __eflags) {
				void* _t26;
				long _t31;
				int _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402B2C(0xfffffff0);
				 *(_t56 - 0x4c) = _t23;
				if(E00405A15(_t50) == 0) {
					E00402B2C(0xffffffed);
				}
				E00405B84(_t50);
				_t26 = E00405BA9(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x42f418;
					 *(_t56 - 0x1c) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E00403223(_t45);
						E0040320D(_t49,  *(_t56 - 0x1c));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x2c));
						 *(_t56 - 0x10) = _t54;
						if(_t54 != _t45) {
							E00402FFB( *((intOrPtr*)(_t56 - 0x30)), _t45, _t54,  *(_t56 - 0x2c));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x48) =  *_t54;
								E00405B64( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x48);
							}
							GlobalFree( *(_t56 - 0x10));
						}
						E00405C50( *(_t56 + 8), _t49,  *(_t56 - 0x1c));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0xc)) = E00402FFB(0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x4c));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                                                                                0x004027a3
                                                                                                                0x004027a5
                                                                                                                0x004027b1
                                                                                                                0x004027b4
                                                                                                                0x004027be
                                                                                                                0x004027c2
                                                                                                                0x004027c2
                                                                                                                0x004027c8
                                                                                                                0x004027d5
                                                                                                                0x004027dd
                                                                                                                0x004027e0
                                                                                                                0x004027e6
                                                                                                                0x004027f4
                                                                                                                0x004027f9
                                                                                                                0x004027fd
                                                                                                                0x00402800
                                                                                                                0x00402809
                                                                                                                0x00402815
                                                                                                                0x00402819
                                                                                                                0x0040281c
                                                                                                                0x00402826
                                                                                                                0x00402845
                                                                                                                0x0040282d
                                                                                                                0x00402832
                                                                                                                0x0040283a
                                                                                                                0x0040283d
                                                                                                                0x00402842
                                                                                                                0x00402842
                                                                                                                0x0040284c
                                                                                                                0x0040284c
                                                                                                                0x00402859
                                                                                                                0x0040285f
                                                                                                                0x00402871
                                                                                                                0x00402871
                                                                                                                0x00402877
                                                                                                                0x00402877
                                                                                                                0x00402882
                                                                                                                0x00402883
                                                                                                                0x00402887
                                                                                                                0x0040288b
                                                                                                                0x00402891
                                                                                                                0x00402891
                                                                                                                0x00402898
                                                                                                                0x004022a4
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004027F7
                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402813
                                                                                                                • GlobalFree.KERNEL32 ref: 0040284C
                                                                                                                • GlobalFree.KERNEL32 ref: 0040285F
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402877
                                                                                                                • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040288B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 2667972263-0
                                                                                                                • Opcode ID: a2aa54484539e5cf0e08f909926563fd1753a777fa44bb9cc822b41f9e16e333
                                                                                                                • Instruction ID: 78559feecc0fcc9b474bd36237e9e6194516f5e07b3510cecd676cf0fe7807ca
                                                                                                                • Opcode Fuzzy Hash: a2aa54484539e5cf0e08f909926563fd1753a777fa44bb9cc822b41f9e16e333
                                                                                                                • Instruction Fuzzy Hash: A4217C72C00224ABCF217FA5CD49DAE7F79EF09364B10823AF520762E1CA7959419F98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004048E7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E004048E7(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00406032(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00406032(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00406032(_t41, _t47, 0x42a870, 0x42a870, _a8);
				wsprintfA(_t32 + lstrlenA(0x42a870), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x42ebd8, _a4, 0x42a870);
			}



















                                                                                                                0x004048ed
                                                                                                                0x004048f2
                                                                                                                0x004048fa
                                                                                                                0x004048fb
                                                                                                                0x00404908
                                                                                                                0x00404910
                                                                                                                0x00404911
                                                                                                                0x00404913
                                                                                                                0x00404915
                                                                                                                0x00404917
                                                                                                                0x0040491a
                                                                                                                0x0040491a
                                                                                                                0x00404921
                                                                                                                0x00404927
                                                                                                                0x00404927
                                                                                                                0x0040492e
                                                                                                                0x00404935
                                                                                                                0x00404938
                                                                                                                0x0040493b
                                                                                                                0x0040493b
                                                                                                                0x0040493f
                                                                                                                0x0040494f
                                                                                                                0x00404951
                                                                                                                0x00404954
                                                                                                                0x004048fd
                                                                                                                0x004048fd
                                                                                                                0x00404904
                                                                                                                0x00404904
                                                                                                                0x0040495c
                                                                                                                0x00404967
                                                                                                                0x0040497d
                                                                                                                0x0040498d
                                                                                                                0x004049a9

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(Wildix Integration Service v3.11.3 Setup ,Wildix Integration Service v3.11.3 Setup ,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404802,000000DF,00000000,00000400,?), ref: 00404985
                                                                                                                • wsprintfA.USER32 ref: 0040498D
                                                                                                                • SetDlgItemTextA.USER32 ref: 004049A0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                • String ID: %u.%u%s%s$Wildix Integration Service v3.11.3 Setup
                                                                                                                • API String ID: 3540041739-400526655
                                                                                                                • Opcode ID: 8f52a3d2b7158611b8ddfee5cd82df9920a420a3de20037d500134a76e905cd2
                                                                                                                • Instruction ID: e3696489e73bdb8ba2be03c53b0d6a47c9a41464d55e6eab91935fd2637341d8
                                                                                                                • Opcode Fuzzy Hash: 8f52a3d2b7158611b8ddfee5cd82df9920a420a3de20037d500134a76e905cd2
                                                                                                                • Instruction Fuzzy Hash: 0E11E473A441286BDB10A57D9C41EAF329CDB85374F254237FA26F31D1E978CC2282A9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004059A8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004059A8(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




                                                                                                                0x004059a9
                                                                                                                0x004059c0
                                                                                                                0x004059c8
                                                                                                                0x004059c8
                                                                                                                0x004059d0

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403258,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004059AE
                                                                                                                • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403258,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004059B7
                                                                                                                • lstrcatA.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 004059C8
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 004059A8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                • API String ID: 2659869361-823278215
                                                                                                                • Opcode ID: dfed55a16eab86d89f3af7970decdd3a6c9dbbcd65d2cf450bad9cf681275afb
                                                                                                                • Instruction ID: 62df29c05e3eff7e61c48a1ee3c1863d20e1198667f6a1bd608fcc747cda2104
                                                                                                                • Opcode Fuzzy Hash: dfed55a16eab86d89f3af7970decdd3a6c9dbbcd65d2cf450bad9cf681275afb
                                                                                                                • Instruction Fuzzy Hash: 90D0A9B2211A30BAE20266259E09ECF2E088F06310B060037F200B21A1CA3D0D1287FE
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405A41 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405A41(CHAR* _a4) {
				CHAR* _t5;
				char* _t7;
				CHAR* _t9;
				char _t10;
				CHAR* _t11;
				void* _t13;

				_t11 = _a4;
				_t9 = CharNextA(_t11);
				_t5 = CharNextA(_t9);
				_t10 =  *_t11;
				if(_t10 == 0 ||  *_t9 != 0x3a || _t9[1] != 0x5c) {
					if(_t10 != 0x5c || _t11[1] != _t10) {
						L10:
						return 0;
					} else {
						_t13 = 2;
						while(1) {
							_t13 = _t13 - 1;
							_t7 = E004059D3(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 1;
							if(_t13 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextA(_t5);
				}
			}









                                                                                                                0x00405a4a
                                                                                                                0x00405a51
                                                                                                                0x00405a54
                                                                                                                0x00405a56
                                                                                                                0x00405a5a
                                                                                                                0x00405a6f
                                                                                                                0x00405a8e
                                                                                                                0x00000000
                                                                                                                0x00405a76
                                                                                                                0x00405a78
                                                                                                                0x00405a79
                                                                                                                0x00405a7c
                                                                                                                0x00405a7d
                                                                                                                0x00405a85
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405a87
                                                                                                                0x00405a8a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405a8a
                                                                                                                0x00000000
                                                                                                                0x00405a79
                                                                                                                0x00405a67
                                                                                                                0x00000000
                                                                                                                0x00405a68

                                                                                                                APIs
                                                                                                                • CharNextA.USER32(?,?,C:\,?,00405AAD,C:\,C:\,766DFA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A4F
                                                                                                                • CharNextA.USER32(00000000), ref: 00405A54
                                                                                                                • CharNextA.USER32(00000000), ref: 00405A68
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharNext
                                                                                                                • String ID: C:\
                                                                                                                • API String ID: 3213498283-3404278061
                                                                                                                • Opcode ID: b0e8f5e89ebadb76a027bec09a8a2b8523dc58ec169e45d2c78276560c1d622b
                                                                                                                • Instruction ID: 984e8433726efb403dd44e64a223cc5f2fc3fa985c42d0e1b55ccc4b068145f6
                                                                                                                • Opcode Fuzzy Hash: b0e8f5e89ebadb76a027bec09a8a2b8523dc58ec169e45d2c78276560c1d622b
                                                                                                                • Instruction Fuzzy Hash: F9F06251B04F656AFB2292744C94B7B5B8CCB55361F184667D980662C282784C418FAA
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402D60 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00402D60(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x429428; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x42f410;
						if(_t2 >  *0x42f410) {
							_t3 = CreateDialogParamA( *0x42f400, 0x6f, 0, E00402CDD, 0);
							 *0x429428 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E004063E4(0);
					}
				} else {
					_t6 =  *0x429428; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x429428 = 0;
					return _t6;
				}
			}






                                                                                                                0x00402d67
                                                                                                                0x00402d81
                                                                                                                0x00402d87
                                                                                                                0x00402d91
                                                                                                                0x00402d97
                                                                                                                0x00402d9d
                                                                                                                0x00402dae
                                                                                                                0x00402db7
                                                                                                                0x00000000
                                                                                                                0x00402dbc
                                                                                                                0x00402dc3
                                                                                                                0x00402d89
                                                                                                                0x00402d90
                                                                                                                0x00402d90
                                                                                                                0x00402d69
                                                                                                                0x00402d69
                                                                                                                0x00402d70
                                                                                                                0x00402d73
                                                                                                                0x00402d73
                                                                                                                0x00402d79
                                                                                                                0x00402d80
                                                                                                                0x00402d80

                                                                                                                APIs
                                                                                                                • DestroyWindow.USER32(00000000,00000000,00402F3E,00000001), ref: 00402D73
                                                                                                                • GetTickCount.KERNEL32 ref: 00402D91
                                                                                                                • CreateDialogParamA.USER32(0000006F,00000000,00402CDD,00000000), ref: 00402DAE
                                                                                                                • ShowWindow.USER32(00000000,00000005), ref: 00402DBC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                • String ID:
                                                                                                                • API String ID: 2102729457-0
                                                                                                                • Opcode ID: 92830607251259d7b21fa7f6a4b037c479e5f1f9739c9a057c3e932900ba9aab
                                                                                                                • Instruction ID: 761b86bf19c83071f88326f4280a43ff42c19d235faedd25f12e3078a496723d
                                                                                                                • Opcode Fuzzy Hash: 92830607251259d7b21fa7f6a4b037c479e5f1f9739c9a057c3e932900ba9aab
                                                                                                                • Instruction Fuzzy Hash: 62F0F431A05621ABC6217B64BE4C9DF7A64BB04B11B51047AF545B22E4DB744C878BAC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004050AB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E004050AB(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t11;
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					__eflags = _t15 - 0x200;
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						__eflags = _t15 - 0x419;
						if(_t15 == 0x419) {
							__eflags =  *0x42a85c - _t16; // 0x0
							if(__eflags != 0) {
								_push(_t16);
								_push(6);
								 *0x42a85c = _t16;
								E00404A71();
							}
						}
						L11:
						return CallWindowProcA( *0x42a864, _a4, _t15, _a12, _t16);
					}
					_t11 = IsWindowVisible(_a4);
					__eflags = _t11;
					if(_t11 == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E004049F1(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 == 0x20) {
					E004040EA(0x413);
					return 0;
				}
				goto L10;
			}






                                                                                                                0x004050af
                                                                                                                0x004050b9
                                                                                                                0x004050cf
                                                                                                                0x004050d5
                                                                                                                0x004050f7
                                                                                                                0x004050fa
                                                                                                                0x004050fa
                                                                                                                0x00405100
                                                                                                                0x00405102
                                                                                                                0x00405108
                                                                                                                0x0040510a
                                                                                                                0x0040510b
                                                                                                                0x0040510d
                                                                                                                0x00405113
                                                                                                                0x00405113
                                                                                                                0x00405108
                                                                                                                0x0040511d
                                                                                                                0x00000000
                                                                                                                0x0040512b
                                                                                                                0x004050da
                                                                                                                0x004050e0
                                                                                                                0x004050e2
                                                                                                                0x0040511a
                                                                                                                0x0040511a
                                                                                                                0x00000000
                                                                                                                0x0040511a
                                                                                                                0x004050ee
                                                                                                                0x004050f0
                                                                                                                0x00000000
                                                                                                                0x004050f0
                                                                                                                0x004050bf
                                                                                                                0x004050c6
                                                                                                                0x00000000
                                                                                                                0x004050cb
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • IsWindowVisible.USER32 ref: 004050DA
                                                                                                                • CallWindowProcA.USER32 ref: 0040512B
                                                                                                                  • Part of subcall function 004040EA: SendMessageA.USER32(001000FA,00000000,00000000,00000000), ref: 004040FC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                • String ID:
                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                • Opcode ID: e888eab98be9719f5677808cf14d784dfa63dd3181dd39c0deeb7150e6d77b2f
                                                                                                                • Instruction ID: 77e6a5b3f6bfc6627eb61d09ca0671ae0e6a579f7b3ef645513b94fc1d41cd39
                                                                                                                • Opcode Fuzzy Hash: e888eab98be9719f5677808cf14d784dfa63dd3181dd39c0deeb7150e6d77b2f
                                                                                                                • Instruction Fuzzy Hash: FD017171600648ABDF206F11DD81A5B3B65EB84750F144036FA417A1D2D73A8C629F6E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004059EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004059EF(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                                0x004059f0
                                                                                                                0x004059fa
                                                                                                                0x004059fc
                                                                                                                0x00405a03
                                                                                                                0x00405a0b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405a0b
                                                                                                                0x00405a0d
                                                                                                                0x00405a12

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402E30,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SetupWIService.exe,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 004059F5
                                                                                                                • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E30,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SetupWIService.exe,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405A03
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharPrevlstrlen
                                                                                                                • String ID: C:\Users\user\Desktop
                                                                                                                • API String ID: 2709904686-1246513382
                                                                                                                • Opcode ID: 4402843b33e5109e67992b99d0281bb7e81fac819ebae0ac34b6d7d52c4d849b
                                                                                                                • Instruction ID: 7185998fb8cc4c4ccda179d560b4c8302004e2739ffdff7e1043df3a51136750
                                                                                                                • Opcode Fuzzy Hash: 4402843b33e5109e67992b99d0281bb7e81fac819ebae0ac34b6d7d52c4d849b
                                                                                                                • Instruction Fuzzy Hash: E6D0C7B3519DB06EE30392549D04B9F6A48DF16710F094566E181A6195C6784D424BED
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405B0E Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405B0E(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                                                0x00405b1e
                                                                                                                0x00405b20
                                                                                                                0x00405b23
                                                                                                                0x00405b4f
                                                                                                                0x00405b28
                                                                                                                0x00405b31
                                                                                                                0x00405b36
                                                                                                                0x00405b41
                                                                                                                0x00405b44
                                                                                                                0x00405b60
                                                                                                                0x00405b46
                                                                                                                0x00405b4d
                                                                                                                0x00000000
                                                                                                                0x00405b4d
                                                                                                                0x00405b59
                                                                                                                0x00405b5d
                                                                                                                0x00405b5d
                                                                                                                0x00405b57
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B1E
                                                                                                                • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B36
                                                                                                                • CharNextA.USER32(00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B47
                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B50
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.548022302.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.548005855.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548047347.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548070930.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548467756.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548487867.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.548531644.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                • String ID:
                                                                                                                • API String ID: 190613189-0
                                                                                                                • Opcode ID: dddc0b46adaff912d9c321cf48e41736a02eed0190ef2a74250491e495455120
                                                                                                                • Instruction ID: 0197496b5d832c36441f5dd9a15c5c44ab4bce902fcb82863052ee0cfca36748
                                                                                                                • Opcode Fuzzy Hash: dddc0b46adaff912d9c321cf48e41736a02eed0190ef2a74250491e495455120
                                                                                                                • Instruction Fuzzy Hash: C9F0C231600418BFC7029BA5DD00D9EBBB8DF06250B2540BAE840F7210D634FE019BA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:4.9%
                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                Signature Coverage:2%
                                                                                                                Total number of Nodes:1414
                                                                                                                Total number of Limit Nodes:41
                                                                                                                execution_graph 16432 7ffa12717b10 16433 7ffa12717b2a 16432->16433 16436 7ffa126e5460 16433->16436 16437 7ffa126e54e0 16436->16437 16454 7ffa126e49b0 16437->16454 16444 7ffa126e559a 16446 7ffa126e55e1 16444->16446 16450 7ffa126e55dc 16444->16450 16451 7ffa126e55d5 _invalid_parameter_noinfo_noreturn 16444->16451 16445 7ffa126e5595 16488 7ffa127056e4 16445->16488 16491 7ffa12705e20 16446->16491 16448 7ffa126e558e _invalid_parameter_noinfo_noreturn 16448->16445 16452 7ffa127056e4 ISource free 16450->16452 16451->16450 16452->16446 16500 7ffa126e3fd0 16454->16500 16457 7ffa127056e4 ISource free 16458 7ffa126e4a5e 16457->16458 16459 7ffa126e9100 7 API calls 16458->16459 16460 7ffa126e4a80 16459->16460 16461 7ffa126e4ac3 16460->16461 16463 7ffa126e4abe 16460->16463 16465 7ffa126e4ab7 _invalid_parameter_noinfo_noreturn 16460->16465 16462 7ffa12705e20 _Receive_impl 8 API calls 16461->16462 16464 7ffa126e4ad5 16462->16464 16466 7ffa127056e4 ISource free 16463->16466 16467 7ffa126e9100 16464->16467 16465->16463 16466->16461 16468 7ffa126e9124 memmove 16467->16468 16472 7ffa126e9145 16467->16472 16480 7ffa126e553e 16468->16480 16470 7ffa126e9251 Concurrency::cancel_current_task 16471 7ffa126e9194 16471->16470 16667 7ffa127056a8 16471->16667 16472->16470 16472->16471 16474 7ffa126e91c9 16472->16474 16475 7ffa126e91b2 16474->16475 16477 7ffa127056a8 std::_Facet_Register 3 API calls 16474->16477 16476 7ffa126e924a _invalid_parameter_noinfo_noreturn 16475->16476 16478 7ffa126e91de memmove 16475->16478 16476->16470 16477->16475 16479 7ffa126e91ff 16478->16479 16478->16480 16479->16476 16481 7ffa126e9224 16479->16481 16483 7ffa126fe5b0 16480->16483 16482 7ffa127056e4 ISource free 16481->16482 16482->16480 16674 7ffa126fd5c0 16483->16674 16485 7ffa126fe5d4 16683 7ffa126fe600 16485->16683 16487 7ffa126e5556 16487->16444 16487->16445 16487->16448 16488->16444 16489 7ffa12706590 free 16488->16489 16489->16444 16492 7ffa12705e29 16491->16492 16493 7ffa126e55f2 SetLastError 16492->16493 16494 7ffa12705f04 IsProcessorFeaturePresent 16492->16494 16495 7ffa12705f1c 16494->16495 17723 7ffa12705fd8 RtlCaptureContext 16495->17723 16501 7ffa126e45ce 16500->16501 16508 7ffa126e4012 16500->16508 16502 7ffa12705e20 _Receive_impl 8 API calls 16501->16502 16504 7ffa126e4614 16502->16504 16503 7ffa126e403c memchr 16505 7ffa126e45be 16503->16505 16503->16508 16504->16457 16558 7ffa126e8c80 16505->16558 16506 7ffa126e4065 memchr 16506->16508 16508->16501 16508->16503 16508->16506 16510 7ffa126e4140 memmove 16508->16510 16511 7ffa126e40d3 memmove 16508->16511 16512 7ffa126e40de memchr 16508->16512 16513 7ffa126e2960 __std_exception_copy _CxxThrowException 16508->16513 16514 7ffa127050c0 __std_exception_copy _CxxThrowException 16508->16514 16516 7ffa126e4af0 8 API calls 16508->16516 16517 7ffa126e43c3 16508->16517 16519 7ffa126e8ee0 16508->16519 16527 7ffa126e3cc0 16508->16527 16510->16508 16511->16512 16512->16508 16513->16508 16514->16508 16516->16508 16567 7ffa127050c0 16517->16567 16520 7ffa126e8f0c 16519->16520 16526 7ffa126e8f4e 16519->16526 16571 7ffa127056ec 16520->16571 16522 7ffa126e90aa 16524 7ffa127050c0 2 API calls 16522->16524 16525 7ffa126e90c8 16522->16525 16523 7ffa126e9070 memcmp 16523->16526 16524->16525 16525->16508 16526->16522 16526->16523 16526->16526 16528 7ffa126e3cd7 16527->16528 16529 7ffa126e3e9d 16527->16529 16528->16529 16584 7ffa126e3510 16528->16584 16529->16508 16532 7ffa126e3d33 16534 7ffa126e9260 2 API calls 16532->16534 16533 7ffa126e3cfd 16535 7ffa126e3d01 16533->16535 16536 7ffa126e3d1c 16533->16536 16540 7ffa126e3d0e 16534->16540 16535->16540 16595 7ffa126e9260 16535->16595 16537 7ffa126e9260 2 API calls 16536->16537 16537->16540 16539 7ffa126e3d7a 16541 7ffa126e3dce 16539->16541 16542 7ffa126e3db0 16539->16542 16545 7ffa127050c0 2 API calls 16539->16545 16540->16539 16540->16541 16544 7ffa127050c0 2 API calls 16540->16544 16541->16508 16542->16541 16543 7ffa126e3e4a 16542->16543 16549 7ffa126e3df5 16542->16549 16546 7ffa126e3e6c 16543->16546 16552 7ffa126e3e43 16543->16552 16601 7ffa126e3900 16543->16601 16544->16539 16545->16542 16548 7ffa127050c0 2 API calls 16546->16548 16546->16552 16548->16552 16550 7ffa127050c0 2 API calls 16549->16550 16549->16552 16550->16552 16551 7ffa126e3f29 16551->16529 16554 7ffa127050c0 2 API calls 16551->16554 16552->16529 16552->16551 16553 7ffa126e3f32 16552->16553 16555 7ffa126e3ed7 16552->16555 16553->16551 16625 7ffa126e36c0 16553->16625 16554->16529 16555->16551 16556 7ffa127050c0 2 API calls 16555->16556 16556->16551 16559 7ffa126e8c89 memchr 16558->16559 16563 7ffa126e8d54 16558->16563 16560 7ffa126e8d02 16559->16560 16561 7ffa126e8cb7 16559->16561 16562 7ffa126e8d49 memmove 16560->16562 16560->16563 16564 7ffa126e8d66 16561->16564 16662 7ffa126eba30 16561->16662 16562->16563 16563->16501 16568 7ffa127050f1 16567->16568 16666 7ffa126e8980 __std_exception_copy 16568->16666 16570 7ffa12705116 _CxxThrowException 16574 7ffa127056a8 16571->16574 16572 7ffa127056c2 malloc 16573 7ffa127056cc 16572->16573 16572->16574 16573->16526 16574->16572 16575 7ffa127056d2 16574->16575 16577 7ffa127056dd Concurrency::cancel_current_task 16575->16577 16578 7ffa12706570 16575->16578 16583 7ffa12706550 16578->16583 16580 7ffa1270657e _CxxThrowException 16581 7ffa12706590 free 16580->16581 16581->16577 16583->16580 16585 7ffa126e3537 16584->16585 16586 7ffa126e35b8 16585->16586 16587 7ffa126e359f 16585->16587 16588 7ffa126e35b6 16585->16588 16590 7ffa126e35cf 16585->16590 16586->16590 16591 7ffa126e364c __std_exception_copy 16586->16591 16589 7ffa127050c0 2 API calls 16587->16589 16588->16529 16588->16532 16588->16533 16589->16588 16590->16588 16593 7ffa127050c0 2 API calls 16590->16593 16649 7ffa126e8980 __std_exception_copy 16591->16649 16593->16588 16594 7ffa126e36a5 _CxxThrowException 16596 7ffa126e9274 16595->16596 16597 7ffa126e928b 16595->16597 16598 7ffa127050c0 2 API calls 16596->16598 16599 7ffa126e92bc 16597->16599 16600 7ffa127050c0 2 API calls 16597->16600 16598->16597 16599->16540 16600->16599 16602 7ffa126e3932 16601->16602 16603 7ffa126e3abd 16601->16603 16602->16603 16604 7ffa126e393c 16602->16604 16605 7ffa126e3acb 16603->16605 16606 7ffa127050c0 2 API calls 16603->16606 16607 7ffa126e3a1c 16604->16607 16612 7ffa126e3948 16604->16612 16608 7ffa126e2960 2 API calls 16605->16608 16606->16605 16609 7ffa126e3a02 16607->16609 16610 7ffa126e3a36 16607->16610 16624 7ffa126e39e7 16608->16624 16611 7ffa127050c0 2 API calls 16609->16611 16618 7ffa126e8ee0 6 API calls 16610->16618 16613 7ffa126e3a17 16611->16613 16615 7ffa126e399d 16612->16615 16617 7ffa127050c0 2 API calls 16612->16617 16613->16546 16614 7ffa126e39b2 16619 7ffa127050c0 2 API calls 16614->16619 16621 7ffa126e39ce 16614->16621 16615->16609 16615->16614 16616 7ffa126e2af0 2 API calls 16616->16613 16617->16615 16620 7ffa126e3a92 16618->16620 16619->16621 16654 7ffa126e2af0 16620->16654 16650 7ffa126e2960 16621->16650 16624->16616 16626 7ffa126e36f2 16625->16626 16627 7ffa126e387e 16625->16627 16626->16627 16629 7ffa126e36fc 16626->16629 16628 7ffa126e388c 16627->16628 16630 7ffa127050c0 2 API calls 16627->16630 16633 7ffa126e2960 2 API calls 16628->16633 16631 7ffa126e37dc 16629->16631 16636 7ffa126e3708 16629->16636 16630->16628 16632 7ffa126e37c2 16631->16632 16642 7ffa126e37f6 16631->16642 16634 7ffa127050c0 2 API calls 16632->16634 16635 7ffa126e37a7 16633->16635 16648 7ffa126e37d7 16634->16648 16637 7ffa126e2a20 2 API calls 16635->16637 16638 7ffa127050c0 2 API calls 16636->16638 16640 7ffa126e375d 16636->16640 16637->16648 16638->16640 16639 7ffa126e3772 16643 7ffa126e378e 16639->16643 16645 7ffa127050c0 2 API calls 16639->16645 16640->16632 16640->16639 16641 7ffa126e8ee0 6 API calls 16644 7ffa126e3852 16641->16644 16642->16641 16646 7ffa126e2960 2 API calls 16643->16646 16658 7ffa126e2a20 16644->16658 16645->16643 16646->16635 16648->16551 16649->16594 16652 7ffa126e297c 16650->16652 16651 7ffa126e2a09 16651->16624 16652->16651 16653 7ffa127050c0 2 API calls 16652->16653 16653->16651 16655 7ffa126e2b04 16654->16655 16656 7ffa127050c0 2 API calls 16655->16656 16657 7ffa126e2b76 16656->16657 16657->16613 16659 7ffa126e2a34 16658->16659 16660 7ffa127050c0 2 API calls 16659->16660 16661 7ffa126e2aa6 16660->16661 16661->16648 16663 7ffa126eba66 16662->16663 16664 7ffa126eba81 memmove 16663->16664 16665 7ffa126e8ce3 memchr 16663->16665 16664->16665 16665->16560 16665->16561 16666->16570 16668 7ffa127056c2 malloc 16667->16668 16669 7ffa127056cc 16668->16669 16670 7ffa127056b3 16668->16670 16669->16475 16670->16668 16671 7ffa127056d2 16670->16671 16672 7ffa127056dd Concurrency::cancel_current_task 16671->16672 16673 7ffa12706570 Concurrency::cancel_current_task 2 API calls 16671->16673 16673->16672 16675 7ffa126fd5e9 16674->16675 16676 7ffa126fd5f6 16674->16676 16675->16485 16794 7ffa12705c04 EnterCriticalSection 16676->16794 16678 7ffa126fd602 16678->16675 16679 7ffa126f9190 291 API calls 16678->16679 16680 7ffa126fd61a shared_ptr 16679->16680 16681 7ffa12705ba4 shared_ptr EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 16680->16681 16682 7ffa126fd633 16681->16682 16682->16485 16684 7ffa126fe658 16683->16684 16685 7ffa126ff013 16684->16685 16686 7ffa126fe660 16684->16686 16687 7ffa126ff01a strerror 16685->16687 16802 7ffa126fd640 16686->16802 16689 7ffa126ff060 16687->16689 16689->16689 16692 7ffa126e9100 7 API calls 16689->16692 16690 7ffa126fe695 16807 7ffa127017c0 _localtime64 16690->16807 16693 7ffa126ff071 16692->16693 16693->16487 16695 7ffa126e49b0 31 API calls 16696 7ffa126fe776 16695->16696 16697 7ffa126fe79f 16696->16697 16942 7ffa126fbd30 16696->16942 16699 7ffa126fe7e7 16697->16699 16700 7ffa127056a8 std::_Facet_Register 3 API calls 16697->16700 16701 7ffa126fe85d 16699->16701 16702 7ffa126fe858 16699->16702 16705 7ffa126fe851 _invalid_parameter_noinfo_noreturn 16699->16705 16700->16699 16703 7ffa126fe8b1 16701->16703 16707 7ffa126fe8aa _invalid_parameter_noinfo_noreturn 16701->16707 16715 7ffa126fe8b6 16701->16715 16706 7ffa127056e4 ISource free 16702->16706 16710 7ffa127056e4 ISource free 16703->16710 16704 7ffa126fe967 _Mtx_unlock 16708 7ffa126fefe9 16704->16708 16709 7ffa126fe982 AcquireSRWLockShared 16704->16709 16705->16702 16706->16701 16707->16703 16711 7ffa12705e20 _Receive_impl 8 API calls 16708->16711 16961 7ffa127099b0 16709->16961 16710->16715 16713 7ffa126feff8 16711->16713 16713->16487 16715->16704 16717 7ffa126fe9da _invalid_parameter_noinfo_noreturn 16715->16717 16718 7ffa127056e4 ISource free 16715->16718 16720 7ffa126fe9bb 16717->16720 16718->16715 16719 7ffa126fe9ac 16721 7ffa127080e0 2 API calls 16719->16721 16815 7ffa1270a540 16720->16815 16721->16720 16727 7ffa126fea18 16729 7ffa126fea41 16727->16729 16967 7ffa126e2190 16727->16967 16828 7ffa126f8800 16729->16828 16736 7ffa12708120 3 API calls 16739 7ffa126feb34 16736->16739 16737 7ffa126febaa 16738 7ffa126febef 16737->16738 16742 7ffa126febea 16737->16742 16746 7ffa126febe3 _invalid_parameter_noinfo_noreturn 16737->16746 16743 7ffa126fec34 16738->16743 16748 7ffa126fec2f 16738->16748 16750 7ffa126fec28 _invalid_parameter_noinfo_noreturn 16738->16750 16739->16737 16740 7ffa126feba5 16739->16740 16744 7ffa126feb9e _invalid_parameter_noinfo_noreturn 16739->16744 16741 7ffa127056e4 ISource free 16740->16741 16741->16737 16747 7ffa127056e4 ISource free 16742->16747 16745 7ffa126fec91 16743->16745 16749 7ffa126fec8c 16743->16749 16752 7ffa126fec85 _invalid_parameter_noinfo_noreturn 16743->16752 16744->16740 16754 7ffa127080e0 2 API calls 16745->16754 16746->16742 16747->16738 16751 7ffa127056e4 ISource free 16748->16751 16753 7ffa127056e4 ISource free 16749->16753 16750->16748 16751->16743 16752->16749 16753->16745 16755 7ffa126fecdb 16754->16755 16756 7ffa127077f0 59 API calls 16755->16756 16757 7ffa126fed11 16756->16757 16758 7ffa12708120 3 API calls 16757->16758 16759 7ffa126fed27 16758->16759 16760 7ffa126fd640 2 API calls 16759->16760 16761 7ffa126fed60 16760->16761 16762 7ffa127080e0 2 API calls 16761->16762 16763 7ffa126fed6d 16762->16763 16764 7ffa126fed95 16763->16764 16982 7ffa126ed4c0 16763->16982 16766 7ffa127077f0 59 API calls 16764->16766 16767 7ffa126fedc0 16766->16767 16768 7ffa12708120 3 API calls 16767->16768 16769 7ffa126fedd6 16768->16769 16770 7ffa126fee34 16769->16770 16995 7ffa1270a9d0 16769->16995 16772 7ffa126fefc7 16770->16772 16773 7ffa126fee4c ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N 16770->16773 16777 7ffa126fefd1 16772->16777 17023 7ffa127097f0 16772->17023 16886 7ffa126fe130 ?exceptions@ios_base@std@@QEAAXH ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 16773->16886 17027 7ffa126fa280 16777->17027 16779 7ffa126feee7 16887 7ffa1270dc80 16779->16887 16783 7ffa126fef49 16911 7ffa126fd2c0 16783->16911 16785 7ffa126fd2c0 274 API calls 16785->16783 16792 7ffa126fefa7 ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@ ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA 16792->16772 16793 7ffa126fef9a ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 16793->16792 16795 7ffa12705c1a 16794->16795 16796 7ffa12705c1f LeaveCriticalSection 16795->16796 16799 7ffa12705cb0 16795->16799 16800 7ffa12705cc4 16799->16800 16801 7ffa12705ce1 LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 16799->16801 16800->16801 16803 7ffa126fd669 16802->16803 16804 7ffa126fd6a2 16802->16804 17031 7ffa127060f0 16803->17031 16804->16690 16808 7ffa12701819 16807->16808 16809 7ffa1270181c strftime 16807->16809 16808->16809 16810 7ffa12701853 16809->16810 16810->16810 16811 7ffa126e9100 7 API calls 16810->16811 16812 7ffa1270186a 16811->16812 16813 7ffa12705e20 _Receive_impl 8 API calls 16812->16813 16814 7ffa126fe6ce 16813->16814 16814->16695 17035 7ffa1270a2f0 16815->17035 16818 7ffa12708120 16819 7ffa1270815d 16818->16819 16820 7ffa127056a8 std::_Facet_Register 3 API calls 16819->16820 16821 7ffa126fea06 16819->16821 16820->16821 16822 7ffa12701260 16821->16822 16823 7ffa12701290 16822->16823 16823->16823 16824 7ffa127012ea 16823->16824 16825 7ffa126e9100 7 API calls 16823->16825 16826 7ffa12705e20 _Receive_impl 8 API calls 16824->16826 16825->16824 16827 7ffa127012fa 16826->16827 16827->16727 16829 7ffa126f889e 16828->16829 16830 7ffa126f884c 16828->16830 16832 7ffa126f88f9 16829->16832 16833 7ffa126f88a6 memmove 16829->16833 16830->16829 16831 7ffa126f8851 memmove 16830->16831 16838 7ffa126f8983 16831->16838 16834 7ffa126f899d 16832->16834 17069 7ffa126ee540 16832->17069 16835 7ffa126f88e2 memmove 16833->16835 16836 7ffa126f88df 16833->16836 16835->16838 16836->16835 16844 7ffa127080e0 malloc 16838->16844 16840 7ffa126f893e memmove 16842 7ffa126f896e memmove 16840->16842 16843 7ffa126f896b 16840->16843 16842->16838 16843->16842 16845 7ffa126feac9 16844->16845 16846 7ffa127080f4 std::bad_alloc::bad_alloc 16844->16846 16848 7ffa127077f0 16845->16848 16847 7ffa127080fe _CxxThrowException 16846->16847 17077 7ffa127075d0 16848->17077 16852 7ffa127078ed ReleaseSRWLockShared AcquireSRWLockExclusive 16853 7ffa12707911 16852->16853 16854 7ffa127079a2 16853->16854 16861 7ffa12707992 memcmp 16853->16861 16855 7ffa127079b4 16854->16855 16856 7ffa12707bfe 16854->16856 16859 7ffa126e9100 7 API calls 16855->16859 17118 7ffa126f2b20 16856->17118 16863 7ffa127079df 16859->16863 16861->16854 16862 7ffa12707bc8 ReleaseSRWLockExclusive 16861->16862 16866 7ffa12707bd5 16862->16866 16865 7ffa126ed4c0 std::bad_exception::bad_exception 6 API calls 16863->16865 16864 7ffa12707c1c 17125 7ffa12706de0 16864->17125 16867 7ffa127079fd 16865->16867 16868 7ffa12705e20 _Receive_impl 8 API calls 16866->16868 16870 7ffa12707a1d 16867->16870 17092 7ffa127072e0 16867->17092 16869 7ffa126feb1e 16868->16869 16869->16736 16874 7ffa12707a55 16870->16874 16877 7ffa127056a8 std::_Facet_Register 3 API calls 16870->16877 16876 7ffa126ed4c0 std::bad_exception::bad_exception 6 API calls 16874->16876 16875 7ffa1270785a 16875->16852 16878 7ffa127078da ReleaseSRWLockShared 16875->16878 16879 7ffa12707a83 16876->16879 16877->16874 16878->16866 17112 7ffa126e8a60 16879->17112 16882 7ffa12707aca 16884 7ffa127056e4 ISource free 16882->16884 16883 7ffa12707ac3 _invalid_parameter_noinfo_noreturn 16883->16882 16885 7ffa12707acf 16884->16885 16885->16862 16886->16779 17147 7ffa126fe130 ?exceptions@ios_base@std@@QEAAXH ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 16887->17147 16889 7ffa1270dcb0 ?_Init@locale@std@@CAPEAV_Locimp@12@_N ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@ 16890 7ffa1270dce8 16889->16890 16892 7ffa127080e0 2 API calls 16890->16892 16909 7ffa1270deae 16890->16909 16891 7ffa12705e20 _Receive_impl 8 API calls 16893 7ffa126fef00 16891->16893 16895 7ffa1270dd3c 16892->16895 16893->16783 16893->16785 16894 7ffa1270ddd5 17148 7ffa1270a520 16894->17148 16895->16894 16897 7ffa1270ddd0 16895->16897 16900 7ffa1270ddc9 _invalid_parameter_noinfo_noreturn 16895->16900 16898 7ffa127056e4 ISource free 16897->16898 16898->16894 16900->16897 16904 7ffa1270de7f ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 16904->16909 16909->16891 16910 7ffa1270de7b 16910->16904 16912 7ffa126fd309 16911->16912 16913 7ffa126fd34c ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 16912->16913 16914 7ffa126fd3da ?uncaught_exception@std@ 16912->16914 16915 7ffa126fd3b9 16913->16915 16916 7ffa126fd3e3 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 16914->16916 16917 7ffa126fd3ed ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 16914->16917 16918 7ffa126fc010 288 API calls 16915->16918 16916->16917 16919 7ffa12709ca0 16917->16919 16918->16914 16920 7ffa12709cc8 16919->16920 16923 7ffa12709d62 16919->16923 17241 7ffa12708390 16920->17241 16922 7ffa12709dd0 16925 7ffa127056a8 std::_Facet_Register 3 API calls 16922->16925 16939 7ffa12709dbc 16922->16939 16923->16922 16924 7ffa1270a1c3 Concurrency::cancel_current_task 16923->16924 16926 7ffa127056a8 std::_Facet_Register 3 API calls 16923->16926 16923->16939 16925->16939 16927 7ffa12709db4 16926->16927 16928 7ffa12709dca _invalid_parameter_noinfo_noreturn 16927->16928 16927->16939 16928->16922 16930 7ffa12709cd6 16930->16923 17249 7ffa12708620 16930->17249 16931 7ffa1270a192 16932 7ffa126fef82 16931->16932 17273 7ffa12709780 16931->17273 17018 7ffa1270dc10 16932->17018 16933 7ffa1270a18a 16937 7ffa127056e4 ISource free 16933->16937 16934 7ffa1270a101 16934->16931 16934->16933 16936 7ffa1270a183 _invalid_parameter_noinfo_noreturn 16934->16936 16936->16933 16937->16931 16939->16934 16940 7ffa12716670 TlsGetValue 16939->16940 17233 7ffa126f8050 GetCurrentThreadId 16939->17233 17257 7ffa12709b00 AcquireSRWLockExclusive 16939->17257 16940->16939 16945 7ffa126fbd54 16942->16945 16943 7ffa126fbef6 Concurrency::cancel_current_task 17613 7ffa126fbf10 ?_Xlength_error@std@@YAXPEBD 16943->17613 16945->16943 16947 7ffa126fbdd7 16945->16947 16948 7ffa126fbdab 16945->16948 16950 7ffa127056a8 std::_Facet_Register 3 API calls 16947->16950 16952 7ffa126fbdc0 16947->16952 16948->16943 16949 7ffa127056a8 std::_Facet_Register 3 API calls 16948->16949 16949->16952 16950->16952 16951 7ffa126fbde9 memmove 16953 7ffa126fbe59 memmove memmove 16951->16953 16954 7ffa126fbe34 memmove memset 16951->16954 16952->16951 16955 7ffa126fbeef _invalid_parameter_noinfo_noreturn 16952->16955 16956 7ffa126fbe89 memset 16953->16956 16954->16956 16955->16943 16957 7ffa126fbea8 16956->16957 16958 7ffa126fbed6 16956->16958 16957->16955 16959 7ffa126fbece 16957->16959 16958->16697 16960 7ffa127056e4 ISource free 16959->16960 16960->16958 17614 7ffa12709840 16961->17614 16964 7ffa12708020 16965 7ffa127056a8 std::_Facet_Register 3 API calls 16964->16965 16966 7ffa12708037 16965->16966 16966->16719 16968 7ffa126e21be 16967->16968 16969 7ffa126e230b Concurrency::cancel_current_task 16967->16969 16971 7ffa126e2211 16968->16971 16973 7ffa126e2246 16968->16973 16970 7ffa127056a8 std::_Facet_Register 3 API calls 16972 7ffa126e222f 16970->16972 16971->16969 16971->16970 16974 7ffa126e22c4 _invalid_parameter_noinfo_noreturn 16972->16974 16976 7ffa126e2277 memmove memmove 16972->16976 16977 7ffa126e22cb memmove memmove 16972->16977 16973->16972 16975 7ffa127056a8 std::_Facet_Register 3 API calls 16973->16975 16974->16977 16975->16972 16978 7ffa126e22a2 16976->16978 16979 7ffa126e22b7 16976->16979 16980 7ffa126e22c2 16977->16980 16978->16974 16978->16979 16981 7ffa127056e4 ISource free 16979->16981 16980->16729 16981->16980 16983 7ffa126ed4ed 16982->16983 16984 7ffa126ed4fb 16983->16984 16985 7ffa126ed55b 16983->16985 16987 7ffa126ed536 16983->16987 16988 7ffa126ed597 Concurrency::cancel_current_task 16983->16988 16984->16764 16986 7ffa126ed565 memmove 16985->16986 16989 7ffa127056a8 std::_Facet_Register 3 API calls 16985->16989 16986->16984 16990 7ffa127056a8 std::_Facet_Register 3 API calls 16987->16990 16992 7ffa126ed59c __std_exception_copy 16988->16992 16989->16986 16991 7ffa126ed53e 16990->16991 16993 7ffa126ed546 16991->16993 16994 7ffa126ed554 _invalid_parameter_noinfo_noreturn 16991->16994 16992->16764 16993->16986 16994->16985 17005 7ffa1270a9e6 16995->17005 16996 7ffa1270aa0f 16997 7ffa1270aa23 16996->16997 17667 7ffa1270d9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 16996->17667 17000 7ffa1270a950 24 API calls 16997->17000 16998 7ffa1270d940 4 API calls 16998->17005 17001 7ffa1270aa28 17000->17001 17668 7ffa1270fda0 TlsGetValue 17001->17668 17005->16996 17005->16998 17657 7ffa1270a950 17005->17657 17666 7ffa1270d900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17005->17666 17019 7ffa126fef8f 17018->17019 17020 7ffa1270dc23 17018->17020 17019->16792 17019->16793 17021 7ffa1270dba0 289 API calls 17020->17021 17022 7ffa1270dc28 ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N ?exceptions@ios_base@std@@QEAAXH 17021->17022 17022->17019 17024 7ffa12709780 17023->17024 17025 7ffa12708280 2 API calls 17024->17025 17026 7ffa127097d0 free 17025->17026 17026->16777 17028 7ffa126fa29b 17027->17028 17711 7ffa12708070 17028->17711 17032 7ffa12706134 17031->17032 17033 7ffa126fd695 17031->17033 17032->17033 17034 7ffa12706139 malloc free 17032->17034 17033->16690 17034->17033 17036 7ffa1270a310 shared_ptr 17035->17036 17037 7ffa1270a48a 17036->17037 17041 7ffa127056a8 std::_Facet_Register 3 API calls 17036->17041 17046 7ffa127077f0 59 API calls 17036->17046 17050 7ffa1270d940 AcquireSRWLockExclusive 17036->17050 17055 7ffa1270a4b0 17036->17055 17061 7ffa1270a240 17036->17061 17064 7ffa1270d900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17036->17064 17038 7ffa1270a49e 17037->17038 17065 7ffa1270d9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17037->17065 17042 7ffa12705c04 shared_ptr 5 API calls 17038->17042 17045 7ffa126fe9f1 17038->17045 17041->17036 17043 7ffa1270a4ef shared_ptr 17042->17043 17043->17045 17066 7ffa12705ba4 EnterCriticalSection LeaveCriticalSection 17043->17066 17045->16818 17046->17036 17051 7ffa1270d99b ReleaseSRWLockExclusive 17050->17051 17053 7ffa1270d960 17050->17053 17051->17036 17052 7ffa1270d9b0 ReleaseSRWLockExclusive 17052->17036 17053->17051 17053->17052 17054 7ffa1270d970 SleepConditionVariableSRW 17053->17054 17054->17053 17054->17054 17056 7ffa1270a4e3 17055->17056 17060 7ffa1270a4d7 17055->17060 17057 7ffa12705c04 shared_ptr 5 API calls 17056->17057 17058 7ffa1270a4ef shared_ptr 17057->17058 17059 7ffa12705ba4 shared_ptr 4 API calls 17058->17059 17058->17060 17059->17060 17060->17036 17062 7ffa127056a8 std::_Facet_Register 3 API calls 17061->17062 17063 7ffa1270a266 17062->17063 17063->17036 17064->17036 17065->17038 17067 7ffa12705c6c SetEvent ResetEvent 17066->17067 17070 7ffa126ee54d 17069->17070 17071 7ffa126ee57b 17069->17071 17072 7ffa126ee593 Concurrency::cancel_current_task 17070->17072 17073 7ffa127056a8 std::_Facet_Register 3 API calls 17070->17073 17071->16840 17074 7ffa126ee55b 17073->17074 17075 7ffa126ee574 _invalid_parameter_noinfo_noreturn 17074->17075 17076 7ffa126ee563 17074->17076 17075->17071 17076->16840 17091 7ffa127075f6 shared_ptr 17077->17091 17078 7ffa1270778b 17079 7ffa1270779f 17078->17079 17138 7ffa1270d9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17078->17138 17082 7ffa127077fe AcquireSRWLockShared 17079->17082 17083 7ffa12705c04 shared_ptr 5 API calls 17079->17083 17080 7ffa1270d940 4 API calls 17080->17091 17082->16852 17082->16875 17085 7ffa12707c8f shared_ptr 17083->17085 17085->17082 17087 7ffa12705ba4 shared_ptr 4 API calls 17085->17087 17086 7ffa1270764e InitializeSRWLock 17088 7ffa127056a8 std::_Facet_Register 3 API calls 17086->17088 17087->17082 17088->17091 17091->17078 17091->17080 17091->17086 17128 7ffa12706a10 17091->17128 17131 7ffa12707c50 17091->17131 17137 7ffa1270d900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17091->17137 17093 7ffa12707320 17092->17093 17095 7ffa1270739c 17093->17095 17096 7ffa127074ae Concurrency::cancel_current_task 17093->17096 17099 7ffa127056a8 std::_Facet_Register 3 API calls 17093->17099 17098 7ffa12707387 memmove 17095->17098 17100 7ffa127056a8 std::_Facet_Register 3 API calls 17095->17100 17139 7ffa127074c0 ?_Xlength_error@std@@YAXPEBD 17096->17139 17097 7ffa127074bc 17103 7ffa127073e7 memmove memset 17098->17103 17104 7ffa1270740c memmove memmove 17098->17104 17102 7ffa12707382 17099->17102 17100->17098 17102->17098 17106 7ffa12707395 _invalid_parameter_noinfo_noreturn 17102->17106 17105 7ffa1270743d memset 17103->17105 17104->17105 17107 7ffa1270747f 17105->17107 17108 7ffa1270744d 17105->17108 17106->17095 17107->16870 17109 7ffa12707477 17108->17109 17110 7ffa127074a7 _invalid_parameter_noinfo_noreturn 17108->17110 17111 7ffa127056e4 ISource free 17109->17111 17110->17096 17111->17107 17113 7ffa126e8a73 17112->17113 17114 7ffa126e8a9f 17112->17114 17115 7ffa126e8a97 17113->17115 17116 7ffa126e8ab8 _invalid_parameter_noinfo_noreturn 17113->17116 17114->16882 17114->16883 17114->16885 17117 7ffa127056e4 ISource free 17115->17117 17117->17114 17119 7ffa126f2b41 17118->17119 17119->17119 17120 7ffa126e9100 7 API calls 17119->17120 17121 7ffa126f2b4f 17120->17121 17122 7ffa1270c140 17121->17122 17123 7ffa1270c153 17122->17123 17124 7ffa1270c156 __std_exception_copy 17122->17124 17123->17124 17124->16864 17146 7ffa12706ed0 __std_exception_copy 17125->17146 17127 7ffa12706df4 _CxxThrowException 17129 7ffa127056a8 std::_Facet_Register 3 API calls 17128->17129 17130 7ffa12706a31 17129->17130 17130->17091 17132 7ffa12707c77 17131->17132 17133 7ffa12707c83 17131->17133 17132->17091 17134 7ffa12705c04 shared_ptr 5 API calls 17133->17134 17135 7ffa12707c8f shared_ptr 17134->17135 17135->17132 17136 7ffa12705ba4 shared_ptr 4 API calls 17135->17136 17136->17132 17137->17091 17138->17079 17140 7ffa127056a8 std::_Facet_Register 3 API calls 17139->17140 17141 7ffa127074f7 17140->17141 17144 7ffa12706e10 __std_exception_copy 17141->17144 17143 7ffa12707507 17143->17097 17145 7ffa12706e7e 17144->17145 17145->17143 17146->17127 17147->16889 17149 7ffa1270a2f0 59 API calls 17148->17149 17150 7ffa1270a52e 17149->17150 17151 7ffa12708940 17150->17151 17152 7ffa12708974 17151->17152 17153 7ffa1270898e 17152->17153 17190 7ffa127089e0 17152->17190 17155 7ffa1270dba0 17153->17155 17156 7ffa1270dbb0 17155->17156 17157 7ffa1270dbdb 17155->17157 17156->17157 17194 7ffa126fc010 17156->17194 17157->16904 17159 7ffa126fe430 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2 ??0_Lockit@std@@QEAA@H ??Bid@locale@std@ 17157->17159 17160 7ffa126fe48b 17159->17160 17161 7ffa126fe505 ??1_Lockit@std@@QEAA ?length@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1_K 17160->17161 17163 7ffa126fe4ad 17160->17163 17164 7ffa126fe4a2 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12 17160->17164 17162 7ffa126fe544 17161->17162 17182 7ffa12700430 17162->17182 17163->17161 17165 7ffa126fe4c4 ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@ 17163->17165 17164->17163 17166 7ffa126fe578 17165->17166 17167 7ffa126fe4de 17165->17167 17214 7ffa126f2c60 17166->17214 17211 7ffa12705490 17167->17211 17183 7ffa12700457 17182->17183 17184 7ffa12700441 17182->17184 17185 7ffa127004a8 17183->17185 17186 7ffa12700471 memset 17183->17186 17184->16910 17218 7ffa126f59f0 17185->17218 17186->16910 17191 7ffa12708a24 17190->17191 17193 7ffa12708a07 17190->17193 17192 7ffa127056a8 std::_Facet_Register 3 API calls 17191->17192 17192->17193 17193->17153 17195 7ffa126fc0a1 17194->17195 17196 7ffa126fc02e 17194->17196 17195->17157 17197 7ffa126fc04f 17196->17197 17198 7ffa126fc06a 17196->17198 17205 7ffa126f3030 17197->17205 17200 7ffa126fe430 291 API calls 17198->17200 17201 7ffa126fc078 17200->17201 17203 7ffa126f3030 10 API calls 17201->17203 17202 7ffa126fc057 17202->17157 17204 7ffa126fc08a 17203->17204 17204->17157 17206 7ffa126f3092 17205->17206 17207 7ffa126f3053 memmove 17205->17207 17209 7ffa126e2190 9 API calls 17206->17209 17207->17202 17210 7ffa126f30a8 17209->17210 17210->17202 17212 7ffa127056a8 std::_Facet_Register 3 API calls 17211->17212 17213 7ffa126fe4f0 17212->17213 17213->17161 17217 7ffa126f2be0 17214->17217 17216 7ffa126f2c6e _CxxThrowException 17217->17216 17219 7ffa126f5a1e 17218->17219 17225 7ffa126f5b6c Concurrency::cancel_current_task 17218->17225 17220 7ffa126f5a71 17219->17220 17221 7ffa126f5aa6 17219->17221 17222 7ffa127056a8 std::_Facet_Register 3 API calls 17220->17222 17220->17225 17223 7ffa126f5a8f 17221->17223 17224 7ffa127056a8 std::_Facet_Register 3 API calls 17221->17224 17222->17223 17226 7ffa126f5b25 _invalid_parameter_noinfo_noreturn 17223->17226 17227 7ffa126f5ad8 memmove memset 17223->17227 17228 7ffa126f5b2c memmove memset 17223->17228 17224->17223 17226->17228 17229 7ffa126f5b03 17227->17229 17230 7ffa126f5b18 17227->17230 17231 7ffa126f5b23 17228->17231 17229->17226 17229->17230 17232 7ffa127056e4 ISource free 17230->17232 17231->16910 17232->17231 17234 7ffa126f807e 17233->17234 17235 7ffa126f80e6 17234->17235 17277 7ffa126f6090 17234->17277 17235->16939 17242 7ffa127083b0 17241->17242 17246 7ffa127083b8 17241->17246 17444 7ffa127087c0 17242->17444 17244 7ffa127087c0 3 API calls 17245 7ffa127083d0 17244->17245 17247 7ffa127087c0 3 API calls 17245->17247 17248 7ffa127083e9 17245->17248 17246->17244 17246->17245 17247->17248 17248->16930 17250 7ffa12708639 17249->17250 17251 7ffa12708631 17249->17251 17252 7ffa12708651 17250->17252 17254 7ffa127087c0 3 API calls 17250->17254 17253 7ffa127087c0 3 API calls 17251->17253 17255 7ffa127087c0 3 API calls 17252->17255 17256 7ffa1270866a 17252->17256 17253->17250 17254->17252 17255->17256 17256->16930 17258 7ffa12716670 TlsGetValue 17257->17258 17259 7ffa12709b25 17258->17259 17260 7ffa12709c5c ReleaseSRWLockExclusive 17259->17260 17261 7ffa127056a8 std::_Facet_Register 3 API calls 17259->17261 17260->16939 17262 7ffa12709b36 17261->17262 17263 7ffa12708020 3 API calls 17262->17263 17264 7ffa12709b46 17263->17264 17448 7ffa126fc7c0 GetSystemTimeAsFileTime 17264->17448 17274 7ffa12709799 17273->17274 17608 7ffa12708280 17274->17608 17307 7ffa12716670 17277->17307 17280 7ffa126f60d1 AcquireSRWLockShared 17282 7ffa127056a8 std::_Facet_Register 3 API calls 17280->17282 17281 7ffa126f6145 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 17325 7ffa1270df50 17281->17325 17283 7ffa126f60ee 17282->17283 17285 7ffa126f610b ReleaseSRWLockShared 17283->17285 17310 7ffa126f9ad0 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA 17283->17310 17289 7ffa12716670 TlsGetValue 17285->17289 17291 7ffa126f6124 17289->17291 17291->17281 17328 7ffa12716e20 17291->17328 17354 7ffa12716600 17307->17354 17311 7ffa126f9b64 17310->17311 17313 7ffa126f9b88 17310->17313 17311->17313 17315 7ffa126fc010 287 API calls 17311->17315 17312 7ffa126f9bf4 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N 17357 7ffa126fe130 ?exceptions@ios_base@std@@QEAAXH ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 17312->17357 17313->17312 17316 7ffa126fe430 287 API calls 17313->17316 17315->17313 17317 7ffa126f9be1 17316->17317 17320 7ffa12700430 10 API calls 17317->17320 17318 7ffa126f9c29 ?exceptions@ios_base@std@@QEAAXH ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@ 17323 7ffa126f9c7d 17318->17323 17319 7ffa126f9c16 17319->17318 17358 7ffa126faad0 17319->17358 17321 7ffa126f9bf0 17320->17321 17321->17312 17322 7ffa126f9c26 17322->17318 17323->17285 17326 7ffa1270df5a OutputDebugStringA 17325->17326 17327 7ffa1270df57 17325->17327 17327->17326 17329 7ffa12716600 TlsGetValue 17328->17329 17330 7ffa12716e4b 17329->17330 17331 7ffa12716eee 17330->17331 17335 7ffa12716e57 17330->17335 17332 7ffa12716f14 17331->17332 17333 7ffa12716f09 TlsGetValue 17331->17333 17353 7ffa12716ebd 17331->17353 17334 7ffa12716750 287 API calls 17332->17334 17333->17332 17343 7ffa12716f24 17333->17343 17338 7ffa12716f19 17334->17338 17336 7ffa12716e9d 17335->17336 17337 7ffa12716e8f TlsGetValue 17335->17337 17335->17353 17361 7ffa12716750 17336->17361 17337->17336 17339 7ffa12716ecb 17337->17339 17341 7ffa12716f29 TlsGetValue 17338->17341 17338->17343 17344 7ffa127163d0 free 17339->17344 17341->17343 17345 7ffa12716fa3 17343->17345 17346 7ffa12717016 17343->17346 17343->17353 17344->17353 17350 7ffa127056a8 std::_Facet_Register 3 API calls 17345->17350 17376 7ffa126f3010 ?_Xlength_error@std@@YAXPEBD 17346->17376 17347 7ffa12716ead 17368 7ffa127163d0 17347->17368 17348 7ffa12716ec2 TlsGetValue 17348->17339 17350->17353 17353->17281 17355 7ffa12716614 TlsGetValue 17354->17355 17356 7ffa126f60c0 17354->17356 17355->17356 17356->17280 17356->17281 17357->17319 17359 7ffa127056a8 std::_Facet_Register 3 API calls 17358->17359 17360 7ffa126faae7 17359->17360 17360->17322 17377 7ffa12714eb0 GetProcessHeap HeapAlloc 17361->17377 17366 7ffa1271678b 17366->17347 17366->17348 17367 7ffa12716781 TlsSetValue 17367->17366 17370 7ffa12716403 17368->17370 17369 7ffa12716506 17369->17353 17372 7ffa127164cf 17370->17372 17374 7ffa1271651e 17370->17374 17372->17369 17373 7ffa127056e4 ISource free 17372->17373 17422 7ffa127144c0 17372->17422 17373->17372 17374->17369 17375 7ffa127056e4 ISource free 17374->17375 17375->17374 17378 7ffa12714efa std::bad_alloc::bad_alloc 17377->17378 17379 7ffa12714ed8 17377->17379 17416 7ffa1270a5c0 17378->17416 17405 7ffa12715130 17379->17405 17384 7ffa12715fa0 17390 7ffa12715ff2 17384->17390 17385 7ffa12716102 17387 7ffa127161a2 17385->17387 17388 7ffa12716198 CloseHandle 17385->17388 17386 7ffa1271605c ResetEvent 17386->17390 17389 7ffa12705e20 _Receive_impl 8 API calls 17387->17389 17388->17387 17392 7ffa127161b2 17389->17392 17390->17385 17390->17386 17391 7ffa12716028 OpenEventA 17390->17391 17393 7ffa12716173 WaitForSingleObjectEx 17390->17393 17396 7ffa1271613d CreateEventA 17390->17396 17397 7ffa12716078 17390->17397 17399 7ffa12716940 GetCurrentProcessId 17390->17399 17419 7ffa12716940 17390->17419 17391->17390 17395 7ffa1271604c CloseHandle 17391->17395 17392->17366 17392->17367 17393->17390 17395->17390 17396->17390 17401 7ffa12716163 CloseHandle 17396->17401 17398 7ffa127160f4 SetEvent 17397->17398 17400 7ffa127160e3 17397->17400 17402 7ffa127160b7 CreateEventA 17397->17402 17403 7ffa12716940 GetCurrentProcessId 17397->17403 17398->17385 17399->17396 17400->17385 17400->17398 17401->17390 17402->17400 17404 7ffa127160dd CloseHandle 17402->17404 17403->17402 17404->17400 17406 7ffa127056a8 std::_Facet_Register malloc _CxxThrowException free 17405->17406 17407 7ffa1271518e CreateEventA 17406->17407 17408 7ffa12715200 17407->17408 17409 7ffa127151d0 17407->17409 17411 7ffa126f9e90 _Receive_impl __std_exception_copy 17408->17411 17410 7ffa12705e20 _Receive_impl 8 API calls 17409->17410 17412 7ffa12714ee0 17410->17412 17413 7ffa1271520a 17411->17413 17412->17384 17414 7ffa126f7f00 _Receive_impl 290 API calls 17413->17414 17415 7ffa12715213 17414->17415 17417 7ffa1270a6b0 __std_exception_copy 17416->17417 17418 7ffa1270a5d1 _CxxThrowException 17417->17418 17420 7ffa12716990 17419->17420 17420->17420 17421 7ffa127169a9 GetCurrentProcessId 17420->17421 17421->17391 17423 7ffa12714506 17422->17423 17425 7ffa127144df 17422->17425 17423->17372 17424 7ffa127144c0 _Receive_impl free 17424->17425 17425->17423 17425->17424 17426 7ffa127056e4 ISource free 17425->17426 17426->17425 17445 7ffa12708925 17444->17445 17446 7ffa127087ea 17444->17446 17445->17246 17446->17445 17447 7ffa127056a8 std::_Facet_Register 3 API calls 17446->17447 17447->17446 17449 7ffa126fc841 17448->17449 17450 7ffa126fc856 17449->17450 17451 7ffa126fc975 17449->17451 17452 7ffa126fc986 17450->17452 17453 7ffa126fc860 17450->17453 17513 7ffa126ff3f0 17451->17513 17457 7ffa126ff3f0 16 API calls 17452->17457 17455 7ffa126fc998 17453->17455 17456 7ffa126fc875 17453->17456 17518 7ffa126ff410 17455->17518 17458 7ffa126fc9a6 17456->17458 17459 7ffa126fc87f 17456->17459 17457->17455 17463 7ffa126ff410 16 API calls 17458->17463 17461 7ffa126fc9b4 17459->17461 17462 7ffa126fc89b 17459->17462 17523 7ffa126ff430 17461->17523 17464 7ffa126fc9c6 17462->17464 17465 7ffa126fc8aa 17462->17465 17463->17461 17467 7ffa126ff430 16 API calls 17464->17467 17493 7ffa126f9890 17465->17493 17469 7ffa126fc9db 17467->17469 17470 7ffa126fc8bc 17471 7ffa12705e20 _Receive_impl 8 API calls 17470->17471 17472 7ffa126fc965 17471->17472 17473 7ffa1270f1e0 17472->17473 17479 7ffa1270f1f6 17473->17479 17474 7ffa1270f21f 17475 7ffa1270f233 17474->17475 17583 7ffa1270d9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17474->17583 17478 7ffa1270f290 24 API calls 17475->17478 17476 7ffa1270d940 4 API calls 17476->17479 17480 7ffa1270f238 17478->17480 17479->17474 17479->17476 17573 7ffa1270f290 17479->17573 17582 7ffa1270d900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17479->17582 17584 7ffa1270fda0 TlsGetValue 17480->17584 17494 7ffa126f9947 17493->17494 17495 7ffa126f99af 17494->17495 17496 7ffa126f99ca 17494->17496 17497 7ffa12705e20 _Receive_impl 8 API calls 17495->17497 17498 7ffa126f2b20 7 API calls 17496->17498 17499 7ffa126f99bf 17497->17499 17500 7ffa126f99db 17498->17500 17499->17470 17528 7ffa126f9440 17500->17528 17502 7ffa126f99e9 17531 7ffa126f7e40 17502->17531 17535 7ffa126f94a0 17513->17535 17516 7ffa126f7e40 2 API calls 17517 7ffa126ff407 17516->17517 17545 7ffa126f95e0 17518->17545 17559 7ffa126f9720 17523->17559 17529 7ffa126f9456 __std_exception_copy 17528->17529 17530 7ffa126f9453 17528->17530 17529->17502 17530->17529 17534 7ffa126f8c70 __std_exception_copy 17531->17534 17533 7ffa126f7e51 _CxxThrowException 17534->17533 17536 7ffa127056a8 std::_Facet_Register 3 API calls 17535->17536 17537 7ffa126f94c7 __std_exception_copy 17536->17537 17538 7ffa126f9576 17537->17538 17539 7ffa126f9541 17537->17539 17541 7ffa12705e20 _Receive_impl 8 API calls 17538->17541 17540 7ffa126f9571 17539->17540 17542 7ffa126f956a _invalid_parameter_noinfo_noreturn 17539->17542 17543 7ffa127056e4 ISource free 17540->17543 17544 7ffa126f9590 17541->17544 17542->17540 17543->17538 17544->17516 17546 7ffa127056a8 std::_Facet_Register 3 API calls 17545->17546 17547 7ffa126f9607 __std_exception_copy 17546->17547 17548 7ffa126f96b7 17547->17548 17549 7ffa126f9682 17547->17549 17550 7ffa12705e20 _Receive_impl 8 API calls 17548->17550 17551 7ffa126f96b2 17549->17551 17554 7ffa126f96ab _invalid_parameter_noinfo_noreturn 17549->17554 17553 7ffa126f96d1 17550->17553 17552 7ffa127056e4 ISource free 17551->17552 17552->17548 17555 7ffa126f7e70 17553->17555 17554->17551 17558 7ffa126f8da0 __std_exception_copy 17555->17558 17557 7ffa126f7e81 _CxxThrowException 17558->17557 17560 7ffa127056a8 std::_Facet_Register 3 API calls 17559->17560 17561 7ffa126f9747 __std_exception_copy 17560->17561 17562 7ffa126f9800 17561->17562 17563 7ffa126f97cb 17561->17563 17565 7ffa12705e20 _Receive_impl 8 API calls 17562->17565 17564 7ffa126f97fb 17563->17564 17566 7ffa126f97f4 _invalid_parameter_noinfo_noreturn 17563->17566 17567 7ffa127056e4 ISource free 17564->17567 17568 7ffa126f981a 17565->17568 17566->17564 17567->17562 17569 7ffa126f7ea0 17568->17569 17572 7ffa126f8ed0 __std_exception_copy 17569->17572 17571 7ffa126f7eb1 _CxxThrowException 17572->17571 17574 7ffa1270f2c6 17573->17574 17575 7ffa1270f2b9 17573->17575 17576 7ffa12705c04 shared_ptr 5 API calls 17574->17576 17575->17479 17577 7ffa1270f2d2 17576->17577 17577->17575 17585 7ffa1270fd40 TlsAlloc 17577->17585 17579 7ffa1270f2ea shared_ptr 17580 7ffa12705ba4 shared_ptr 4 API calls 17579->17580 17581 7ffa1270f303 17580->17581 17581->17479 17582->17479 17583->17475 17586 7ffa1270fd5f 17585->17586 17587 7ffa1270fd56 17585->17587 17590 7ffa1270d850 17586->17590 17587->17579 17591 7ffa126f2b20 7 API calls 17590->17591 17592 7ffa1270d872 17591->17592 17599 7ffa1270c250 17592->17599 17594 7ffa1270d8a3 17602 7ffa1270b530 17594->17602 17596 7ffa1270d8b4 17605 7ffa1270b760 17596->17605 17600 7ffa1270c26a __std_exception_copy 17599->17600 17601 7ffa1270c267 17599->17601 17600->17594 17601->17600 17603 7ffa1270c1e0 7 API calls 17602->17603 17604 7ffa1270b53e 17603->17604 17604->17596 17606 7ffa1270bee0 7 API calls 17605->17606 17607 7ffa1270b774 _CxxThrowException 17606->17607 17609 7ffa12708373 free 17608->17609 17611 7ffa127082a1 17608->17611 17609->16932 17610 7ffa1270835c free 17610->17609 17611->17610 17612 7ffa127056e4 ISource free 17611->17612 17612->17611 17627 7ffa12709857 shared_ptr 17614->17627 17615 7ffa12709984 17616 7ffa12709998 17615->17616 17648 7ffa1270d9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17615->17648 17619 7ffa126fe9a1 17616->17619 17621 7ffa12705c04 shared_ptr 5 API calls 17616->17621 17617 7ffa1270d940 4 API calls 17617->17627 17619->16964 17620 7ffa127056a8 malloc _CxxThrowException free std::_Facet_Register 17620->17627 17623 7ffa12709a6f shared_ptr 17621->17623 17623->17619 17624 7ffa12705ba4 shared_ptr 4 API calls 17623->17624 17624->17619 17627->17615 17627->17617 17627->17620 17629 7ffa12709110 InitializeSRWLock 17627->17629 17638 7ffa12709a30 17627->17638 17644 7ffa12708b50 17627->17644 17647 7ffa1270d900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17627->17647 17649 7ffa12708af0 17629->17649 17631 7ffa12709156 shared_ptr 17652 7ffa1270f780 17631->17652 17633 7ffa1270918a shared_ptr 17634 7ffa12708020 3 API calls 17633->17634 17635 7ffa12709203 17634->17635 17636 7ffa127056a8 std::_Facet_Register 3 API calls 17635->17636 17637 7ffa12709226 17636->17637 17637->17627 17639 7ffa12709a63 17638->17639 17640 7ffa12709a57 17638->17640 17641 7ffa12705c04 shared_ptr 5 API calls 17639->17641 17640->17627 17642 7ffa12709a6f shared_ptr 17641->17642 17642->17640 17643 7ffa12705ba4 shared_ptr 4 API calls 17642->17643 17643->17640 17645 7ffa127056a8 std::_Facet_Register 3 API calls 17644->17645 17646 7ffa12708b76 17645->17646 17646->17627 17647->17627 17648->17616 17650 7ffa127056a8 std::_Facet_Register 3 API calls 17649->17650 17651 7ffa12708b11 17650->17651 17651->17631 17653 7ffa1270a540 59 API calls 17652->17653 17654 7ffa1270f7ad 17653->17654 17655 7ffa1270a520 59 API calls 17654->17655 17656 7ffa1270f7b6 17655->17656 17656->17633 17658 7ffa1270a986 17657->17658 17659 7ffa1270a979 17657->17659 17660 7ffa12705c04 shared_ptr 5 API calls 17658->17660 17659->17005 17661 7ffa1270a992 17660->17661 17661->17659 17662 7ffa1270fd40 15 API calls 17661->17662 17663 7ffa1270a9aa shared_ptr 17662->17663 17664 7ffa12705ba4 shared_ptr 4 API calls 17663->17664 17665 7ffa1270a9c3 17664->17665 17665->17005 17666->17005 17667->16997 17712 7ffa12708087 17711->17712 17718 7ffa126fa2cd ReleaseSRWLockShared 17711->17718 17719 7ffa12707ea0 17712->17719 17714 7ffa12708093 17715 7ffa127080b9 17714->17715 17717 7ffa127056e4 ISource free 17714->17717 17716 7ffa127056e4 ISource free 17715->17716 17716->17718 17717->17714 17718->16708 17720 7ffa12707f3f 17719->17720 17721 7ffa12707eca 17719->17721 17720->17714 17721->17720 17722 7ffa127056e4 ISource free 17721->17722 17722->17721 17724 7ffa12705ff2 RtlLookupFunctionEntry 17723->17724 17725 7ffa12706008 RtlVirtualUnwind 17724->17725 17726 7ffa12705f2f 17724->17726 17725->17724 17725->17726 17727 7ffa12705ed0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17726->17727 17728 7ffa126ea620 17729 7ffa126fd640 2 API calls 17728->17729 17731 7ffa126ea699 17729->17731 17730 7ffa126ea6be 17765 7ffa127006f0 17730->17765 17731->17730 17733 7ffa126e9100 7 API calls 17731->17733 17733->17730 17735 7ffa126ea709 17768 7ffa126f4280 17735->17768 17736 7ffa126ea704 17739 7ffa127056e4 ISource free 17736->17739 17738 7ffa126ea6fd _invalid_parameter_noinfo_noreturn 17738->17736 17739->17735 17743 7ffa126ea7a5 17811 7ffa126ee0d0 17743->17811 17744 7ffa126ea7a0 17748 7ffa127056e4 ISource free 17744->17748 17746 7ffa126ea7aa 17749 7ffa126f4280 13 API calls 17746->17749 17747 7ffa126ea799 _invalid_parameter_noinfo_noreturn 17747->17744 17748->17743 17750 7ffa126ea7bd 17749->17750 17824 7ffa126f03f0 _Mtx_lock 17750->17824 17752 7ffa126ea7cc 17753 7ffa126ea813 17752->17753 17754 7ffa126ea80e 17752->17754 17756 7ffa126ea807 _invalid_parameter_noinfo_noreturn 17752->17756 17755 7ffa127006f0 2 API calls 17753->17755 17757 7ffa127056e4 ISource free 17754->17757 17758 7ffa126ea81e 17755->17758 17756->17754 17757->17753 17759 7ffa126ea85e 17758->17759 17760 7ffa126ea859 17758->17760 17761 7ffa126ea852 _invalid_parameter_noinfo_noreturn 17758->17761 17763 7ffa12705e20 _Receive_impl 8 API calls 17759->17763 17762 7ffa127056e4 ISource free 17760->17762 17761->17760 17762->17759 17764 7ffa126ea8c3 17763->17764 17766 7ffa126fd640 2 API calls 17765->17766 17767 7ffa126ea6c8 17766->17767 17767->17735 17767->17736 17767->17738 17769 7ffa126f42ae 17768->17769 17792 7ffa126ea731 17768->17792 17770 7ffa126f42d3 WideCharToMultiByte 17769->17770 17769->17792 17771 7ffa126f4305 17770->17771 17770->17792 17773 7ffa126f4359 17771->17773 17774 7ffa126f432f 17771->17774 17778 7ffa126f449b Concurrency::cancel_current_task 17771->17778 17776 7ffa127056a8 std::_Facet_Register 3 API calls 17773->17776 17777 7ffa126f433d 17774->17777 17774->17778 17780 7ffa126f4342 17776->17780 17779 7ffa127056a8 std::_Facet_Register 3 API calls 17777->17779 17851 7ffa126f3980 ?_Xlength_error@std@@YAXPEBD 17778->17851 17779->17780 17781 7ffa126f4364 memset 17780->17781 17782 7ffa126f4461 _invalid_parameter_noinfo_noreturn 17780->17782 17783 7ffa126f4389 17781->17783 17782->17792 17784 7ffa126f43a4 WideCharToMultiByte 17783->17784 17785 7ffa126f4401 17783->17785 17784->17785 17786 7ffa126f43d0 17784->17786 17788 7ffa126e9100 7 API calls 17785->17788 17786->17785 17787 7ffa126f43d4 WideCharToMultiByte 17786->17787 17787->17785 17789 7ffa126f442a 17788->17789 17789->17782 17790 7ffa126f4451 17789->17790 17789->17792 17791 7ffa127056e4 ISource free 17790->17791 17791->17792 17793 7ffa126e59e0 17792->17793 17794 7ffa126e5a2c 17793->17794 17795 7ffa126e49b0 31 API calls 17794->17795 17796 7ffa126e5abe 17795->17796 17797 7ffa126e9100 7 API calls 17796->17797 17798 7ffa126e5af0 17797->17798 17799 7ffa126fe5b0 291 API calls 17798->17799 17800 7ffa126e5b08 17799->17800 17801 7ffa126e5b49 17800->17801 17802 7ffa126e5b44 17800->17802 17804 7ffa126e5b3d _invalid_parameter_noinfo_noreturn 17800->17804 17803 7ffa126e5b90 17801->17803 17806 7ffa126e5b8b 17801->17806 17808 7ffa126e5b84 _invalid_parameter_noinfo_noreturn 17801->17808 17805 7ffa127056e4 ISource free 17802->17805 17807 7ffa12705e20 _Receive_impl 8 API calls 17803->17807 17804->17802 17805->17801 17809 7ffa127056e4 ISource free 17806->17809 17810 7ffa126e5ba1 17807->17810 17808->17806 17809->17803 17810->17743 17810->17744 17810->17747 17812 7ffa126ee0f9 17811->17812 17813 7ffa126ee133 17811->17813 17812->17746 17814 7ffa12705c04 shared_ptr 5 API calls 17813->17814 17815 7ffa126ee13f 17814->17815 17815->17812 17816 7ffa127056a8 std::_Facet_Register 3 API calls 17815->17816 17817 7ffa126ee152 17816->17817 17818 7ffa127056a8 std::_Facet_Register 3 API calls 17817->17818 17820 7ffa126ee106 shared_ptr 17817->17820 17819 7ffa126ee1a8 _Mtx_init_in_situ 17818->17819 17852 7ffa126efe60 17819->17852 17822 7ffa12705ba4 shared_ptr 4 API calls 17820->17822 17823 7ffa126ee126 17822->17823 17823->17746 17825 7ffa126f05a3 ?_Throw_C_error@std@@YAXH 17824->17825 17826 7ffa126f0441 17824->17826 17828 7ffa126f073f 17825->17828 17829 7ffa126f05cf 17825->17829 17827 7ffa126ed4c0 std::bad_exception::bad_exception 6 API calls 17826->17827 17845 7ffa126f044e 17827->17845 17828->17752 17830 7ffa126f05d4 17829->17830 17831 7ffa126f0626 17829->17831 17832 7ffa126f0602 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 17829->17832 17830->17752 17831->17828 17837 7ffa126ee540 4 API calls 17831->17837 17832->17752 17833 7ffa126f0508 17834 7ffa126f0548 _Mtx_unlock 17833->17834 17836 7ffa126f0543 17833->17836 17839 7ffa126f053c _invalid_parameter_noinfo_noreturn 17833->17839 17838 7ffa12705e20 _Receive_impl 8 API calls 17834->17838 17835 7ffa126ed4c0 std::bad_exception::bad_exception 6 API calls 17835->17845 17840 7ffa127056e4 ISource free 17836->17840 17842 7ffa126f0679 memmove 17837->17842 17843 7ffa126f0587 17838->17843 17839->17836 17840->17834 17841 7ffa126f04aa memcmp 17841->17845 17844 7ffa126f06b7 17842->17844 17843->17752 17846 7ffa126f0715 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 17844->17846 17910 7ffa126ee680 17844->17910 17845->17833 17845->17835 17845->17841 17848 7ffa126f0501 _invalid_parameter_noinfo_noreturn 17845->17848 17849 7ffa127056e4 ISource free 17845->17849 17846->17752 17848->17833 17849->17845 17871 7ffa126f3d90 GetTempPathW 17852->17871 17855 7ffa127056a8 std::_Facet_Register 3 API calls 17856 7ffa126efe9c 17855->17856 17865 7ffa126eff58 17856->17865 17882 7ffa126ed640 17856->17882 17860 7ffa126eff53 17863 7ffa127056e4 ISource free 17860->17863 17861 7ffa126eff4c _invalid_parameter_noinfo_noreturn 17861->17860 17862 7ffa126efff6 17866 7ffa12705e20 _Receive_impl 8 API calls 17862->17866 17863->17865 17864 7ffa126efff1 17868 7ffa127056e4 ISource free 17864->17868 17887 7ffa126ec830 17865->17887 17869 7ffa126f0003 17866->17869 17867 7ffa126effea _invalid_parameter_noinfo_noreturn 17867->17864 17868->17862 17869->17820 17872 7ffa126f3e14 17871->17872 17873 7ffa126f3de4 GetLastError 17871->17873 17875 7ffa126f3ea2 17872->17875 17876 7ffa126f3e3e WideCharToMultiByte 17872->17876 17892 7ffa126f35d0 17873->17892 17878 7ffa126e9100 7 API calls 17875->17878 17876->17875 17877 7ffa126f3e6d WideCharToMultiByte 17876->17877 17877->17875 17879 7ffa126f3ed9 17878->17879 17880 7ffa12705e20 _Receive_impl 8 API calls 17879->17880 17881 7ffa126efe8f 17880->17881 17881->17855 17883 7ffa126ed4c0 std::bad_exception::bad_exception 6 API calls 17882->17883 17884 7ffa126ed65a 17883->17884 17885 7ffa126ed4c0 std::bad_exception::bad_exception 6 API calls 17884->17885 17886 7ffa126ed667 17885->17886 17886->17860 17886->17861 17886->17865 17888 7ffa126ec8be ?_Xlength_error@std@@YAXPEBD 17887->17888 17889 7ffa126ec85d 17887->17889 17890 7ffa127056a8 std::_Facet_Register 3 API calls 17889->17890 17891 7ffa126ec871 17890->17891 17891->17862 17891->17864 17891->17867 17893 7ffa126f3646 17892->17893 17893->17893 17894 7ffa126e49b0 31 API calls 17893->17894 17895 7ffa126f366c 17894->17895 17896 7ffa126e9100 7 API calls 17895->17896 17897 7ffa126f36a8 17896->17897 17898 7ffa126fe5b0 289 API calls 17897->17898 17899 7ffa126f36c0 17898->17899 17900 7ffa126f3704 17899->17900 17901 7ffa126f36ff 17899->17901 17903 7ffa126f36f8 _invalid_parameter_noinfo_noreturn 17899->17903 17902 7ffa126f374b 17900->17902 17905 7ffa126f3746 17900->17905 17908 7ffa126f373f _invalid_parameter_noinfo_noreturn 17900->17908 17904 7ffa127056e4 ISource free 17901->17904 17906 7ffa12705e20 _Receive_impl 8 API calls 17902->17906 17903->17901 17904->17900 17909 7ffa127056e4 ISource free 17905->17909 17907 7ffa126f375c 17906->17907 17907->17872 17908->17905 17909->17902 17912 7ffa126ee690 _invalid_parameter_noinfo_noreturn 17910->17912 17913 7ffa126ea1f0 17914 7ffa126fd640 2 API calls 17913->17914 17915 7ffa126ea2a2 17914->17915 17916 7ffa126ea2cd 17915->17916 17919 7ffa126e9100 7 API calls 17915->17919 17917 7ffa127006f0 2 API calls 17916->17917 17918 7ffa126ea2da 17917->17918 17920 7ffa126ea321 17918->17920 17921 7ffa126ea31c 17918->17921 17923 7ffa126ea315 _invalid_parameter_noinfo_noreturn 17918->17923 17919->17916 17922 7ffa126f4280 13 API calls 17920->17922 17924 7ffa127056e4 ISource free 17921->17924 17925 7ffa126ea36a 17922->17925 17923->17921 17924->17920 17950 7ffa126e57c0 17925->17950 17928 7ffa126ea409 17929 7ffa126ee0d0 295 API calls 17928->17929 17932 7ffa126ea40e 17929->17932 17930 7ffa126ea404 17931 7ffa127056e4 ISource free 17930->17931 17931->17928 17934 7ffa126f4280 13 API calls 17932->17934 17933 7ffa126ea3fd _invalid_parameter_noinfo_noreturn 17933->17930 17935 7ffa126ea424 17934->17935 17968 7ffa126ef010 17935->17968 17938 7ffa126ea48d 17939 7ffa127006f0 2 API calls 17938->17939 17941 7ffa126ea4a6 17939->17941 17940 7ffa126ea488 17943 7ffa127056e4 ISource free 17940->17943 17944 7ffa126ea4ec 17941->17944 17945 7ffa126ea4e7 17941->17945 17946 7ffa126ea4e0 _invalid_parameter_noinfo_noreturn 17941->17946 17942 7ffa126ea481 _invalid_parameter_noinfo_noreturn 17942->17940 17943->17938 17948 7ffa12705e20 _Receive_impl 8 API calls 17944->17948 17947 7ffa127056e4 ISource free 17945->17947 17946->17945 17947->17944 17949 7ffa126ea609 17948->17949 17951 7ffa126e580c 17950->17951 17952 7ffa126e49b0 31 API calls 17951->17952 17953 7ffa126e58ec 17952->17953 17954 7ffa126e9100 7 API calls 17953->17954 17955 7ffa126e591e 17954->17955 17956 7ffa126fe5b0 291 API calls 17955->17956 17957 7ffa126e5936 17956->17957 17958 7ffa126e5972 17957->17958 17961 7ffa126e5977 17957->17961 17963 7ffa126e596b _invalid_parameter_noinfo_noreturn 17957->17963 17959 7ffa127056e4 ISource free 17958->17959 17959->17961 17960 7ffa126e59b9 17965 7ffa127056e4 ISource free 17960->17965 17961->17960 17964 7ffa126e59b2 _invalid_parameter_noinfo_noreturn 17961->17964 17967 7ffa126e59be 17961->17967 17962 7ffa12705e20 _Receive_impl 8 API calls 17966 7ffa126e59cf 17962->17966 17963->17958 17964->17960 17965->17967 17966->17928 17966->17930 17966->17933 17967->17962 17969 7ffa126ef078 memset 17968->17969 17970 7ffa126ef085 17968->17970 17969->17970 17971 7ffa126ef091 _Mtx_lock 17970->17971 17972 7ffa126ef66c 17970->17972 17974 7ffa126ef6a1 ?_Throw_C_error@std@@YAXH 17971->17974 17982 7ffa126ef0aa 17971->17982 18112 7ffa126ec8d0 17972->18112 17976 7ffa126ef0ed 18005 7ffa126ecd20 17976->18005 17979 7ffa126ef68f _CxxThrowException 17979->17974 17981 7ffa126ef634 18103 7ffa126eca90 17981->18103 17982->17976 18041 7ffa126efb10 17982->18041 17983 7ffa126ef5c7 _Mtx_unlock 17985 7ffa12705e20 _Receive_impl 8 API calls 17983->17985 17988 7ffa126ea445 17985->17988 17988->17938 17988->17940 17988->17942 17989 7ffa126ed4c0 std::bad_exception::bad_exception 6 API calls 17993 7ffa126ef11a 17989->17993 17990 7ffa126ef65a _CxxThrowException 17990->17972 17991 7ffa126f3ff0 7 API calls 17991->17993 17992 7ffa126ef5fc _invalid_parameter_noinfo_noreturn 17994 7ffa126ef603 _invalid_parameter_noinfo_noreturn 17992->17994 17993->17981 17993->17983 17993->17989 17993->17991 17993->17992 17993->17994 17995 7ffa126ef60a _invalid_parameter_noinfo_noreturn 17993->17995 17996 7ffa126ef611 _invalid_parameter_noinfo_noreturn 17993->17996 17997 7ffa126ef618 _invalid_parameter_noinfo_noreturn 17993->17997 17998 7ffa126ef61f _invalid_parameter_noinfo_noreturn 17993->17998 17999 7ffa126ef626 _invalid_parameter_noinfo_noreturn 17993->17999 18000 7ffa126ef62d _invalid_parameter_noinfo_noreturn 17993->18000 18002 7ffa127056e4 free ISource 17993->18002 18003 7ffa126f4280 13 API calls 17993->18003 18023 7ffa126e5600 17993->18023 18085 7ffa126ecec0 17993->18085 17994->17995 17995->17996 17996->17997 17997->17998 17998->17999 17999->18000 18000->17981 18002->17993 18003->17993 18006 7ffa126ecd96 18005->18006 18006->18006 18007 7ffa126e49b0 31 API calls 18006->18007 18008 7ffa126ecdbc 18007->18008 18009 7ffa126e9100 7 API calls 18008->18009 18010 7ffa126ecdf8 18009->18010 18011 7ffa126fe5b0 289 API calls 18010->18011 18012 7ffa126ece10 18011->18012 18013 7ffa126ece54 18012->18013 18014 7ffa126ece4f 18012->18014 18015 7ffa126ece48 _invalid_parameter_noinfo_noreturn 18012->18015 18017 7ffa126ece96 18013->18017 18019 7ffa126ece8f _invalid_parameter_noinfo_noreturn 18013->18019 18022 7ffa126ece9b 18013->18022 18016 7ffa127056e4 ISource free 18014->18016 18015->18014 18016->18013 18020 7ffa127056e4 ISource free 18017->18020 18018 7ffa12705e20 _Receive_impl 8 API calls 18021 7ffa126eceac 18018->18021 18019->18017 18020->18022 18021->17993 18022->18018 18024 7ffa126e564c 18023->18024 18025 7ffa126e49b0 31 API calls 18024->18025 18026 7ffa126e56cc 18025->18026 18027 7ffa126e9100 7 API calls 18026->18027 18028 7ffa126e56fe 18027->18028 18029 7ffa126fe5b0 289 API calls 18028->18029 18030 7ffa126e5716 18029->18030 18031 7ffa126e5752 18030->18031 18033 7ffa126e574b _invalid_parameter_noinfo_noreturn 18030->18033 18037 7ffa126e5757 18030->18037 18034 7ffa127056e4 ISource free 18031->18034 18032 7ffa12705e20 _Receive_impl 8 API calls 18036 7ffa126e57af 18032->18036 18033->18031 18034->18037 18035 7ffa126e5799 18039 7ffa127056e4 ISource free 18035->18039 18036->17993 18037->18035 18038 7ffa126e5792 _invalid_parameter_noinfo_noreturn 18037->18038 18040 7ffa126e579e 18037->18040 18038->18035 18039->18040 18040->18032 18042 7ffa126efb43 18041->18042 18043 7ffa126efced 18041->18043 18044 7ffa126efdc3 18042->18044 18045 7ffa126efb4d 18042->18045 18046 7ffa126ed4c0 std::bad_exception::bad_exception 6 API calls 18043->18046 18047 7ffa126ec8d0 31 API calls 18044->18047 18048 7ffa126ed4c0 std::bad_exception::bad_exception 6 API calls 18045->18048 18049 7ffa126efcf5 18046->18049 18051 7ffa126efdd3 18047->18051 18052 7ffa126efb55 18048->18052 18050 7ffa126f3ff0 7 API calls 18049->18050 18053 7ffa126efd0d 18050->18053 18054 7ffa126ed750 __std_exception_copy 18051->18054 18121 7ffa126f3ff0 18052->18121 18056 7ffa126efd5a 18053->18056 18059 7ffa126efd55 18053->18059 18062 7ffa126efd4e _invalid_parameter_noinfo_noreturn 18053->18062 18057 7ffa126efde0 _CxxThrowException 18054->18057 18060 7ffa126efdaa 18056->18060 18064 7ffa126efda5 18056->18064 18067 7ffa126efd9e _invalid_parameter_noinfo_noreturn 18056->18067 18063 7ffa127056e4 ISource free 18059->18063 18065 7ffa12705e20 _Receive_impl 8 API calls 18060->18065 18061 7ffa126f3ff0 7 API calls 18066 7ffa126efb85 18061->18066 18062->18059 18063->18056 18068 7ffa127056e4 ISource free 18064->18068 18069 7ffa126efdb8 18065->18069 18070 7ffa126f3ff0 7 API calls 18066->18070 18067->18064 18068->18060 18069->17982 18071 7ffa126efb9d 18070->18071 18072 7ffa126efbf0 18071->18072 18073 7ffa126efbeb 18071->18073 18076 7ffa126efbe4 _invalid_parameter_noinfo_noreturn 18071->18076 18074 7ffa126efc45 18072->18074 18078 7ffa126efc40 18072->18078 18079 7ffa126efc39 _invalid_parameter_noinfo_noreturn 18072->18079 18077 7ffa127056e4 ISource free 18073->18077 18075 7ffa126efc98 18074->18075 18081 7ffa126efc93 18074->18081 18082 7ffa126efc8c _invalid_parameter_noinfo_noreturn 18074->18082 18075->18060 18075->18064 18084 7ffa126efce6 _invalid_parameter_noinfo_noreturn 18075->18084 18076->18073 18077->18072 18080 7ffa127056e4 ISource free 18078->18080 18079->18078 18080->18074 18083 7ffa127056e4 ISource free 18081->18083 18082->18081 18083->18075 18084->18043 18086 7ffa126ecf0c 18085->18086 18086->18086 18087 7ffa126e49b0 31 API calls 18086->18087 18088 7ffa126ecfdd 18087->18088 18089 7ffa126e9100 7 API calls 18088->18089 18090 7ffa126ed00f 18089->18090 18091 7ffa126fe5b0 291 API calls 18090->18091 18092 7ffa126ed027 18091->18092 18093 7ffa126ed068 18092->18093 18095 7ffa126ed063 18092->18095 18098 7ffa126ed05c _invalid_parameter_noinfo_noreturn 18092->18098 18094 7ffa126ed0af 18093->18094 18096 7ffa126ed0aa 18093->18096 18100 7ffa126ed0a3 _invalid_parameter_noinfo_noreturn 18093->18100 18097 7ffa12705e20 _Receive_impl 8 API calls 18094->18097 18099 7ffa127056e4 ISource free 18095->18099 18101 7ffa127056e4 ISource free 18096->18101 18102 7ffa126ed0c0 18097->18102 18098->18095 18099->18093 18100->18096 18101->18094 18102->17993 18104 7ffa126ecae5 18103->18104 18104->18104 18105 7ffa126e49b0 31 API calls 18104->18105 18106 7ffa126ecb05 18105->18106 18107 7ffa12705e20 _Receive_impl 8 API calls 18106->18107 18108 7ffa126ecb15 18107->18108 18109 7ffa126ed5e0 18108->18109 18110 7ffa126ed5f6 __std_exception_copy 18109->18110 18111 7ffa126ed5f3 18109->18111 18110->17990 18111->18110 18113 7ffa126ec920 18112->18113 18113->18113 18114 7ffa126e49b0 31 API calls 18113->18114 18115 7ffa126ec940 18114->18115 18116 7ffa12705e20 _Receive_impl 8 API calls 18115->18116 18117 7ffa126ec950 18116->18117 18118 7ffa126ed750 18117->18118 18119 7ffa126ed766 __std_exception_copy 18118->18119 18120 7ffa126ed763 18118->18120 18119->17979 18120->18119 18122 7ffa126efb6d 18121->18122 18123 7ffa126f401d 18121->18123 18122->18061 18123->18122 18124 7ffa126f4039 MultiByteToWideChar 18123->18124 18124->18122 18125 7ffa126f4060 18124->18125 18126 7ffa126f41c0 18125->18126 18127 7ffa126f4081 18125->18127 18139 7ffa126f3980 ?_Xlength_error@std@@YAXPEBD 18126->18139 18130 7ffa126f408e memset 18127->18130 18131 7ffa126f40bb 18130->18131 18132 7ffa126f40d4 MultiByteToWideChar 18131->18132 18135 7ffa126f411d 18131->18135 18133 7ffa126f40f5 18132->18133 18132->18135 18134 7ffa126f40f9 MultiByteToWideChar 18133->18134 18133->18135 18134->18135 18135->18122 18136 7ffa126f417f 18135->18136 18137 7ffa126f4178 _invalid_parameter_noinfo_noreturn 18135->18137 18138 7ffa127056e4 ISource free 18136->18138 18137->18136 18138->18122 18140 7ffa126ebf60 OutputDebugStringA 18141 7ffa126fd640 2 API calls 18140->18141 18142 7ffa126ec001 18141->18142 18143 7ffa126ec02c 18142->18143 18145 7ffa126e9100 7 API calls 18142->18145 18144 7ffa127006f0 2 API calls 18143->18144 18146 7ffa126ec039 18144->18146 18145->18143 18147 7ffa126ec080 18146->18147 18148 7ffa126ec07b 18146->18148 18151 7ffa126ec074 _invalid_parameter_noinfo_noreturn 18146->18151 18149 7ffa126f4280 13 API calls 18147->18149 18152 7ffa127056e4 ISource free 18148->18152 18150 7ffa126ec0b0 18149->18150 18153 7ffa126e5600 291 API calls 18150->18153 18151->18148 18152->18147 18154 7ffa126ec0d4 18153->18154 18155 7ffa126ec11b 18154->18155 18156 7ffa126ec116 18154->18156 18158 7ffa126ec10f _invalid_parameter_noinfo_noreturn 18154->18158 18157 7ffa126ee0d0 295 API calls 18155->18157 18159 7ffa127056e4 ISource free 18156->18159 18160 7ffa126ec120 18157->18160 18158->18156 18159->18155 18161 7ffa126f4280 13 API calls 18160->18161 18162 7ffa126ec133 18161->18162 18185 7ffa126efe00 18162->18185 18165 7ffa126ec186 18167 7ffa126ec1ae 18165->18167 18170 7ffa12705c04 shared_ptr 5 API calls 18165->18170 18166 7ffa126ec181 18169 7ffa127056e4 ISource free 18166->18169 18190 7ffa126e5db0 18167->18190 18168 7ffa126ec17a _invalid_parameter_noinfo_noreturn 18168->18166 18169->18165 18172 7ffa126ec404 18170->18172 18172->18167 18175 7ffa127056a8 std::_Facet_Register 3 API calls 18172->18175 18174 7ffa127006f0 2 API calls 18176 7ffa126ec335 18174->18176 18183 7ffa126ec41b shared_ptr 18175->18183 18177 7ffa126ec37b 18176->18177 18178 7ffa126ec376 18176->18178 18180 7ffa126ec36f _invalid_parameter_noinfo_noreturn 18176->18180 18179 7ffa12705e20 _Receive_impl 8 API calls 18177->18179 18181 7ffa127056e4 ISource free 18178->18181 18182 7ffa126ec3e7 18179->18182 18180->18178 18181->18177 18184 7ffa12705ba4 shared_ptr 4 API calls 18183->18184 18184->18167 18186 7ffa126e5600 291 API calls 18185->18186 18187 7ffa126efe33 18186->18187 18188 7ffa126ec13f 18187->18188 18189 7ffa126e9100 7 API calls 18187->18189 18188->18165 18188->18166 18188->18168 18189->18188 18191 7ffa126e5e30 18190->18191 18191->18191 18192 7ffa126e49b0 31 API calls 18191->18192 18193 7ffa126e5e56 18192->18193 18194 7ffa126e9100 7 API calls 18193->18194 18195 7ffa126e5e8e 18194->18195 18196 7ffa126fe5b0 291 API calls 18195->18196 18197 7ffa126e5ea6 18196->18197 18198 7ffa126e5ee5 18197->18198 18199 7ffa126e5eea 18197->18199 18202 7ffa126e5ede _invalid_parameter_noinfo_noreturn 18197->18202 18203 7ffa127056e4 ISource free 18198->18203 18200 7ffa126e5f2c 18199->18200 18204 7ffa126e5f25 _invalid_parameter_noinfo_noreturn 18199->18204 18207 7ffa126e5f31 18199->18207 18205 7ffa127056e4 ISource free 18200->18205 18201 7ffa12705e20 _Receive_impl 8 API calls 18206 7ffa126e5f42 18201->18206 18202->18198 18203->18199 18204->18200 18205->18207 18206->18174 18207->18201 18208 7ffa12705a7c InitializeCriticalSectionAndSpinCount GetModuleHandleW 18209 7ffa12705ac2 GetProcAddress GetProcAddress 18208->18209 18210 7ffa12705aad GetModuleHandleW 18208->18210 18212 7ffa12705aff CreateEventW 18209->18212 18213 7ffa12705aea 18209->18213 18210->18209 18211 7ffa12705b41 18210->18211 18230 7ffa12706758 IsProcessorFeaturePresent 18211->18230 18212->18211 18215 7ffa12705aef 18212->18215 18213->18212 18213->18215 18222 7ffa127058b4 18215->18222 18217 7ffa12705b4b DeleteCriticalSection 18219 7ffa12705b69 CloseHandle 18217->18219 18220 7ffa12705b6f 18217->18220 18219->18220 18221 7ffa12705b28 shared_ptr 18223 7ffa127058c5 18222->18223 18228 7ffa127058f7 18222->18228 18224 7ffa12705934 18223->18224 18227 7ffa127058ca __scrt_acquire_startup_lock 18223->18227 18225 7ffa12706758 9 API calls 18224->18225 18226 7ffa1270593e 18225->18226 18227->18228 18229 7ffa127058e7 _initialize_onexit_table 18227->18229 18228->18211 18228->18221 18229->18228 18231 7ffa1270677e 18230->18231 18232 7ffa1270678c memset RtlCaptureContext RtlLookupFunctionEntry 18231->18232 18233 7ffa127067c6 RtlVirtualUnwind 18232->18233 18234 7ffa12706802 memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 18232->18234 18233->18234 18235 7ffa12706886 18234->18235 18235->18217

                                                                                                                Executed Functions

                                                                                                                Function 00007FFA12709CA0 Relevance: 4.9, APIs: 3, Instructions: 353COMMONCrypto
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 853 7ffa12709ca0-7ffa12709cc2 854 7ffa12709d62 853->854 855 7ffa12709cc8-7ffa12709cef call 7ffa12708390 call 7ffa12708580 853->855 857 7ffa12709d68-7ffa12709d8d 854->857 876 7ffa12709cf0-7ffa12709cf5 855->876 859 7ffa12709d93-7ffa12709da0 857->859 860 7ffa12709e24 857->860 863 7ffa12709dd0-7ffa12709dd3 859->863 864 7ffa12709da2-7ffa12709da9 859->864 862 7ffa12709e29-7ffa12709e4d 860->862 868 7ffa12709ee0-7ffa12709efd 862->868 869 7ffa12709e53-7ffa12709e5b 862->869 865 7ffa12709ddf 863->865 866 7ffa12709dd5-7ffa12709ddd call 7ffa127056a8 863->866 870 7ffa12709daf-7ffa12709dba call 7ffa127056a8 864->870 871 7ffa1270a1c3-7ffa1270a1c9 call 7ffa126e8ea0 864->871 875 7ffa12709de1-7ffa12709df6 865->875 866->875 872 7ffa12709f05 868->872 877 7ffa12709e60-7ffa12709e6a 869->877 888 7ffa12709dca _invalid_parameter_noinfo_noreturn 870->888 889 7ffa12709dbc-7ffa12709dc8 870->889 880 7ffa12709f08-7ffa12709f0b 872->880 883 7ffa12709e00-7ffa12709e17 875->883 876->857 884 7ffa12709cf7-7ffa12709cfe 876->884 885 7ffa12709e6c 877->885 886 7ffa12709e84-7ffa12709e92 877->886 890 7ffa12709f5a-7ffa12709f68 880->890 891 7ffa12709f0d-7ffa12709f18 call 7ffa126f8050 880->891 883->883 894 7ffa12709e19-7ffa12709e22 883->894 895 7ffa12709d00-7ffa12709d21 884->895 896 7ffa12709d48-7ffa12709d60 call 7ffa12708620 884->896 887 7ffa12709e6f-7ffa12709e71 885->887 892 7ffa12709ec0-7ffa12709ec4 886->892 893 7ffa12709e94-7ffa12709e9f 886->893 897 7ffa12709e82 887->897 898 7ffa12709e73-7ffa12709e7b 887->898 888->863 889->875 900 7ffa12709f6e-7ffa12709f71 890->900 901 7ffa1270a101-7ffa1270a104 890->901 907 7ffa12709f1b-7ffa12709f1d 891->907 903 7ffa12709ed2-7ffa12709ed9 892->903 904 7ffa12709ec6-7ffa12709eca 892->904 893->892 899 7ffa12709ea1-7ffa12709eb5 893->899 894->862 895->896 914 7ffa12709d23-7ffa12709d31 895->914 896->876 897->886 898->887 906 7ffa12709e7d-7ffa12709e80 898->906 899->892 927 7ffa12709eb7-7ffa12709eba 899->927 908 7ffa1270a0ce 900->908 909 7ffa12709f77-7ffa12709f7a 900->909 911 7ffa1270a10a-7ffa1270a10f 901->911 912 7ffa1270a193-7ffa1270a19b 901->912 903->877 913 7ffa12709edb 903->913 904->903 906->886 915 7ffa12709f4c-7ffa12709f58 907->915 916 7ffa12709f1f-7ffa12709f4a 907->916 908->872 918 7ffa12709f80-7ffa12709f9a call 7ffa12716670 909->918 919 7ffa1270a098-7ffa1270a0ca 909->919 920 7ffa1270a111-7ffa1270a118 911->920 921 7ffa1270a156-7ffa1270a16c 911->921 922 7ffa1270a19d-7ffa1270a1a8 912->922 923 7ffa1270a1b0-7ffa1270a1c2 912->923 913->868 914->896 924 7ffa12709d33-7ffa12709d36 914->924 915->880 916->880 943 7ffa12709f9c-7ffa12709fad call 7ffa12709b00 call 7ffa12716670 918->943 944 7ffa12709fb0-7ffa12709fb7 918->944 919->908 929 7ffa1270a11a-7ffa1270a125 920->929 930 7ffa1270a146-7ffa1270a14f 920->930 925 7ffa1270a18a-7ffa1270a192 call 7ffa127056e4 921->925 926 7ffa1270a16e-7ffa1270a181 921->926 922->923 931 7ffa1270a1aa-7ffa1270a1af call 7ffa12709780 922->931 924->896 934 7ffa12709d38-7ffa12709d3c 924->934 925->912 926->925 936 7ffa1270a183-7ffa1270a189 _invalid_parameter_noinfo_noreturn 926->936 927->892 929->930 932 7ffa1270a127-7ffa1270a13b 929->932 930->920 935 7ffa1270a151 930->935 931->923 932->930 949 7ffa1270a13d-7ffa1270a140 932->949 934->896 941 7ffa12709d3e-7ffa12709d41 934->941 935->921 936->925 941->896 943->944 946 7ffa1270a08d-7ffa1270a090 944->946 947 7ffa12709fbd-7ffa12709fc7 944->947 946->919 950 7ffa12709fd0-7ffa1270a062 947->950 949->930 953 7ffa1270a080-7ffa1270a087 950->953 954 7ffa1270a064-7ffa1270a07c 950->954 953->946 953->950 954->953
                                                                                                                C-Code - Quality: 48%
                                                                                                                			E00007FFA7FFA12709CA0(void* __rax, long long __rcx, signed long long __rdx, void* __r9, void* _a8, signed char _a16, long long _a24, long long _a32) {
				char _v72;
				long long _v96;
				intOrPtr _v104;
				intOrPtr _v112;
				long long _v120;
				long long _v128;
				long long _v136;
				signed long long _v144;
				void* _v152;
				void* __rbx;
				void* __rsi;
				void* _t97;
				void* _t102;
				void* _t103;
				signed int _t140;
				signed int _t143;
				void* _t156;
				signed long long _t161;
				intOrPtr _t164;
				intOrPtr* _t191;
				intOrPtr _t192;
				long long _t194;
				signed long long _t196;
				intOrPtr* _t206;
				void* _t219;
				long long _t220;
				long long _t221;
				long long* _t223;
				long long _t224;
				intOrPtr* _t225;
				intOrPtr* _t226;
				intOrPtr* _t228;
				intOrPtr* _t232;
				void* _t234;
				long long _t267;
				intOrPtr* _t270;
				signed long long _t276;
				signed long long _t277;
				intOrPtr* _t278;
				long long* _t279;
				void* _t283;
				long long* _t285;
				long long _t286;
				signed long long _t287;
				signed long long _t289;
				long long* _t296;
				intOrPtr* _t299;
				signed long long _t300;
				void* _t302;
				void* _t303;
				long long* _t304;
				intOrPtr _t306;
				intOrPtr* _t307;

				_a8 = __rcx;
				_t276 = __rdx;
				_t306 =  *((intOrPtr*)(__rdx));
				if ( *((char*)(_t306 + 0x18)) == 0) goto 0x12709d62;
				_t4 = _t306 + 8; // -64
				_t97 = E00007FFA7FFA12708390(_t219, _t4,  &_v120, _t283);
				_t6 = _t306 + 8; // -64
				E00007FFA7FFA12708580(_t97, _t6,  &_v72);
				r13d = 0xffffffff;
				_t220 = _v120;
				if (_t220 == _v72) goto 0x12709d68;
				_t232 =  *((intOrPtr*)(_t220 + 0x18));
				if (_t232 == 0) goto 0x12709d48;
				_t191 =  *_t232;
				 *((intOrPtr*)(_t191 + 0x18))();
				 *_t191 =  *((intOrPtr*)(_t220 + 0x18));
				 *((long long*)(_t220 + 0x18)) =  *_t191;
				_t192 = _v104;
				if (_t192 == 0) goto 0x12709d48;
				_t234 = _t192 + 8;
				asm("lock xadd [ecx], eax");
				if (r13d != 1) goto 0x12709d48;
				_t156 = _t234;
				if (_t156 == 0) goto 0x12709d48;
				if (_t156 == 0) goto 0x12709d48;
				 *((intOrPtr*)( *((intOrPtr*)(_t234 + 0xfffffff8))))();
				_t102 = E00007FFA7FFA12708620(_v112);
				_t194 = _v120;
				_t221 =  *((intOrPtr*)(_t194 + 8));
				_v120 = _t221;
				goto 0x12709cf0;
				r13d = 0xffffffff;
				 *_t276 = 0;
				_v152 = _t306;
				asm("xorps xmm0, xmm0");
				asm("movdqu [esp+0x28], xmm0");
				_v128 = 0;
				if (_t221 == 0) goto 0x12709e24;
				_t277 = _t276 << 4;
				if (_t277 - 0x1000 < 0) goto 0x12709dd0;
				if (_t277 + 0x27 - _t277 <= 0) goto 0x1270a1c3;
				_t103 = E00007FFA7FFA127056A8(_t102, _t194, _t277 + 0x27);
				if (_t194 == 0) goto 0x12709dca;
				_t196 = _t194 + 0x00000027 & 0xffffffe0;
				 *((long long*)(_t196 - 8)) = _t194;
				goto 0x12709de1;
				__imp___invalid_parameter_noinfo_noreturn();
				_t161 = _t277;
				if (_t161 == 0) goto 0x12709ddf;
				E00007FFA7FFA127056A8(_t103, _t196, _t277);
				goto 0x12709de1;
				_v144 = _t196;
				_v128 = _t196 + _t277;
				asm("o16 nop [eax+eax]");
				 *_t196 = 0;
				 *((long long*)(_t196 + 8)) = 0;
				if (_t161 != 0) goto 0x12709e00;
				_v136 = _t196 + 0x10;
				goto 0x12709e29;
				_t285 = _v144;
				_t304 = _t285;
				_v96 = _t285;
				_t307 = _t306 + 0x20;
				r12d =  *(_t306 + 0x10);
				_t302 = (_t300 << 4) + _t307;
				_t223 = _t285;
				_a24 = _t223;
				if (_t307 == _t302) goto 0x12709ee0;
				_a24 = _t223;
				r8d = 0;
				_t267 =  *((intOrPtr*)(_t307 + 8));
				if (_t267 == 0) goto 0x12709e84;
				_t164 =  *((intOrPtr*)(_t267 + 8));
				if (_t164 == 0) goto 0x12709e82;
				asm("lock cmpxchg [edx+0x8], ecx");
				if (_t164 != 0) goto 0x12709e6f;
				goto 0x12709e84;
				 *_t223 =  *_t307;
				_t278 =  *((intOrPtr*)(_t223 + 8));
				 *((long long*)(_t223 + 8)) = _t267;
				if (_t278 == 0) goto 0x12709ec0;
				asm("lock xadd [edi+0x8], eax");
				if (r13d != 1) goto 0x12709ec0;
				 *((intOrPtr*)( *_t278 + 8))();
				asm("lock xadd [edi+0xc], eax");
				if (r13d != 1) goto 0x12709ec0;
				 *((intOrPtr*)( *_t278 + 0x10))();
				if ( *_t223 == 0) goto 0x12709ed2;
				_t224 = _t223 + 0x10;
				_a24 = _t224;
				if (_t307 + 0x10 != _t302) goto 0x12709e60;
				_t286 = _v144;
				r12b = (_t224 - _t286 & 0xfffffff0) - 0x10 <= 0;
				_a16 = r12b;
				_t279 = _t286;
				_a32 = _t286;
				r15b = 1;
				if (_t279 == _t224) goto 0x12709f5a;
				if ( *((intOrPtr*)( *((intOrPtr*)( *_t279)) + 0x18))() == 0) goto 0x12709f4c;
				_t225 = _t224 - 0x10;
				_a24 = _t225;
				 *_t225 =  *_t279;
				 *_t279 =  *_t225;
				 *((long long*)(_t279 + 8)) =  *((intOrPtr*)(_t225 + 8));
				 *((long long*)(_t225 + 8)) =  *((intOrPtr*)(_t279 + 8));
				r15b = 0;
				goto 0x12709f08;
				_a32 = _t279 + 0x10;
				goto 0x12709f08;
				_a32 = _t304;
				if (_t304 == _t225) goto 0x1270a101;
				if (r15b == 0) goto 0x1270a0ce;
				if (r12b != 0) goto 0x1270a098;
				_t206 = _a8;
				E00007FFA7FFA12716670(_t206);
				if (_t206 != 0) goto 0x12709fb0;
				E00007FFA7FFA12709B00( *(_t306 + 0x10), _t206, _t225,  *_t206,  *_t307, __r9);
				E00007FFA7FFA12716670(_t206);
				_t299 = _t206;
				_t296 = _t304 + 0x10;
				if (_t296 == _t225) goto 0x1270a08d;
				asm("o16 nop [eax+eax]");
				_t140 =  *(_t299 + 8);
				r9d = _t140;
				r9d = r9d >> 0xd;
				r9d = r9d ^ _t140 & 0x0007ffc0;
				r9d = r9d >> 6;
				r9d = r9d ^ (_t140 & 0xfffffffe) << 0x0000000c;
				 *(_t299 + 8) = r9d;
				_t143 =  *(_t299 + 0xc);
				r8d = _t143;
				r8d = r8d & 0x3f800000;
				r8d = r8d ^ _t143 >> 0x00000002;
				r8d = r8d >> 0x17;
				r8d = r8d ^ (_t143 & 0xfffffff8) << 0x00000004;
				 *(_t299 + 0xc) = r8d;
				 *(_t299 + 0x10) = ( *(_t299 + 0x10) >> 0x00000003 ^  *(_t299 + 0x10) & 0x1fffff00) >> 0x00000008 ^ ( *(_t299 + 0x10) & 0xfffffff0) << 0x00000011;
				asm("dec eax");
				_t270 = ( &_v152 << 4) + _t304;
				if (_t270 == _t296) goto 0x1270a080;
				 *_t270 =  *_t296;
				 *_t296 =  *_t270;
				 *((long long*)(_t296 + 8)) =  *((intOrPtr*)(_t270 + 8));
				 *((long long*)(_t270 + 8)) =  *((intOrPtr*)(_t296 + 8));
				if (_t296 + 0x10 != _t225) goto 0x12709fd0;
				r12b = 1;
				_a16 = r12b;
				 *((intOrPtr*)( *((intOrPtr*)( *_t304)) + 0x10))();
				_t226 = _t225 - 0x10;
				_a24 = _t226;
				 *_t226 =  *_t304;
				 *_t304 =  *_t226;
				 *((long long*)(_t304 + 8)) =  *((intOrPtr*)(_t226 + 8));
				 *((long long*)(_t226 + 8)) =  *((intOrPtr*)(_t304 + 8));
				r13d = 0xffffffff;
				_t287 = _v144;
				r12d = _a16 & 0x000000ff;
				goto 0x12709f05;
				if (_t287 == 0) goto 0x1270a193;
				if (_t287 == _v136) goto 0x1270a156;
				_t228 =  *((intOrPtr*)(_t287 + 8));
				if (_t228 == 0) goto 0x1270a146;
				asm("lock xadd [ebx+0x8], eax");
				if (r13d != 1) goto 0x1270a146;
				 *((intOrPtr*)( *_t228 + 8))();
				asm("lock xadd [ebx+0xc], eax");
				if (r13d != 1) goto 0x1270a146;
				 *((intOrPtr*)( *_t228 + 0x10))();
				if (_t287 + 0x10 != _v136) goto 0x1270a111;
				_t289 = _v144;
				if ((_v128 - _t289 & 0xfffffff0) - 0x1000 < 0) goto 0x1270a18a;
				if (_t289 -  *((intOrPtr*)(_t289 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1270a18a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				if (_v152 == 0) goto 0x1270a1b0;
				asm("lock inc esp");
				if (_t303 - 1 != 0) goto 0x1270a1b0;
				return E00007FFA7FFA12709780(_t228, _v152,  *((intOrPtr*)(_t289 - 8)));
			}
























































                                                                                                                0x7ffa12709ca0
                                                                                                                0x7ffa12709cb7
                                                                                                                0x7ffa12709cba
                                                                                                                0x7ffa12709cc2
                                                                                                                0x7ffa12709ccd
                                                                                                                0x7ffa12709cd1
                                                                                                                0x7ffa12709cdb
                                                                                                                0x7ffa12709cdf
                                                                                                                0x7ffa12709ce4
                                                                                                                0x7ffa12709cea
                                                                                                                0x7ffa12709cf5
                                                                                                                0x7ffa12709cf7
                                                                                                                0x7ffa12709cfe
                                                                                                                0x7ffa12709d00
                                                                                                                0x7ffa12709d08
                                                                                                                0x7ffa12709d12
                                                                                                                0x7ffa12709d15
                                                                                                                0x7ffa12709d19
                                                                                                                0x7ffa12709d21
                                                                                                                0x7ffa12709d23
                                                                                                                0x7ffa12709d2a
                                                                                                                0x7ffa12709d31
                                                                                                                0x7ffa12709d33
                                                                                                                0x7ffa12709d36
                                                                                                                0x7ffa12709d3c
                                                                                                                0x7ffa12709d46
                                                                                                                0x7ffa12709d4d
                                                                                                                0x7ffa12709d52
                                                                                                                0x7ffa12709d57
                                                                                                                0x7ffa12709d5b
                                                                                                                0x7ffa12709d60
                                                                                                                0x7ffa12709d62
                                                                                                                0x7ffa12709d68
                                                                                                                0x7ffa12709d6f
                                                                                                                0x7ffa12709d78
                                                                                                                0x7ffa12709d7b
                                                                                                                0x7ffa12709d81
                                                                                                                0x7ffa12709d8d
                                                                                                                0x7ffa12709d95
                                                                                                                0x7ffa12709da0
                                                                                                                0x7ffa12709da9
                                                                                                                0x7ffa12709daf
                                                                                                                0x7ffa12709dba
                                                                                                                0x7ffa12709dc0
                                                                                                                0x7ffa12709dc4
                                                                                                                0x7ffa12709dc8
                                                                                                                0x7ffa12709dca
                                                                                                                0x7ffa12709dd0
                                                                                                                0x7ffa12709dd3
                                                                                                                0x7ffa12709dd8
                                                                                                                0x7ffa12709ddd
                                                                                                                0x7ffa12709de8
                                                                                                                0x7ffa12709ded
                                                                                                                0x7ffa12709df6
                                                                                                                0x7ffa12709e00
                                                                                                                0x7ffa12709e07
                                                                                                                0x7ffa12709e17
                                                                                                                0x7ffa12709e19
                                                                                                                0x7ffa12709e22
                                                                                                                0x7ffa12709e24
                                                                                                                0x7ffa12709e29
                                                                                                                0x7ffa12709e2c
                                                                                                                0x7ffa12709e31
                                                                                                                0x7ffa12709e35
                                                                                                                0x7ffa12709e3c
                                                                                                                0x7ffa12709e3f
                                                                                                                0x7ffa12709e42
                                                                                                                0x7ffa12709e4d
                                                                                                                0x7ffa12709e53
                                                                                                                0x7ffa12709e60
                                                                                                                0x7ffa12709e63
                                                                                                                0x7ffa12709e6a
                                                                                                                0x7ffa12709e6f
                                                                                                                0x7ffa12709e71
                                                                                                                0x7ffa12709e76
                                                                                                                0x7ffa12709e7b
                                                                                                                0x7ffa12709e80
                                                                                                                0x7ffa12709e84
                                                                                                                0x7ffa12709e87
                                                                                                                0x7ffa12709e8b
                                                                                                                0x7ffa12709e92
                                                                                                                0x7ffa12709e97
                                                                                                                0x7ffa12709e9f
                                                                                                                0x7ffa12709ea7
                                                                                                                0x7ffa12709ead
                                                                                                                0x7ffa12709eb5
                                                                                                                0x7ffa12709ebd
                                                                                                                0x7ffa12709ec4
                                                                                                                0x7ffa12709ec6
                                                                                                                0x7ffa12709eca
                                                                                                                0x7ffa12709ed9
                                                                                                                0x7ffa12709edb
                                                                                                                0x7ffa12709eee
                                                                                                                0x7ffa12709ef2
                                                                                                                0x7ffa12709efa
                                                                                                                0x7ffa12709efd
                                                                                                                0x7ffa12709f05
                                                                                                                0x7ffa12709f0b
                                                                                                                0x7ffa12709f1d
                                                                                                                0x7ffa12709f1f
                                                                                                                0x7ffa12709f23
                                                                                                                0x7ffa12709f31
                                                                                                                0x7ffa12709f34
                                                                                                                0x7ffa12709f3f
                                                                                                                0x7ffa12709f43
                                                                                                                0x7ffa12709f47
                                                                                                                0x7ffa12709f4a
                                                                                                                0x7ffa12709f50
                                                                                                                0x7ffa12709f58
                                                                                                                0x7ffa12709f5d
                                                                                                                0x7ffa12709f68
                                                                                                                0x7ffa12709f71
                                                                                                                0x7ffa12709f7a
                                                                                                                0x7ffa12709f80
                                                                                                                0x7ffa12709f8f
                                                                                                                0x7ffa12709f9a
                                                                                                                0x7ffa12709f9f
                                                                                                                0x7ffa12709fa8
                                                                                                                0x7ffa12709fad
                                                                                                                0x7ffa12709fb0
                                                                                                                0x7ffa12709fb7
                                                                                                                0x7ffa12709fc7
                                                                                                                0x7ffa12709fd0
                                                                                                                0x7ffa12709fd4
                                                                                                                0x7ffa12709fd7
                                                                                                                0x7ffa12709fe2
                                                                                                                0x7ffa12709fe5
                                                                                                                0x7ffa12709fef
                                                                                                                0x7ffa12709ff2
                                                                                                                0x7ffa12709ff6
                                                                                                                0x7ffa12709ffa
                                                                                                                0x7ffa12709ffd
                                                                                                                0x7ffa1270a009
                                                                                                                0x7ffa1270a00c
                                                                                                                0x7ffa1270a016
                                                                                                                0x7ffa1270a019
                                                                                                                0x7ffa1270a03b
                                                                                                                0x7ffa1270a053
                                                                                                                0x7ffa1270a05c
                                                                                                                0x7ffa1270a062
                                                                                                                0x7ffa1270a06a
                                                                                                                0x7ffa1270a06d
                                                                                                                0x7ffa1270a078
                                                                                                                0x7ffa1270a07c
                                                                                                                0x7ffa1270a087
                                                                                                                0x7ffa1270a08d
                                                                                                                0x7ffa1270a090
                                                                                                                0x7ffa1270a0a3
                                                                                                                0x7ffa1270a0a6
                                                                                                                0x7ffa1270a0aa
                                                                                                                0x7ffa1270a0b8
                                                                                                                0x7ffa1270a0bb
                                                                                                                0x7ffa1270a0c6
                                                                                                                0x7ffa1270a0ca
                                                                                                                0x7ffa1270a0d3
                                                                                                                0x7ffa1270a0d9
                                                                                                                0x7ffa1270a0eb
                                                                                                                0x7ffa1270a0fc
                                                                                                                0x7ffa1270a104
                                                                                                                0x7ffa1270a10f
                                                                                                                0x7ffa1270a111
                                                                                                                0x7ffa1270a118
                                                                                                                0x7ffa1270a11d
                                                                                                                0x7ffa1270a125
                                                                                                                0x7ffa1270a12d
                                                                                                                0x7ffa1270a133
                                                                                                                0x7ffa1270a13b
                                                                                                                0x7ffa1270a143
                                                                                                                0x7ffa1270a14f
                                                                                                                0x7ffa1270a151
                                                                                                                0x7ffa1270a16c
                                                                                                                0x7ffa1270a181
                                                                                                                0x7ffa1270a183
                                                                                                                0x7ffa1270a189
                                                                                                                0x7ffa1270a18d
                                                                                                                0x7ffa1270a19b
                                                                                                                0x7ffa1270a19d
                                                                                                                0x7ffa1270a1a8
                                                                                                                0x7ffa1270a1c2

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,-00000048,?,?,?,00000000), ref: 00007FFA12709DCA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: 11eb41db82d20b643f297f182eab78ff65d5654ec5d59a1948aa027ed68deb57
                                                                                                                • Instruction ID: e0e3ce7e42ed7dc9aa67895168dbe5e844fc32597b633181b85cd8054ed3dbb0
                                                                                                                • Opcode Fuzzy Hash: 11eb41db82d20b643f297f182eab78ff65d5654ec5d59a1948aa027ed68deb57
                                                                                                                • Instruction Fuzzy Hash: B6E1AE36A05E4182EB509B25D4407AE73B4FB87BB4F1AC231DA6D43798DF78D849CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126FE600 Relevance: 44.4, APIs: 17, Strings: 8, Instructions: 637stringCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 0 7ffa126fe600-7ffa126fe65a call 7ffa12705430 3 7ffa126ff013-7ffa126ff05a call 7ffa1270543c strerror 0->3 4 7ffa126fe660-7ffa126fe6d7 call 7ffa12701790 call 7ffa126fd640 call 7ffa127017c0 0->4 10 7ffa126ff060-7ffa126ff067 3->10 17 7ffa126fe6d9 4->17 18 7ffa126fe6dc-7ffa126fe6fd 4->18 10->10 12 7ffa126ff069-7ffa126ff079 call 7ffa126e9100 10->12 17->18 19 7ffa126fe702-7ffa126fe71c 18->19 20 7ffa126fe6ff 18->20 21 7ffa126fe721-7ffa126fe78c call 7ffa126e49b0 19->21 22 7ffa126fe71e 19->22 20->19 25 7ffa126fe78e-7ffa126fe7a6 call 7ffa126fbd30 21->25 26 7ffa126fe7ad-7ffa126fe7db 21->26 22->21 25->26 28 7ffa126fe7f9-7ffa126fe824 26->28 29 7ffa126fe7dd-7ffa126fe7f2 call 7ffa127056a8 26->29 32 7ffa126fe826-7ffa126fe83a 28->32 33 7ffa126fe85d-7ffa126fe880 28->33 29->28 37 7ffa126fe858 call 7ffa127056e4 32->37 38 7ffa126fe83c-7ffa126fe84f 32->38 34 7ffa126fe8b6-7ffa126fe8c1 33->34 35 7ffa126fe882-7ffa126fe893 33->35 41 7ffa126fe967-7ffa126fe97c _Mtx_unlock 34->41 42 7ffa126fe8c7-7ffa126fe8ce 34->42 39 7ffa126fe895-7ffa126fe8a8 35->39 40 7ffa126fe8b1 call 7ffa127056e4 35->40 37->33 38->37 43 7ffa126fe851-7ffa126fe857 _invalid_parameter_noinfo_noreturn 38->43 39->40 45 7ffa126fe8aa-7ffa126fe8b0 _invalid_parameter_noinfo_noreturn 39->45 40->34 46 7ffa126fefe9-7ffa126ff012 call 7ffa12705e20 41->46 47 7ffa126fe982-7ffa126fe9be AcquireSRWLockShared call 7ffa127099b0 call 7ffa12708020 call 7ffa127080e0 41->47 49 7ffa126fe8d0-7ffa126fe8f0 42->49 43->37 45->40 66 7ffa126fe9e1 47->66 71 7ffa126fe9c0-7ffa126fe9d8 47->71 52 7ffa126fe922-7ffa126fe943 49->52 53 7ffa126fe8f2-7ffa126fe8ff 49->53 58 7ffa126fe945-7ffa126fe948 52->58 59 7ffa126fe94a-7ffa126fe951 52->59 56 7ffa126fe901-7ffa126fe914 53->56 57 7ffa126fe91d call 7ffa127056e4 53->57 62 7ffa126fe9da-7ffa126fe9e0 _invalid_parameter_noinfo_noreturn 56->62 63 7ffa126fe91a 56->63 57->52 60 7ffa126fe954-7ffa126fe961 58->60 59->60 60->41 60->49 62->66 63->57 68 7ffa126fe9e4-7ffa126fea3f call 7ffa1270a540 call 7ffa12708120 call 7ffa12701260 call 7ffa126f2ca0 66->68 79 7ffa126fea41-7ffa126fea50 68->79 80 7ffa126fea5d-7ffa126fea7c call 7ffa126e2190 68->80 71->68 81 7ffa126fea55-7ffa126fea5b 79->81 82 7ffa126fea52 79->82 84 7ffa126fea7f-7ffa126fead6 call 7ffa126f8800 call 7ffa127080e0 80->84 81->84 82->81 90 7ffa126fead8-7ffa126feb08 84->90 91 7ffa126feb0a 84->91 92 7ffa126feb0d-7ffa126feb42 call 7ffa127077f0 call 7ffa12708120 90->92 91->92 97 7ffa126feb44-7ffa126feb51 92->97 98 7ffa126feb6c-7ffa126feb74 92->98 97->98 99 7ffa126feb53-7ffa126feb61 97->99 100 7ffa126feb76-7ffa126feb87 98->100 101 7ffa126febab-7ffa126febb6 98->101 99->98 104 7ffa126feb63-7ffa126feb6b 99->104 105 7ffa126feb89-7ffa126feb9c 100->105 106 7ffa126feba5-7ffa126febaa call 7ffa127056e4 100->106 102 7ffa126febb8-7ffa126febcc 101->102 103 7ffa126febf0-7ffa126febfb 101->103 108 7ffa126febce-7ffa126febe1 102->108 109 7ffa126febea-7ffa126febef call 7ffa127056e4 102->109 110 7ffa126fec34-7ffa126fec58 103->110 111 7ffa126febfd-7ffa126fec11 103->111 104->98 105->106 112 7ffa126feb9e-7ffa126feba4 _invalid_parameter_noinfo_noreturn 105->112 106->101 108->109 116 7ffa126febe3-7ffa126febe9 _invalid_parameter_noinfo_noreturn 108->116 109->103 113 7ffa126fec91-7ffa126fecb3 110->113 114 7ffa126fec5a-7ffa126fec6e 110->114 119 7ffa126fec13-7ffa126fec26 111->119 120 7ffa126fec2f call 7ffa127056e4 111->120 112->106 123 7ffa126fecb5-7ffa126fecc9 113->123 124 7ffa126feccd-7ffa126fecde call 7ffa127080e0 113->124 121 7ffa126fec70-7ffa126fec83 114->121 122 7ffa126fec8c call 7ffa127056e4 114->122 116->109 119->120 126 7ffa126fec28-7ffa126fec2e _invalid_parameter_noinfo_noreturn 119->126 120->110 121->122 128 7ffa126fec85-7ffa126fec8b _invalid_parameter_noinfo_noreturn 121->128 122->113 123->124 132 7ffa126fece0-7ffa126fecfb 124->132 133 7ffa126fecfd 124->133 126->120 128->122 134 7ffa126fed00-7ffa126fed30 call 7ffa127077f0 call 7ffa12708120 132->134 133->134 139 7ffa126fed32-7ffa126fed3f 134->139 140 7ffa126fed5b-7ffa126fed78 call 7ffa126fd640 call 7ffa127080e0 134->140 139->140 141 7ffa126fed41-7ffa126fed4f 139->141 147 7ffa126fed9c-7ffa126fed9e 140->147 148 7ffa126fed7a-7ffa126fed9a call 7ffa126ed4c0 140->148 141->140 143 7ffa126fed51-7ffa126fed54 141->143 143->140 150 7ffa126feda0-7ffa126feda3 147->150 148->150 151 7ffa126feda5-7ffa126fedaa 150->151 152 7ffa126fedaf-7ffa126feddf call 7ffa127077f0 call 7ffa12708120 150->152 151->152 158 7ffa126fede1-7ffa126fedee 152->158 159 7ffa126fee0a-7ffa126fee16 call 7ffa12709ac0 152->159 158->159 160 7ffa126fedf0-7ffa126fedfe 158->160 164 7ffa126fee18-7ffa126fee39 call 7ffa1270a9d0 call 7ffa12709c80 159->164 165 7ffa126fee3b-7ffa126fee3e 159->165 160->159 162 7ffa126fee00-7ffa126fee03 160->162 162->159 166 7ffa126fee43-7ffa126fee46 164->166 165->166 168 7ffa126fefc7-7ffa126fefca 166->168 169 7ffa126fee4c-7ffa126fef05 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z call 7ffa126fe130 call 7ffa1270dc80 166->169 173 7ffa126fefd6-7ffa126fefe4 call 7ffa126fa280 ReleaseSRWLockShared 168->173 174 7ffa126fefcc-7ffa126fefd1 call 7ffa127097f0 168->174 183 7ffa126fef07-7ffa126fef0b 169->183 184 7ffa126fef30-7ffa126fef36 169->184 173->46 174->173 185 7ffa126fef21-7ffa126fef2e 183->185 186 7ffa126fef0d-7ffa126fef11 183->186 187 7ffa126fef3d-7ffa126fef44 call 7ffa126fd2c0 184->187 185->187 188 7ffa126fef49-7ffa126fef52 186->188 189 7ffa126fef13-7ffa126fef1f 186->189 187->188 191 7ffa126fef57-7ffa126fef7d call 7ffa126fd2c0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ call 7ffa12709ca0 188->191 192 7ffa126fef54 188->192 189->187 196 7ffa126fef82-7ffa126fef98 call 7ffa1270dc10 191->196 192->191 199 7ffa126fefa7-7ffa126fefc2 ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ 196->199 200 7ffa126fef9a-7ffa126fefa1 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ 196->200 199->168 200->199
                                                                                                                C-Code - Quality: 33%
                                                                                                                			E00007FFA7FFA126FE600(void* __eax, void* __ecx, intOrPtr __edx, long long __rbx, void* __rcx, signed int __rdx, void* __r8, long long __r9) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* __r13;
				void* __r14;
				void* __r15;
				void* _t191;
				signed int _t215;
				void* _t234;
				void* _t242;
				void* _t269;
				void* _t286;
				long long _t322;
				signed long long _t328;
				signed long long _t338;
				signed long long _t339;
				long long _t341;
				intOrPtr _t350;
				long long _t352;
				long long* _t353;
				long long* _t357;
				intOrPtr _t358;
				long long* _t372;
				intOrPtr _t374;
				long long _t375;
				intOrPtr _t377;
				intOrPtr* _t378;
				signed int _t389;
				char* _t390;
				long long _t393;
				intOrPtr _t409;
				intOrPtr _t411;
				signed long long _t412;
				intOrPtr _t414;
				intOrPtr _t419;
				intOrPtr* _t443;
				intOrPtr _t450;
				signed long long _t451;
				intOrPtr* _t456;
				intOrPtr* _t461;
				long long _t465;
				long long _t488;
				long long _t489;
				intOrPtr _t490;
				intOrPtr _t493;
				signed long long _t496;
				intOrPtr _t497;
				signed long long _t501;
				intOrPtr _t506;
				intOrPtr _t509;
				intOrPtr _t512;
				intOrPtr _t515;
				intOrPtr _t518;
				intOrPtr _t521;
				void* _t534;
				long long _t536;
				void* _t538;
				long long _t540;
				void* _t542;
				void* _t543;
				void* _t545;
				signed long long _t546;
				intOrPtr _t552;
				char* _t564;
				void* _t565;
				void* _t567;
				void* _t568;
				void* _t571;
				intOrPtr* _t572;
				void* _t575;
				void* _t576;

				 *((long long*)(_t545 + 0x10)) = __rbx;
				_t543 = _t545 - 0x280;
				_t546 = _t545 - 0x380;
				_t328 =  *0x1272ec78; // 0xf623ed34940b
				 *(_t543 + 0x270) = _t328 ^ _t546;
				 *((long long*)(_t546 + 0x48)) = __r9;
				_t568 = __r8;
				r12d = __edx;
				_t576 = __rcx;
				_t572 =  *((intOrPtr*)(_t543 + 0x2e0));
				 *((long long*)(_t543 - 0x50)) = 0x12731b20;
				0x12705430();
				if (__eax != 0) goto 0x126ff013;
				E00007FFA7FFA12701790(__eax, 0x12731b20, __rdx);
				_t388 = (__rdx >> 7) + (__rdx >> 7 >> 0x3f);
				_t540 = 0x12731b20 - ((__rdx >> 7) + (__rdx >> 7 >> 0x3f)) * 0x3e8;
				E00007FFA7FFA126FD640((__rdx >> 7) + (__rdx >> 7 >> 0x3f), ((__rdx >> 7) + (__rdx >> 7 >> 0x3f)) * 0x3e8, __r8);
				 *((long long*)(_t543 + 0x40)) = 0xe353f7cf;
				 *((long long*)(_t543 + 0x58)) = 0xf;
				 *((long long*)(_t543 + 0x50)) = 2;
				 *((short*)(_t543 + 0x40)) = 0x5425;
				 *((char*)(_t543 + 0x42)) = 0;
				E00007FFA7FFA127017C0(_t388, _t543 + 0x80, _t388, _t543 + 0x40); // executed
				if ( *((long long*)(0x20c49ba5e353f7e7)) - 0x10 < 0) goto 0x126fe6dc;
				 *((long long*)(_t543 + 0xe0)) =  *0xe353f7cf;
				 *((long long*)(_t543 + 0xe8)) =  *((intOrPtr*)(0x20c49ba5e353f7df));
				 *((long long*)(_t543 + 0xf0)) = _t540;
				if ( *((long long*)(0x20c49ba5e353f7e7)) - 0x10 < 0) goto 0x126fe702;
				 *((long long*)(_t543 + 0x100)) =  *0xe353f7cf;
				 *((long long*)(_t543 + 0x108)) =  *((intOrPtr*)(0x20c49ba5e353f7df));
				if ( *((long long*)(_t572 + 0x18)) - 0x10 < 0) goto 0x126fe721;
				 *((long long*)(_t543 + 0x110)) =  *_t572;
				 *((long long*)(_t543 + 0x118)) =  *((intOrPtr*)(_t572 + 0x10));
				 *((long long*)(_t543 - 0x70)) = 0x7388e;
				 *((long long*)(_t543 - 0x68)) = _t543 + 0xe0;
				asm("movaps xmm0, [ebp-0x70]");
				asm("movdqa [ebp-0x20], xmm0");
				 *((long long*)(_t543 - 0x60)) = "{}.{:03d} | {:<15} {}";
				 *((long long*)(_t543 - 0x58)) = 0x15;
				E00007FFA7FFA126E49B0(_t388, _t543 + 0x230, 0xe353f7cf, _t540);
				_t488 =  *0x12731b18; // 0xb
				_t39 = _t488 + 1; // 0xc
				_t409 =  *0x12731b08; // 0x10
				if (_t409 - _t39 > 0) goto 0x126fe7ad;
				_t191 = E00007FFA7FFA126FBD30(_t39, _t388, 0x12731af8, _t488, 0xe353f7cf, _t565, _t572, _t576);
				_t489 =  *0x12731b18; // 0xb
				_t411 =  *0x12731b08; // 0x10
				_t412 = _t411 - 1;
				_t338 =  *0x12731b10; // 0x0
				_t339 = _t338 & _t412;
				 *0x12731b10 = _t339;
				_t389 = (_t412 & _t339 + _t489) * 8;
				_t341 =  *0x12731b00; // 0xd4fe20
				if ( *((long long*)(_t341 + _t389)) != 0) goto 0x126fe7f9;
				E00007FFA7FFA127056A8(_t191, _t341, _t412 & _t339 + _t489);
				_t414 =  *0x12731b00; // 0xd4fe20
				 *((long long*)(_t414 + _t389)) = _t341;
				asm("movups xmm0, [ebp+0x230]");
				asm("movups [eax], xmm0");
				asm("movups xmm1, [ebp+0x240]");
				asm("movups [eax+0x10], xmm1");
				 *0x12731b18 =  *0x12731b18 + 1;
				_t490 =  *((intOrPtr*)(_t543 + 0x98));
				if (_t490 - 0x10 < 0) goto 0x126fe85d;
				if (_t490 + 1 - 0x1000 < 0) goto 0x126fe858;
				if ( *((intOrPtr*)(_t543 + 0x80)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0x80)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126fe858;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				 *((long long*)(_t543 + 0x90)) = 0xe353f7cf;
				 *((long long*)(_t543 + 0x98)) = 0xf;
				 *((intOrPtr*)(_t543 + 0x80)) = dil;
				_t493 =  *((intOrPtr*)(_t543 + 0x58));
				if (_t493 - 0x10 < 0) goto 0x126fe8b6;
				if (_t493 + 1 - 0x1000 < 0) goto 0x126fe8b1;
				if ( *((intOrPtr*)(_t543 + 0x40)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0x40)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126fe8b1;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				if ( *0x12731b18 - 0xc8 <= 0) goto 0x126fe967;
				_t496 =  *0x12731b10; // 0x0
				_t419 =  *0x12731b08; // 0x10
				_t350 =  *0x12731b00; // 0xd4fe20
				_t390 =  *((intOrPtr*)(_t350 + (_t419 - 0x00000001 & _t496) * 8));
				_t497 =  *((intOrPtr*)(_t390 + 0x18));
				if (_t497 - 0x10 < 0) goto 0x126fe922;
				if (_t497 + 1 - 0x1000 < 0) goto 0x126fe91d;
				_t57 =  *_t390 -  *((intOrPtr*)( *_t390 - 8)) - 8; // 0x7
				_t286 = _t57 - 0x1f;
				if (_t286 > 0) goto 0x126fe9da;
				E00007FFA7FFA127056E4();
				 *((long long*)(_t390 + 0x10)) = 0xe353f7cf;
				 *((long long*)(_t390 + 0x18)) = 0xf;
				 *_t390 = 0;
				_t352 =  *0x12731b18; // 0xb
				_t353 = _t352 - 1;
				 *0x12731b18 = _t353;
				if (_t286 != 0) goto 0x126fe94a;
				goto 0x126fe954;
				_t501 =  *0x12731b10; // 0x0
				 *0x12731b10 = _t501 + 1;
				if (_t353 - 0xc8 > 0) goto 0x126fe8d0;
				0x12705436();
				if ( *((intOrPtr*)(_t576 + 0x50)) != 0x3a875d21) goto 0x126fefe9;
				 *((long long*)(_t543 - 0x10)) = _t576 + 0x48;
				 *((char*)(_t543 - 8)) = 1;
				0x127054e8();
				E00007FFA7FFA127099B0(_t353, _t546 + 0x60, _t501 + 1);
				E00007FFA7FFA12708020(_t353, _t390, _t546 + 0x70, _t575);
				 *((intOrPtr*)(_t546 + 0x78)) = 0;
				E00007FFA7FFA127080E0(_t353);
				if (_t353 == 0) goto 0x126fe9e1;
				 *((long long*)(_t353 + 8)) = 0xe353f7cf;
				 *_t353 = 0x1271d5d0;
				asm("lock xadd [eax+0x8], ecx");
				goto 0x126fe9e4;
				__imp___invalid_parameter_noinfo_noreturn();
				 *((long long*)(_t543 - 0x80)) = 0xe353f7cf;
				E00007FFA7FFA1270A540(0xe353f7cf, _t543 - 0x78, _t501 + 1);
				r8d =  *0xe353f7cf;
				E00007FFA7FFA12701260(E00007FFA7FFA12708120(_t390, _t546 + 0x70, _t543, _t540, _t543 - 0x80), _t543 + 0x250,  *((intOrPtr*)(_t546 + 0x48)));
				0x126f2ca0();
				_t506 =  *((intOrPtr*)(0x20c49ba5e353f7df));
				_t552 =  *((intOrPtr*)(0x20c49ba5e353f7e7));
				if (_t552 - _t506 - 1 < 0) goto 0x126fea5d;
				 *((long long*)(0x20c49ba5e353f7df)) = _t506 + 1;
				if (_t552 - 0x10 < 0) goto 0x126fea55;
				_t357 =  *0xe353f7cf;
				 *((short*)(_t357 + _t506)) = 0x3a;
				goto 0x126fea7f;
				 *((long long*)(_t546 + 0x20)) = 1;
				r8d = 0;
				E00007FFA7FFA126E2190(0xe353f7cf, _t506, 0xe353f7cf, _t543, ":", _t568, _t576 + 0x48, _t571, _t567);
				_t564 = _t357;
				asm("inc ecx");
				asm("movups [ebp+0xc0], xmm0");
				asm("inc ecx");
				asm("movups [ebp+0xd0], xmm1");
				 *((long long*)(_t564 + 0x10)) = 0xe353f7cf;
				 *((long long*)(_t564 + 0x18)) = 0xf;
				 *_t564 = 0;
				E00007FFA7FFA126F8800(0xe353f7cf, _t543 + 0x60, _t543, _t543 + 0xc0, 0xe353f7cf, _t565);
				E00007FFA7FFA127080E0(_t357);
				if (_t357 == 0) goto 0x126feb0a;
				 *((intOrPtr*)(_t357 + 8)) = 0;
				asm("movups xmm0, [ebp+0x60]");
				asm("movups [eax+0x10], xmm0");
				asm("movups xmm1, [ebp+0x70]");
				asm("movups [eax+0x20], xmm1");
				 *((long long*)(_t543 + 0x70)) = 0xe353f7cf;
				 *((long long*)(_t543 + 0x78)) = 0xf;
				 *((char*)(_t543 + 0x60)) = 0;
				 *_t357 = 0x1271d558;
				asm("lock xadd [ecx+0x8], eax");
				goto 0x126feb0d;
				 *((long long*)(_t546 + 0x50)) = 0xe353f7cf;
				r8d = E00007FFA7FFA127077F0(_t269, _t357, _t357, 0xe353f7cf, "FileName", _t506, _t543 + 0xc0, 0xe353f7cf);
				E00007FFA7FFA12708120(0xe353f7cf, _t546 + 0x70, _t543 + 0x10, _t540, _t546 + 0x50);
				_t358 =  *((intOrPtr*)(_t546 + 0x50));
				if (_t358 == 0) goto 0x126feb6c;
				asm("lock xadd [edx], eax");
				if (0xffffffff != 1) goto 0x126feb6c;
				_t443 =  ==  ? 0xe353f7cf : _t358 + 8 - 8;
				if (_t443 == 0) goto 0x126feb6c;
				 *((intOrPtr*)( *_t443))();
				_t509 =  *((intOrPtr*)(_t543 + 0x78));
				if (_t509 - 0x10 < 0) goto 0x126febab;
				if (_t509 + 1 - 0x1000 < 0) goto 0x126feba5;
				if ( *((intOrPtr*)(_t543 + 0x60)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0x60)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126feba5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_t512 =  *((intOrPtr*)(_t543 + 0xd8));
				if (_t512 - 0x10 < 0) goto 0x126febf0;
				if (_t512 + 1 - 0x1000 < 0) goto 0x126febea;
				if ( *((intOrPtr*)(_t543 + 0xc0)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0xc0)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126febea;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_t515 =  *((intOrPtr*)(_t543 + 0xb8));
				if (_t515 - 0x10 < 0) goto 0x126fec34;
				if (_t515 + 1 - 0x1000 < 0) goto 0x126fec2f;
				if ( *((intOrPtr*)(_t543 + 0xa0)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0xa0)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126fec2f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				 *((long long*)(_t543 + 0xb0)) = 0xe353f7cf;
				 *((long long*)(_t543 + 0xb8)) = 0xf;
				 *((char*)(_t543 + 0xa0)) = 0;
				_t518 =  *((intOrPtr*)(_t543 + 0x268));
				if (_t518 - 0x10 < 0) goto 0x126fec91;
				_t450 =  *((intOrPtr*)(_t543 + 0x250));
				if (_t518 + 1 - 0x1000 < 0) goto 0x126fec8c;
				_t451 =  *((intOrPtr*)(_t450 - 8));
				if (_t450 - _t451 + 0xfffffff8 - 0x1f <= 0) goto 0x126fec8c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_t372 =  *[gs:0x58];
				_t521 =  *((intOrPtr*)(_t372 + _t451 * 8));
				_t215 =  *(_t451 + _t521);
				if ((_t215 & 0x00000001) != 0) goto 0x126feccd;
				 *(_t451 + _t521) = _t215 | 0x00000001;
				asm("lock dec eax");
				 *((long long*)(_t521 + 0xe353f7cf)) = _t372;
				E00007FFA7FFA127080E0(_t372);
				if (_t372 == 0) goto 0x126fecfd;
				 *((intOrPtr*)(_t372 + 8)) = 0;
				 *((long long*)(_t372 + 0x10)) =  *((intOrPtr*)(_t521 + 0xe353f7cf));
				 *_t372 = 0x1271d4f8;
				asm("lock xadd [eax+0x8], ecx");
				goto 0x126fed00;
				 *((long long*)(_t546 + 0x58)) = 0xe353f7cf;
				r8d = E00007FFA7FFA127077F0(0xffffffff, _t372, 0xe353f7cf,  *((intOrPtr*)(_t521 + 0xe353f7cf)), "ThreadId", _t521, _t543 + 0xc0, _t546 + 0x50);
				E00007FFA7FFA12708120( *((intOrPtr*)(_t521 + 0xe353f7cf)), _t546 + 0x70, _t543 + 0x20, _t540, _t546 + 0x58);
				_t374 =  *((intOrPtr*)(_t546 + 0x58));
				if (_t374 == 0) goto 0x126fed5b;
				asm("lock xadd [edx], eax");
				if (0xffffffff != 1) goto 0x126fed5b;
				_t456 =  ==  ? 0xe353f7cf : _t374 + 8 - 8;
				if (_t456 == 0) goto 0x126fed5b;
				_t375 =  *_t456;
				 *_t375();
				E00007FFA7FFA126FD640( *((intOrPtr*)(_t521 + 0xe353f7cf)), _t456, _t543 + 0xc0);
				_t536 = _t375;
				E00007FFA7FFA127080E0(_t375);
				_t393 = _t375;
				 *((long long*)(_t546 + 0x40)) = _t375;
				if (_t375 == 0) goto 0x126fed9c;
				 *((intOrPtr*)(_t393 + 8)) = 0;
				 *_t393 = 0x1271d528;
				_t132 = _t393 + 0x10; // 0x10
				E00007FFA7FFA126ED4C0(0x1271d528, _t393, _t132, _t536, _t540);
				 *_t393 = 0x1271d558;
				goto 0x126feda0;
				if (_t393 == 0) goto 0x126fedaf;
				asm("lock xadd [ebx+0x8], eax");
				 *((long long*)(_t546 + 0x48)) = _t393;
				r8d = E00007FFA7FFA127077F0(0xffffffff, _t393, 0x1271d528, _t393, "Scope", _t536, _t543 + 0xc0, _t546 + 0x58);
				E00007FFA7FFA12708120(_t393, _t546 + 0x70, _t543 + 0x30, _t540, _t546 + 0x48);
				_t377 =  *((intOrPtr*)(_t546 + 0x48));
				if (_t377 == 0) goto 0x126fee0a;
				asm("lock xadd [edx], esi");
				_t139 = _t540 - 1; // 0xfffffffe
				if (_t139 != 0) goto 0x126fee0a;
				_t461 =  ==  ? _t536 : _t377 + 8 - 8;
				if (_t461 == 0) goto 0x126fee0a;
				_t378 =  *_t461;
				 *_t378();
				if (E00007FFA7FFA12709AC0( *((intOrPtr*)(_t546 + 0x60))) == 0) goto 0x126fee3b;
				E00007FFA7FFA1270A9D0(0x30, 1, _t393, _t377 + 8);
				 *_t378 = r12d;
				_t234 = E00007FFA7FFA12709C80(_t378,  *((intOrPtr*)(_t546 + 0x60)), _t546 + 0x38);
				goto 0x126fee43;
				_t465 = _t536;
				 *((long long*)(_t546 + 0x38)) = _t465;
				_t322 = _t465;
				if (_t322 == 0) goto 0x126fefc7;
				__imp__??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ();
				 *((long long*)(_t543 + 0x120)) = 0x1271d3a0;
				 *((long long*)(_t543 + 0x188)) = _t536;
				 *((long long*)(_t543 + 0x190)) = _t536;
				 *((char*)(_t543 + 0x198)) = 0;
				 *((long long*)( *((intOrPtr*)(_t543 + 0x140)))) = _t543 + 0x1a0;
				 *((long long*)( *((intOrPtr*)(_t543 + 0x160)))) = _t543 + 0x1a0;
				 *((intOrPtr*)( *((intOrPtr*)(_t543 + 0x178)))) = 0 - _t234 + 0x90;
				r9d = 1;
				r8d = 0;
				__imp__??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z();
				E00007FFA7FFA126FE130(_t234, _t543 + 0x120, _t543 + 0x120);
				 *((long long*)(_t543 + 0x220)) = _t546 + 0x38;
				E00007FFA7FFA1270DC80(0 - _t234 + 0x90, 0, 0xffffffff, _t322, _t543 + 0x120, _t543 + 0x120, _t540, _t564);
				r12d = r12d - 3;
				if (_t322 == 0) goto 0x126fef30;
				r12d = r12d - 1;
				if (_t322 == 0) goto 0x126fef21;
				if (r12d != 1) goto 0x126fef49;
				r8d = _t565 + 0xb;
				goto 0x126fef3d;
				r8d = 0xc;
				goto 0x126fef3d;
				r8d = 0xa;
				E00007FFA7FFA126FD2C0(_t543 + 0x120, _t543 + 0x120, "!WARNING! ", _t536, _t540, _t543, _t546 + 0x70, _t565, _t534);
				if ( *((long long*)(_t572 + 0x18)) - 0x10 < 0) goto 0x126fef57;
				E00007FFA7FFA126FD2C0(_t543 + 0x120, _t543 + 0x120,  *_t572, _t536, _t540, _t543,  *((intOrPtr*)(_t572 + 0x10)), _t538, _t542);
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				E00007FFA7FFA12709CA0(_t546 + 0x38,  *((intOrPtr*)(_t546 + 0x60)), _t546 + 0x38, _t546 + 0x48); // executed
				E00007FFA7FFA1270DC10(_t543 + 0x120, _t546 + 0x38,  *((intOrPtr*)(_t572 + 0x10)));
				if ( *((long long*)(_t543 + 0x188)) == 0) goto 0x126fefa7;
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				__imp__??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ();
				__imp__??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ();
				if ( *((intOrPtr*)(_t546 + 0x38)) == 0) goto 0x126fefd6;
				E00007FFA7FFA127097F0( *((intOrPtr*)(_t546 + 0x38)));
				 *((long long*)(_t546 + 0x38)) = _t536;
				_t242 = E00007FFA7FFA126FA280(_t546 + 0x38, _t543 + 0x120, _t546 + 0x60);
				0x127054f8();
				return E00007FFA7FFA12705E20(_t242, 0x30,  *(_t543 + 0x270) ^ _t546);
			}











































































                                                                                                                0x7ffa126fe600
                                                                                                                0x7ffa126fe610
                                                                                                                0x7ffa126fe618
                                                                                                                0x7ffa126fe61f
                                                                                                                0x7ffa126fe629
                                                                                                                0x7ffa126fe630
                                                                                                                0x7ffa126fe635
                                                                                                                0x7ffa126fe638
                                                                                                                0x7ffa126fe63b
                                                                                                                0x7ffa126fe63e
                                                                                                                0x7ffa126fe64c
                                                                                                                0x7ffa126fe653
                                                                                                                0x7ffa126fe65a
                                                                                                                0x7ffa126fe660
                                                                                                                0x7ffa126fe683
                                                                                                                0x7ffa126fe68d
                                                                                                                0x7ffa126fe690
                                                                                                                0x7ffa126fe69a
                                                                                                                0x7ffa126fe69e
                                                                                                                0x7ffa126fe6a6
                                                                                                                0x7ffa126fe6b3
                                                                                                                0x7ffa126fe6b7
                                                                                                                0x7ffa126fe6c9
                                                                                                                0x7ffa126fe6d7
                                                                                                                0x7ffa126fe6e0
                                                                                                                0x7ffa126fe6e7
                                                                                                                0x7ffa126fe6ee
                                                                                                                0x7ffa126fe6fd
                                                                                                                0x7ffa126fe706
                                                                                                                0x7ffa126fe70d
                                                                                                                0x7ffa126fe71c
                                                                                                                0x7ffa126fe725
                                                                                                                0x7ffa126fe72c
                                                                                                                0x7ffa126fe733
                                                                                                                0x7ffa126fe742
                                                                                                                0x7ffa126fe746
                                                                                                                0x7ffa126fe74a
                                                                                                                0x7ffa126fe756
                                                                                                                0x7ffa126fe75a
                                                                                                                0x7ffa126fe771
                                                                                                                0x7ffa126fe777
                                                                                                                0x7ffa126fe77e
                                                                                                                0x7ffa126fe782
                                                                                                                0x7ffa126fe78c
                                                                                                                0x7ffa126fe79a
                                                                                                                0x7ffa126fe79f
                                                                                                                0x7ffa126fe7a6
                                                                                                                0x7ffa126fe7ad
                                                                                                                0x7ffa126fe7b0
                                                                                                                0x7ffa126fe7b7
                                                                                                                0x7ffa126fe7ba
                                                                                                                0x7ffa126fe7c7
                                                                                                                0x7ffa126fe7cf
                                                                                                                0x7ffa126fe7db
                                                                                                                0x7ffa126fe7e2
                                                                                                                0x7ffa126fe7e7
                                                                                                                0x7ffa126fe7ee
                                                                                                                0x7ffa126fe7fd
                                                                                                                0x7ffa126fe804
                                                                                                                0x7ffa126fe807
                                                                                                                0x7ffa126fe80e
                                                                                                                0x7ffa126fe812
                                                                                                                0x7ffa126fe819
                                                                                                                0x7ffa126fe824
                                                                                                                0x7ffa126fe83a
                                                                                                                0x7ffa126fe84f
                                                                                                                0x7ffa126fe851
                                                                                                                0x7ffa126fe857
                                                                                                                0x7ffa126fe858
                                                                                                                0x7ffa126fe85f
                                                                                                                0x7ffa126fe866
                                                                                                                0x7ffa126fe871
                                                                                                                0x7ffa126fe878
                                                                                                                0x7ffa126fe880
                                                                                                                0x7ffa126fe893
                                                                                                                0x7ffa126fe8a8
                                                                                                                0x7ffa126fe8aa
                                                                                                                0x7ffa126fe8b0
                                                                                                                0x7ffa126fe8b1
                                                                                                                0x7ffa126fe8c1
                                                                                                                0x7ffa126fe8c7
                                                                                                                0x7ffa126fe8d0
                                                                                                                0x7ffa126fe8dd
                                                                                                                0x7ffa126fe8e4
                                                                                                                0x7ffa126fe8e8
                                                                                                                0x7ffa126fe8f0
                                                                                                                0x7ffa126fe8ff
                                                                                                                0x7ffa126fe90c
                                                                                                                0x7ffa126fe910
                                                                                                                0x7ffa126fe914
                                                                                                                0x7ffa126fe91d
                                                                                                                0x7ffa126fe922
                                                                                                                0x7ffa126fe926
                                                                                                                0x7ffa126fe92e
                                                                                                                0x7ffa126fe931
                                                                                                                0x7ffa126fe938
                                                                                                                0x7ffa126fe93c
                                                                                                                0x7ffa126fe943
                                                                                                                0x7ffa126fe948
                                                                                                                0x7ffa126fe94a
                                                                                                                0x7ffa126fe954
                                                                                                                0x7ffa126fe961
                                                                                                                0x7ffa126fe96e
                                                                                                                0x7ffa126fe97c
                                                                                                                0x7ffa126fe986
                                                                                                                0x7ffa126fe98a
                                                                                                                0x7ffa126fe991
                                                                                                                0x7ffa126fe99c
                                                                                                                0x7ffa126fe9a7
                                                                                                                0x7ffa126fe9ad
                                                                                                                0x7ffa126fe9b6
                                                                                                                0x7ffa126fe9be
                                                                                                                0x7ffa126fe9c0
                                                                                                                0x7ffa126fe9cb
                                                                                                                0x7ffa126fe9d3
                                                                                                                0x7ffa126fe9d8
                                                                                                                0x7ffa126fe9da
                                                                                                                0x7ffa126fe9e4
                                                                                                                0x7ffa126fe9ec
                                                                                                                0x7ffa126fe9f5
                                                                                                                0x7ffa126fea13
                                                                                                                0x7ffa126fea25
                                                                                                                0x7ffa126fea2d
                                                                                                                0x7ffa126fea31
                                                                                                                0x7ffa126fea3f
                                                                                                                0x7ffa126fea45
                                                                                                                0x7ffa126fea50
                                                                                                                0x7ffa126fea52
                                                                                                                0x7ffa126fea55
                                                                                                                0x7ffa126fea5b
                                                                                                                0x7ffa126fea5d
                                                                                                                0x7ffa126fea6d
                                                                                                                0x7ffa126fea77
                                                                                                                0x7ffa126fea7c
                                                                                                                0x7ffa126fea7f
                                                                                                                0x7ffa126fea83
                                                                                                                0x7ffa126fea8a
                                                                                                                0x7ffa126fea8f
                                                                                                                0x7ffa126fea96
                                                                                                                0x7ffa126fea9a
                                                                                                                0x7ffa126feaa2
                                                                                                                0x7ffa126feab9
                                                                                                                0x7ffa126feac4
                                                                                                                0x7ffa126fead6
                                                                                                                0x7ffa126fead8
                                                                                                                0x7ffa126feadb
                                                                                                                0x7ffa126feadf
                                                                                                                0x7ffa126feae3
                                                                                                                0x7ffa126feae7
                                                                                                                0x7ffa126feaeb
                                                                                                                0x7ffa126feaef
                                                                                                                0x7ffa126feaf7
                                                                                                                0x7ffa126feafb
                                                                                                                0x7ffa126feb03
                                                                                                                0x7ffa126feb08
                                                                                                                0x7ffa126feb0d
                                                                                                                0x7ffa126feb23
                                                                                                                0x7ffa126feb2f
                                                                                                                0x7ffa126feb3a
                                                                                                                0x7ffa126feb42
                                                                                                                0x7ffa126feb4a
                                                                                                                0x7ffa126feb51
                                                                                                                0x7ffa126feb5a
                                                                                                                0x7ffa126feb61
                                                                                                                0x7ffa126feb69
                                                                                                                0x7ffa126feb6c
                                                                                                                0x7ffa126feb74
                                                                                                                0x7ffa126feb87
                                                                                                                0x7ffa126feb9c
                                                                                                                0x7ffa126feb9e
                                                                                                                0x7ffa126feba4
                                                                                                                0x7ffa126feba5
                                                                                                                0x7ffa126febab
                                                                                                                0x7ffa126febb6
                                                                                                                0x7ffa126febcc
                                                                                                                0x7ffa126febe1
                                                                                                                0x7ffa126febe3
                                                                                                                0x7ffa126febe9
                                                                                                                0x7ffa126febea
                                                                                                                0x7ffa126febf0
                                                                                                                0x7ffa126febfb
                                                                                                                0x7ffa126fec11
                                                                                                                0x7ffa126fec26
                                                                                                                0x7ffa126fec28
                                                                                                                0x7ffa126fec2e
                                                                                                                0x7ffa126fec2f
                                                                                                                0x7ffa126fec34
                                                                                                                0x7ffa126fec3b
                                                                                                                0x7ffa126fec46
                                                                                                                0x7ffa126fec4d
                                                                                                                0x7ffa126fec58
                                                                                                                0x7ffa126fec5d
                                                                                                                0x7ffa126fec6e
                                                                                                                0x7ffa126fec74
                                                                                                                0x7ffa126fec83
                                                                                                                0x7ffa126fec85
                                                                                                                0x7ffa126fec8b
                                                                                                                0x7ffa126fec8c
                                                                                                                0x7ffa126fec97
                                                                                                                0x7ffa126feca0
                                                                                                                0x7ffa126feca9
                                                                                                                0x7ffa126fecb3
                                                                                                                0x7ffa126fecb8
                                                                                                                0x7ffa126fecc0
                                                                                                                0x7ffa126fecc9
                                                                                                                0x7ffa126fecd6
                                                                                                                0x7ffa126fecde
                                                                                                                0x7ffa126fece0
                                                                                                                0x7ffa126fece3
                                                                                                                0x7ffa126fecee
                                                                                                                0x7ffa126fecf6
                                                                                                                0x7ffa126fecfb
                                                                                                                0x7ffa126fed00
                                                                                                                0x7ffa126fed16
                                                                                                                0x7ffa126fed22
                                                                                                                0x7ffa126fed28
                                                                                                                0x7ffa126fed30
                                                                                                                0x7ffa126fed38
                                                                                                                0x7ffa126fed3f
                                                                                                                0x7ffa126fed48
                                                                                                                0x7ffa126fed4f
                                                                                                                0x7ffa126fed51
                                                                                                                0x7ffa126fed59
                                                                                                                0x7ffa126fed5b
                                                                                                                0x7ffa126fed60
                                                                                                                0x7ffa126fed68
                                                                                                                0x7ffa126fed6d
                                                                                                                0x7ffa126fed70
                                                                                                                0x7ffa126fed78
                                                                                                                0x7ffa126fed7c
                                                                                                                0x7ffa126fed86
                                                                                                                0x7ffa126fed89
                                                                                                                0x7ffa126fed90
                                                                                                                0x7ffa126fed95
                                                                                                                0x7ffa126fed9a
                                                                                                                0x7ffa126feda3
                                                                                                                0x7ffa126fedaa
                                                                                                                0x7ffa126fedaf
                                                                                                                0x7ffa126fedc5
                                                                                                                0x7ffa126fedd1
                                                                                                                0x7ffa126fedd7
                                                                                                                0x7ffa126feddf
                                                                                                                0x7ffa126fede5
                                                                                                                0x7ffa126fede9
                                                                                                                0x7ffa126fedee
                                                                                                                0x7ffa126fedf7
                                                                                                                0x7ffa126fedfe
                                                                                                                0x7ffa126fee00
                                                                                                                0x7ffa126fee08
                                                                                                                0x7ffa126fee16
                                                                                                                0x7ffa126fee18
                                                                                                                0x7ffa126fee1d
                                                                                                                0x7ffa126fee2f
                                                                                                                0x7ffa126fee39
                                                                                                                0x7ffa126fee3b
                                                                                                                0x7ffa126fee3e
                                                                                                                0x7ffa126fee43
                                                                                                                0x7ffa126fee46
                                                                                                                0x7ffa126fee5a
                                                                                                                0x7ffa126fee67
                                                                                                                0x7ffa126fee6e
                                                                                                                0x7ffa126fee75
                                                                                                                0x7ffa126fee7c
                                                                                                                0x7ffa126fee91
                                                                                                                0x7ffa126feea2
                                                                                                                0x7ffa126feebb
                                                                                                                0x7ffa126feebd
                                                                                                                0x7ffa126feec3
                                                                                                                0x7ffa126feed4
                                                                                                                0x7ffa126feee2
                                                                                                                0x7ffa126feeed
                                                                                                                0x7ffa126feefb
                                                                                                                0x7ffa126fef01
                                                                                                                0x7ffa126fef05
                                                                                                                0x7ffa126fef07
                                                                                                                0x7ffa126fef0b
                                                                                                                0x7ffa126fef11
                                                                                                                0x7ffa126fef13
                                                                                                                0x7ffa126fef1f
                                                                                                                0x7ffa126fef21
                                                                                                                0x7ffa126fef2e
                                                                                                                0x7ffa126fef30
                                                                                                                0x7ffa126fef44
                                                                                                                0x7ffa126fef52
                                                                                                                0x7ffa126fef61
                                                                                                                0x7ffa126fef6d
                                                                                                                0x7ffa126fef7d
                                                                                                                0x7ffa126fef8a
                                                                                                                0x7ffa126fef98
                                                                                                                0x7ffa126fefa1
                                                                                                                0x7ffa126fefae
                                                                                                                0x7ffa126fefbb
                                                                                                                0x7ffa126fefca
                                                                                                                0x7ffa126fefcc
                                                                                                                0x7ffa126fefd1
                                                                                                                0x7ffa126fefdb
                                                                                                                0x7ffa126fefe4
                                                                                                                0x7ffa126ff012

                                                                                                                APIs
                                                                                                                • strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126FF02C
                                                                                                                  • Part of subcall function 00007FFA126FD640: __tlregdtor.LIBCMT ref: 00007FFA126FD690
                                                                                                                  • Part of subcall function 00007FFA127017C0: _localtime64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFA127017F4
                                                                                                                  • Part of subcall function 00007FFA127017C0: strftime.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFA1270182E
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126FE851
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126FE8AA
                                                                                                                • _Mtx_unlock.MSVCP140 ref: 00007FFA126FE96E
                                                                                                                • AcquireSRWLockShared.KERNEL32 ref: 00007FFA126FE991
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126FE9DA
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126FEB9E
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126FEBE3
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126FEC28
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126FEC85
                                                                                                                • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FFA126FEE5A
                                                                                                                • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FFA126FEED4
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFA126FEF6D
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFA126FEFA1
                                                                                                                • ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FFA126FEFAE
                                                                                                                • ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FFA126FEFBB
                                                                                                                • ReleaseSRWLockShared.KERNEL32 ref: 00007FFA126FEFE4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: U?$char_traits@_invalid_parameter_noinfo_noreturn$D@std@@@std@@$?flush@?$basic_ostream@LockSharedV12@$??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_streambuf@AcquireD?$basic_ostream@D@std@@@1@_Mtx_unlockReleaseV?$basic_streambuf@__tlregdtor_localtime64strerrorstrftime
                                                                                                                • String ID: !!!ERROR!!! $!!!FATAL!!! $!WARNING! $FileName$Scope$ThreadId$Unknown error${}.{:03d} | {:<15} {}
                                                                                                                • API String ID: 1873823629-45781566
                                                                                                                • Opcode ID: fe7e319ab15958dd67f98e09135d2acedb8e462f4252ba93837fb2a011ff4315
                                                                                                                • Instruction ID: faac02227abe2a0bbe6568824e16b287ce2d117249f7d07e5afb028c101d582b
                                                                                                                • Opcode Fuzzy Hash: fe7e319ab15958dd67f98e09135d2acedb8e462f4252ba93837fb2a011ff4315
                                                                                                                • Instruction Fuzzy Hash: 28528F32A05E8585EF148F24D8503E927A1FB47BA4F428532DA5D4B7E9EFBCE548CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126EF010 Relevance: 35.4, APIs: 14, Strings: 6, Instructions: 426COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 201 7ffa126ef010-7ffa126ef076 202 7ffa126ef078-7ffa126ef080 memset 201->202 203 7ffa126ef085-7ffa126ef08b 201->203 202->203 204 7ffa126ef091-7ffa126ef0a4 _Mtx_lock 203->204 205 7ffa126ef66c-7ffa126ef6a0 call 7ffa126ec8d0 call 7ffa126ed750 _CxxThrowException 203->205 207 7ffa126ef6a1-7ffa126ef6a8 ?_Throw_C_error@std@@YAXH@Z 204->207 208 7ffa126ef0aa-7ffa126ef0b8 204->208 205->207 210 7ffa126ef0f7-7ffa126ef11d call 7ffa126ecd20 208->210 211 7ffa126ef0ba-7ffa126ef0c7 208->211 218 7ffa126ef634-7ffa126ef66b call 7ffa126eca90 call 7ffa126ed5e0 _CxxThrowException 210->218 219 7ffa126ef123-7ffa126ef137 210->219 214 7ffa126ef0d0-7ffa126ef0eb call 7ffa126efb10 211->214 224 7ffa126ef0ed-7ffa126ef0f2 214->224 218->205 221 7ffa126ef5c7-7ffa126ef5fb _Mtx_unlock call 7ffa12705e20 219->221 222 7ffa126ef13d 219->222 226 7ffa126ef140-7ffa126ef16f call 7ffa126ed4c0 call 7ffa126f3ff0 222->226 224->210 235 7ffa126ef1a2-7ffa126ef1c7 226->235 236 7ffa126ef171-7ffa126ef182 226->236 239 7ffa126ef1c9 235->239 240 7ffa126ef1cc-7ffa126ef1ea call 7ffa126f3ff0 235->240 237 7ffa126ef184-7ffa126ef197 236->237 238 7ffa126ef19d call 7ffa127056e4 236->238 237->238 242 7ffa126ef5fc-7ffa126ef602 _invalid_parameter_noinfo_noreturn 237->242 238->235 239->240 246 7ffa126ef1ef-7ffa126ef20b call 7ffa126f3ff0 240->246 247 7ffa126ef1ec 240->247 245 7ffa126ef603-7ffa126ef609 _invalid_parameter_noinfo_noreturn 242->245 248 7ffa126ef60a-7ffa126ef610 _invalid_parameter_noinfo_noreturn 245->248 253 7ffa126ef414-7ffa126ef435 246->253 254 7ffa126ef211-7ffa126ef214 246->254 247->246 250 7ffa126ef611-7ffa126ef617 _invalid_parameter_noinfo_noreturn 248->250 252 7ffa126ef618-7ffa126ef61e _invalid_parameter_noinfo_noreturn 250->252 255 7ffa126ef61f-7ffa126ef625 _invalid_parameter_noinfo_noreturn 252->255 256 7ffa126ef440-7ffa126ef44e 253->256 257 7ffa126ef4d4 254->257 258 7ffa126ef21a-7ffa126ef23d 254->258 259 7ffa126ef626-7ffa126ef62c _invalid_parameter_noinfo_noreturn 255->259 256->256 261 7ffa126ef450-7ffa126ef48f call 7ffa126f4280 call 7ffa126e5600 256->261 260 7ffa126ef4d7-7ffa126ef4df 257->260 262 7ffa126ef240-7ffa126ef24e 258->262 263 7ffa126ef62d-7ffa126ef633 _invalid_parameter_noinfo_noreturn 259->263 264 7ffa126ef517-7ffa126ef530 260->264 265 7ffa126ef4e1-7ffa126ef4f7 260->265 282 7ffa126ef494-7ffa126ef49d 261->282 262->262 267 7ffa126ef250-7ffa126ef26e 262->267 263->218 270 7ffa126ef568-7ffa126ef581 264->270 271 7ffa126ef532-7ffa126ef548 264->271 268 7ffa126ef4f9-7ffa126ef50c 265->268 269 7ffa126ef512 call 7ffa127056e4 265->269 273 7ffa126ef270-7ffa126ef27e 267->273 268->255 268->269 269->264 279 7ffa126ef5b6-7ffa126ef5c1 270->279 280 7ffa126ef583-7ffa126ef59a 270->280 275 7ffa126ef563 call 7ffa127056e4 271->275 276 7ffa126ef54a-7ffa126ef55d 271->276 273->273 278 7ffa126ef280-7ffa126ef29d 273->278 275->270 276->259 276->275 283 7ffa126ef2a0-7ffa126ef2ae 278->283 279->221 279->226 284 7ffa126ef5b1 call 7ffa127056e4 280->284 285 7ffa126ef59c-7ffa126ef5af 280->285 287 7ffa126ef4d0 282->287 288 7ffa126ef49f-7ffa126ef4b0 282->288 283->283 289 7ffa126ef2b0-7ffa126ef33f call 7ffa126f4280 * 3 call 7ffa126ecec0 283->289 284->279 285->263 285->284 287->257 290 7ffa126ef4b2-7ffa126ef4c5 288->290 291 7ffa126ef4cb call 7ffa127056e4 288->291 301 7ffa126ef372-7ffa126ef38d 289->301 302 7ffa126ef341-7ffa126ef352 289->302 290->252 290->291 291->287 305 7ffa126ef3c0-7ffa126ef3d8 301->305 306 7ffa126ef38f-7ffa126ef3a0 301->306 303 7ffa126ef354-7ffa126ef367 302->303 304 7ffa126ef36d call 7ffa127056e4 302->304 303->245 303->304 304->301 307 7ffa126ef3da-7ffa126ef3eb 305->307 308 7ffa126ef40b-7ffa126ef40f 305->308 310 7ffa126ef3a2-7ffa126ef3b5 306->310 311 7ffa126ef3bb call 7ffa127056e4 306->311 312 7ffa126ef406 call 7ffa127056e4 307->312 313 7ffa126ef3ed-7ffa126ef400 307->313 308->260 310->248 310->311 311->305 312->308 313->250 313->312
                                                                                                                C-Code - Quality: 50%
                                                                                                                			E00007FFA7FFA126EF010(intOrPtr __esi, long long __rbx, long long __rcx, long long __r9) {
				void* __rsi;
				void* __rbp;
				void* _t141;
				signed int _t152;
				signed int _t153;
				signed int _t162;
				intOrPtr _t171;
				signed int _t176;
				void* _t180;
				void* _t195;
				signed long long _t232;
				intOrPtr* _t235;
				signed long long _t238;
				signed short* _t243;
				long long _t256;
				intOrPtr* _t273;
				intOrPtr* _t275;
				signed short* _t289;
				signed short* _t292;
				signed short* _t304;
				intOrPtr _t323;
				intOrPtr _t343;
				intOrPtr _t346;
				intOrPtr _t349;
				intOrPtr _t357;
				signed long long _t360;
				signed long long _t363;
				signed long long _t366;
				void* _t369;
				void* _t372;
				intOrPtr _t374;
				long long _t375;
				long long _t376;
				long long _t377;
				long long _t378;
				void* _t380;
				intOrPtr* _t381;
				void* _t383;
				signed long long _t384;
				void* _t391;
				int _t393;
				intOrPtr* _t395;
				intOrPtr _t396;
				int _t398;
				long long _t399;
				void* _t401;
				long long* _t404;
				long long* _t405;

				 *((long long*)(_t383 + 0x10)) = __rbx;
				_t381 = _t383 - 0x30;
				_t384 = _t383 - 0x130;
				_t232 =  *0x1272ec78; // 0xf623ed34940b
				 *(_t381 + 0x28) = _t232 ^ _t384;
				 *((long long*)(_t384 + 0x48)) = __r9;
				_t171 = r8d;
				 *((intOrPtr*)(_t384 + 0x40)) = _t171;
				 *((long long*)(_t384 + 0x58)) = __rcx;
				 *((intOrPtr*)(_t384 + 0x50)) = _t171;
				 *((long long*)(_t384 + 0x60)) =  *((intOrPtr*)(_t381 + 0x90));
				_t399 =  *((intOrPtr*)(_t381 + 0x98));
				r12d = __esi;
				r12d = r12d - r9d;
				 *((intOrPtr*)(_t384 + 0x44)) = r12d;
				if (r12d <= 0) goto 0x126ef085;
				memset(_t401, _t398, _t393);
				_t141 = __rbx - 1;
				if (_t141 - 1 > 0) goto 0x126ef66c;
				 *((long long*)(_t384 + 0x50)) = __rcx + 0x70;
				0x12705430(_t391, _t369, _t372, _t380);
				if (_t141 != 0) goto 0x126ef6a1;
				 *_t399 = _t141;
				_t395 =  *((intOrPtr*)(__rcx + 0x60));
				_t273 =  *_t395;
				if (_t273 == _t395) goto 0x126ef0f7;
				asm("o16 nop [eax+eax]");
				r8d =  *((intOrPtr*)(_t384 + 0x40));
				 *_t399 =  *_t399 + E00007FFA7FFA126EFB10(_t273 - _t395,  *((intOrPtr*)(_t384 + 0x58)), _t273 + 0x10);
				if ( *_t273 != _t395) goto 0x126ef0d0;
				_t374 =  *((intOrPtr*)(_t384 + 0x60));
				_t404 =  *((intOrPtr*)(_t384 + 0x48));
				 *((long long*)(_t384 + 0x20)) = _t399;
				r8d = 0x122;
				E00007FFA7FFA126ECD20(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", _t381, "size needed is {}"); // executed
				if (r12d -  *_t399 < 0) goto 0x126ef634;
				_t396 =  *((intOrPtr*)(_t384 + 0x58));
				_t235 =  *((intOrPtr*)(_t396 + 0x60));
				 *((long long*)(_t384 + 0x48)) = _t235;
				_t275 =  *_t235;
				if (_t275 == _t235) goto 0x126ef5c7;
				r14d = 0;
				E00007FFA7FFA126ED4C0(_t235, _t275, _t381 - 0x78,  *((intOrPtr*)(_t275 + 0x10)), _t374);
				_t322 =  >=  ?  *((void*)(_t381 - 0x78)) : _t381 - 0x78;
				E00007FFA7FFA126F3FF0(_t171, _t275, _t384 + 0x68,  >=  ?  *((void*)(_t381 - 0x78)) : _t381 - 0x78, _t374, _t381);
				_t323 =  *((intOrPtr*)(_t381 - 0x60));
				if (_t323 - 0x10 < 0) goto 0x126ef1a2;
				if (_t323 + 1 - 0x1000 < 0) goto 0x126ef19d;
				_t238 =  *((intOrPtr*)(_t381 - 0x78)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x78)) - 8)) + 0xfffffff8;
				if (_t238 - 0x1f > 0) goto 0x126ef5fc;
				E00007FFA7FFA127056E4();
				 *((long long*)(_t381 - 0x68)) = _t399;
				 *((long long*)(_t381 - 0x60)) = 0xf;
				 *((char*)(_t381 - 0x78)) = 0;
				r12d = 2 + _t238 * 2;
				if ( *((long long*)(_t396 + 0x38)) - 0x10 < 0) goto 0x126ef1cc;
				E00007FFA7FFA126F3FF0(_t171, _t275, _t381 - 0x38,  *((intOrPtr*)(_t396 + 0x20)), _t374, _t381);
				r14d = 2 + _t238 * 2;
				_t195 =  *((long long*)(_t396 + 0x58)) - 0x10;
				if (_t195 < 0) goto 0x126ef1ef;
				E00007FFA7FFA126F3FF0(_t171, _t275, _t381 - 0x58,  *((intOrPtr*)(_t396 + 0x40)), _t374, _t381);
				r8d = 2 + _t238 * 2;
				if (_t195 == 0) goto 0x126ef414;
				if ( *((intOrPtr*)(_t384 + 0x40)) - 1 != 1) goto 0x126ef4d4;
				asm("xorps xmm0, xmm0");
				asm("inc ecx");
				asm("inc ecx");
				_t375 = _t374 - r14d;
				_t289 =  >=  ?  *((void*)(_t381 - 0x38)) : _t381 - 0x38;
				_t152 =  *_t289 & 0x0000ffff;
				 *(_t289 + _t375 - _t289) = _t152;
				if (_t152 != 0) goto 0x126ef240;
				 *((long long*)(_t404 + 8)) = _t375;
				_t376 = _t375 - r8d;
				_t292 =  >=  ?  *((void*)(_t381 - 0x58)) : _t381 - 0x58;
				_t153 =  *_t292 & 0x0000ffff;
				 *(_t292 + _t376 - _t292) = _t153;
				if (_t153 != 0) goto 0x126ef270;
				 *((long long*)(_t404 + 0x10)) = _t376;
				_t377 = _t376 - r12d;
				_t243 =  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68;
				_t176 =  *_t243 & 0x0000ffff;
				 *(_t243 + _t377 - _t243) = _t176;
				if (_t176 != 0) goto 0x126ef2a0;
				 *_t404 = _t377;
				_t337 =  >=  ?  *((void*)(_t381 - 0x58)) : _t381 - 0x58;
				E00007FFA7FFA126F4280(_t180, _t275, _t381 - 0x18,  >=  ?  *((void*)(_t381 - 0x58)) : _t381 - 0x58, _t377, _t381);
				_t339 =  >=  ?  *((void*)(_t381 - 0x38)) : _t381 - 0x38;
				E00007FFA7FFA126F4280(_t180, _t275, _t381 + 8,  >=  ?  *((void*)(_t381 - 0x38)) : _t381 - 0x38, _t377, _t381);
				_t341 =  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68;
				E00007FFA7FFA126F4280(_t180, _t275, _t381 - 0x78,  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68, _t377, _t381);
				 *((long long*)(_t384 + 0x30)) = _t381 - 0x18;
				 *((long long*)(_t384 + 0x28)) = _t381 + 8;
				 *((long long*)(_t384 + 0x20)) = _t381 - 0x78;
				r8d = 0x145;
				E00007FFA7FFA126ECEC0(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", _t381, "copy port \'{}\', \'{}\', \'{}\'");
				_t343 =  *((intOrPtr*)(_t381 - 0x60));
				if (_t343 - 0x10 < 0) goto 0x126ef372;
				if (_t343 + 1 - 0x1000 < 0) goto 0x126ef36d;
				if ( *((intOrPtr*)(_t381 - 0x78)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x78)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x126ef603;
				E00007FFA7FFA127056E4();
				r14d = 0;
				 *((long long*)(_t381 - 0x68)) = _t399;
				 *((long long*)(_t381 - 0x60)) = 0xf;
				 *((intOrPtr*)(_t381 - 0x78)) = r14b;
				_t346 =  *((intOrPtr*)(_t381 + 0x20));
				if (_t346 - 0x10 < 0) goto 0x126ef3c0;
				if (_t346 + 1 - 0x1000 < 0) goto 0x126ef3bb;
				if ( *((intOrPtr*)(_t381 + 8)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 + 8)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x126ef60a;
				E00007FFA7FFA127056E4();
				 *((long long*)(_t381 + 0x18)) = _t399;
				 *((long long*)(_t381 + 0x20)) = 0xf;
				 *((char*)(_t381 + 8)) = 0;
				_t349 =  *_t381;
				if (_t349 - 0x10 < 0) goto 0x126ef40b;
				if (_t349 + 1 - 0x1000 < 0) goto 0x126ef406;
				_t256 =  *((intOrPtr*)(_t381 - 0x18)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x18)) - 8)) + 0xfffffff8;
				if (_t256 - 0x1f > 0) goto 0x126ef611;
				E00007FFA7FFA127056E4();
				_t405 = _t404 + 0x20;
				goto 0x126ef4d7;
				 *_t405 = _t256;
				_t378 = _t377 - r12d;
				_t304 =  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68;
				asm("o16 nop [eax+eax]");
				_t162 =  *_t304 & 0x0000ffff;
				 *(_t378 - _t304 + _t304) = _t162;
				if (_t162 != 0) goto 0x126ef440;
				 *_t405 = _t378;
				_t355 =  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68;
				E00007FFA7FFA126F4280(_t180, _t275, _t381 - 0x18,  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68, _t378, _t381);
				 *((long long*)(_t384 + 0x20)) = _t381 - 0x18;
				r8d = 0x134;
				E00007FFA7FFA126E5600(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "copy port \'{}\'"); // executed
				_t357 =  *_t381;
				if (_t357 - 0x10 < 0) goto 0x126ef4d0;
				if (_t357 + 1 - 0x1000 < 0) goto 0x126ef4cb;
				if ( *((intOrPtr*)(_t381 - 0x18)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x18)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x126ef618;
				E00007FFA7FFA127056E4();
				r14d = 0;
				_t360 =  *((intOrPtr*)(_t381 - 0x40));
				if (_t360 - 8 < 0) goto 0x126ef517;
				if (2 + _t360 * 2 - 0x1000 < 0) goto 0x126ef512;
				if ( *((intOrPtr*)(_t381 - 0x58)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x58)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x126ef61f;
				E00007FFA7FFA127056E4();
				 *((long long*)(_t381 - 0x48)) = _t399;
				 *((long long*)(_t381 - 0x40)) = 7;
				 *((intOrPtr*)(_t381 - 0x58)) = r14w;
				_t363 =  *((intOrPtr*)(_t381 - 0x20));
				if (_t363 - 8 < 0) goto 0x126ef568;
				if (2 + _t363 * 2 - 0x1000 < 0) goto 0x126ef563;
				if ( *((intOrPtr*)(_t381 - 0x38)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x38)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x126ef626;
				E00007FFA7FFA127056E4();
				 *((long long*)(_t381 - 0x28)) = _t399;
				 *((long long*)(_t381 - 0x20)) = 7;
				 *((intOrPtr*)(_t381 - 0x38)) = r14w;
				_t366 =  *((intOrPtr*)(_t381 - 0x80));
				if (_t366 - 8 < 0) goto 0x126ef5b6;
				if (2 + _t366 * 2 - 0x1000 < 0) goto 0x126ef5b1;
				if ( *((intOrPtr*)(_t384 + 0x68)) -  *((intOrPtr*)( *((intOrPtr*)(_t384 + 0x68)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x126ef62d;
				E00007FFA7FFA127056E4();
				if ( *_t275 !=  *((intOrPtr*)(_t384 + 0x48))) goto 0x126ef140;
				0x12705436();
				return E00007FFA7FFA12705E20( *((intOrPtr*)(_t396 + 0x68)), 1,  *(_t381 + 0x28) ^ _t384);
			}



















































                                                                                                                0x7ffa126ef010
                                                                                                                0x7ffa126ef020
                                                                                                                0x7ffa126ef025
                                                                                                                0x7ffa126ef02c
                                                                                                                0x7ffa126ef036
                                                                                                                0x7ffa126ef03d
                                                                                                                0x7ffa126ef042
                                                                                                                0x7ffa126ef045
                                                                                                                0x7ffa126ef04c
                                                                                                                0x7ffa126ef051
                                                                                                                0x7ffa126ef05c
                                                                                                                0x7ffa126ef061
                                                                                                                0x7ffa126ef068
                                                                                                                0x7ffa126ef06b
                                                                                                                0x7ffa126ef06e
                                                                                                                0x7ffa126ef076
                                                                                                                0x7ffa126ef080
                                                                                                                0x7ffa126ef085
                                                                                                                0x7ffa126ef08b
                                                                                                                0x7ffa126ef095
                                                                                                                0x7ffa126ef09d
                                                                                                                0x7ffa126ef0a4
                                                                                                                0x7ffa126ef0aa
                                                                                                                0x7ffa126ef0ad
                                                                                                                0x7ffa126ef0b1
                                                                                                                0x7ffa126ef0b8
                                                                                                                0x7ffa126ef0c7
                                                                                                                0x7ffa126ef0d4
                                                                                                                0x7ffa126ef0df
                                                                                                                0x7ffa126ef0eb
                                                                                                                0x7ffa126ef0ed
                                                                                                                0x7ffa126ef0f2
                                                                                                                0x7ffa126ef0f7
                                                                                                                0x7ffa126ef103
                                                                                                                0x7ffa126ef115
                                                                                                                0x7ffa126ef11d
                                                                                                                0x7ffa126ef123
                                                                                                                0x7ffa126ef128
                                                                                                                0x7ffa126ef12c
                                                                                                                0x7ffa126ef131
                                                                                                                0x7ffa126ef137
                                                                                                                0x7ffa126ef13d
                                                                                                                0x7ffa126ef148
                                                                                                                0x7ffa126ef157
                                                                                                                0x7ffa126ef161
                                                                                                                0x7ffa126ef167
                                                                                                                0x7ffa126ef16f
                                                                                                                0x7ffa126ef182
                                                                                                                0x7ffa126ef18f
                                                                                                                0x7ffa126ef197
                                                                                                                0x7ffa126ef19d
                                                                                                                0x7ffa126ef1a2
                                                                                                                0x7ffa126ef1a6
                                                                                                                0x7ffa126ef1ae
                                                                                                                0x7ffa126ef1b6
                                                                                                                0x7ffa126ef1c7
                                                                                                                0x7ffa126ef1d0
                                                                                                                0x7ffa126ef1d9
                                                                                                                0x7ffa126ef1e5
                                                                                                                0x7ffa126ef1ea
                                                                                                                0x7ffa126ef1f3
                                                                                                                0x7ffa126ef1fc
                                                                                                                0x7ffa126ef20b
                                                                                                                0x7ffa126ef214
                                                                                                                0x7ffa126ef21a
                                                                                                                0x7ffa126ef21d
                                                                                                                0x7ffa126ef221
                                                                                                                0x7ffa126ef229
                                                                                                                0x7ffa126ef235
                                                                                                                0x7ffa126ef240
                                                                                                                0x7ffa126ef243
                                                                                                                0x7ffa126ef24e
                                                                                                                0x7ffa126ef250
                                                                                                                0x7ffa126ef257
                                                                                                                0x7ffa126ef263
                                                                                                                0x7ffa126ef270
                                                                                                                0x7ffa126ef273
                                                                                                                0x7ffa126ef27e
                                                                                                                0x7ffa126ef280
                                                                                                                0x7ffa126ef287
                                                                                                                0x7ffa126ef294
                                                                                                                0x7ffa126ef2a0
                                                                                                                0x7ffa126ef2a3
                                                                                                                0x7ffa126ef2ae
                                                                                                                0x7ffa126ef2b0
                                                                                                                0x7ffa126ef2bc
                                                                                                                0x7ffa126ef2c5
                                                                                                                0x7ffa126ef2d4
                                                                                                                0x7ffa126ef2dd
                                                                                                                0x7ffa126ef2ed
                                                                                                                0x7ffa126ef2f7
                                                                                                                0x7ffa126ef301
                                                                                                                0x7ffa126ef30a
                                                                                                                0x7ffa126ef313
                                                                                                                0x7ffa126ef31f
                                                                                                                0x7ffa126ef331
                                                                                                                0x7ffa126ef337
                                                                                                                0x7ffa126ef33f
                                                                                                                0x7ffa126ef352
                                                                                                                0x7ffa126ef367
                                                                                                                0x7ffa126ef36d
                                                                                                                0x7ffa126ef372
                                                                                                                0x7ffa126ef375
                                                                                                                0x7ffa126ef379
                                                                                                                0x7ffa126ef381
                                                                                                                0x7ffa126ef385
                                                                                                                0x7ffa126ef38d
                                                                                                                0x7ffa126ef3a0
                                                                                                                0x7ffa126ef3b5
                                                                                                                0x7ffa126ef3bb
                                                                                                                0x7ffa126ef3c0
                                                                                                                0x7ffa126ef3c4
                                                                                                                0x7ffa126ef3cc
                                                                                                                0x7ffa126ef3d0
                                                                                                                0x7ffa126ef3d8
                                                                                                                0x7ffa126ef3eb
                                                                                                                0x7ffa126ef3f8
                                                                                                                0x7ffa126ef400
                                                                                                                0x7ffa126ef406
                                                                                                                0x7ffa126ef40b
                                                                                                                0x7ffa126ef40f
                                                                                                                0x7ffa126ef416
                                                                                                                0x7ffa126ef41c
                                                                                                                0x7ffa126ef429
                                                                                                                0x7ffa126ef435
                                                                                                                0x7ffa126ef440
                                                                                                                0x7ffa126ef443
                                                                                                                0x7ffa126ef44e
                                                                                                                0x7ffa126ef450
                                                                                                                0x7ffa126ef45d
                                                                                                                0x7ffa126ef467
                                                                                                                0x7ffa126ef471
                                                                                                                0x7ffa126ef47d
                                                                                                                0x7ffa126ef48f
                                                                                                                0x7ffa126ef495
                                                                                                                0x7ffa126ef49d
                                                                                                                0x7ffa126ef4b0
                                                                                                                0x7ffa126ef4c5
                                                                                                                0x7ffa126ef4cb
                                                                                                                0x7ffa126ef4d4
                                                                                                                0x7ffa126ef4d7
                                                                                                                0x7ffa126ef4df
                                                                                                                0x7ffa126ef4f7
                                                                                                                0x7ffa126ef50c
                                                                                                                0x7ffa126ef512
                                                                                                                0x7ffa126ef517
                                                                                                                0x7ffa126ef51b
                                                                                                                0x7ffa126ef523
                                                                                                                0x7ffa126ef528
                                                                                                                0x7ffa126ef530
                                                                                                                0x7ffa126ef548
                                                                                                                0x7ffa126ef55d
                                                                                                                0x7ffa126ef563
                                                                                                                0x7ffa126ef568
                                                                                                                0x7ffa126ef56c
                                                                                                                0x7ffa126ef574
                                                                                                                0x7ffa126ef579
                                                                                                                0x7ffa126ef581
                                                                                                                0x7ffa126ef59a
                                                                                                                0x7ffa126ef5af
                                                                                                                0x7ffa126ef5b1
                                                                                                                0x7ffa126ef5c1
                                                                                                                0x7ffa126ef5ce
                                                                                                                0x7ffa126ef5fb

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ExceptionThrow$C_error@std@@Mtx_lockMtx_unlockThrow_memset
                                                                                                                • String ID: buffer has capacity of {}, while {} is needed$c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$copy port '{}'$copy port '{}', '{}', '{}'$port level {} is not valid$size needed is {}
                                                                                                                • API String ID: 2180992759-3307107698
                                                                                                                • Opcode ID: 64d2944b245513e16204c50df8fe7ce7a03d7c54656a64c6661d9a089f48e29d
                                                                                                                • Instruction ID: b05bee5be5fac70f0c7261f02ee57c312ba80179162ec5fc74ff5a2046e6efab
                                                                                                                • Opcode Fuzzy Hash: 64d2944b245513e16204c50df8fe7ce7a03d7c54656a64c6661d9a089f48e29d
                                                                                                                • Instruction Fuzzy Hash: 37028062B04F8186FF00CB64D4442AD27B1FB567A8F519131EA6D17AEDEFB8D485CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12705A7C Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                C-Code - Quality: 23%
                                                                                                                			E00007FFA7FFA12705A7C(long long __rax, struct _CRITICAL_SECTION* __rbx, void* __r9, void* _a8) {

				InitializeCriticalSectionAndSpinCount(__rbx);
				GetModuleHandleW(??); // executed
				if (__rax != 0) goto 0x12705ac2;
				GetModuleHandleW(??);
				if (__rax == 0) goto 0x12705b41;
				GetProcAddress(??, ??);
				GetProcAddress(??, ??);
				if (__rax == 0) goto 0x12705aff;
				if (__rax == 0) goto 0x12705aff;
				 *0x12731cf8 = __rax;
				 *0x12731d00 = __rax;
				goto 0x12705b1d;
				r9d = 0;
				r8d = 0;
				CreateEventW(??, ??, ??, ??);
				 *0x12731cc8 = __rax;
				if (__rax == 0) goto 0x12705b41;
				if (E00007FFA7FFA127058B4(0, __rax) == 0) goto 0x12705b41;
				E00007FFA7FFA12705A64(E00007FFA7FFA127058B4(0, __rax), __rax);
				return 0;
			}



                                                                                                                0x7ffa12705a92
                                                                                                                0x7ffa12705a9f
                                                                                                                0x7ffa12705aab
                                                                                                                0x7ffa12705ab4
                                                                                                                0x7ffa12705ac0
                                                                                                                0x7ffa12705acc
                                                                                                                0x7ffa12705adf
                                                                                                                0x7ffa12705ae8
                                                                                                                0x7ffa12705aed
                                                                                                                0x7ffa12705aef
                                                                                                                0x7ffa12705af6
                                                                                                                0x7ffa12705afd
                                                                                                                0x7ffa12705aff
                                                                                                                0x7ffa12705b02
                                                                                                                0x7ffa12705b0b
                                                                                                                0x7ffa12705b11
                                                                                                                0x7ffa12705b1b
                                                                                                                0x7ffa12705b26
                                                                                                                0x7ffa12705b2f
                                                                                                                0x7ffa12705b40

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                • API String ID: 2565136772-3242537097
                                                                                                                • Opcode ID: c8cfeb344181279118086e9f2cb6b3128fcfa3d55be4f53d8fd81bed13088254
                                                                                                                • Instruction ID: cbe6b765a855079f5e1db9a3c1896397a9f46b32d6d29c22aca017f82cdef2f0
                                                                                                                • Opcode Fuzzy Hash: c8cfeb344181279118086e9f2cb6b3128fcfa3d55be4f53d8fd81bed13088254
                                                                                                                • Instruction Fuzzy Hash: ED21FD64E0AE0382FA549B15B8951B763F0BF4B760F469435C91E026A8FEACF44D8F08
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126FE430 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 122COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FFA126FC078,?,?,?,00007FFA126FD3C7), ref: 00007FFA126FE44F
                                                                                                                • ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FFA126FC078,?,?,?,00007FFA126FD3C7), ref: 00007FFA126FE45D
                                                                                                                • ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FFA126FC078,?,?,?,00007FFA126FD3C7), ref: 00007FFA126FE477
                                                                                                                • ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FFA126FC078,?,?,?,00007FFA126FD3C7), ref: 00007FFA126FE4A2
                                                                                                                • ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FFA126FC078,?,?,?,00007FFA126FD3C7), ref: 00007FFA126FE4CE
                                                                                                                • std::_Facet_Register.LIBCPMT ref: 00007FFA126FE4EB
                                                                                                                • ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FFA126FC078,?,?,?,00007FFA126FD3C7), ref: 00007FFA126FE50A
                                                                                                                • ?length@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1_K@Z.MSVCP140 ref: 00007FFA126FE531
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA126FE578
                                                                                                                • _localtime64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFA126FE584
                                                                                                                  • Part of subcall function 00007FFA126ED810: __std_exception_copy.VCRUNTIME140 ref: 00007FFA126ED83F
                                                                                                                  • Part of subcall function 00007FFA126F7ED0: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFA126FE5AE), ref: 00007FFA126F7EED
                                                                                                                  • Part of subcall function 00007FFA126F7ED0: _CxxThrowException.VCRUNTIME140 ref: 00007FFA126F7F20
                                                                                                                  • Part of subcall function 00007FFA126F7ED0: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,?,?,00000000), ref: 00007FFA126FD34F
                                                                                                                  • Part of subcall function 00007FFA126F7ED0: ?uncaught_exception@std@@YA_NXZ.MSVCP140(?,?,?,?,?,00000000), ref: 00007FFA126FD3DA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: D@std@@@std@@ExceptionLockit@std@@Mbstatet@@@std@@ThrowU?$char_traits@$??0_??1_?flush@?$basic_ostream@?getloc@?$basic_streambuf@?length@?$codecvt@_?uncaught_exception@std@@Bid@locale@std@@Concurrency::cancel_current_taskFacet_Getcat@?$codecvt@_Getgloballocale@locale@std@@Locimp@12@Mbstatet@@RegisterV12@V42@@Vfacet@locale@2@Vlocale@2@__std_exception_copy_localtime64std::_
                                                                                                                • String ID: could not convert calendar time to local time
                                                                                                                • API String ID: 566687407-4174379530
                                                                                                                • Opcode ID: e0b18ba387cdb8e38a93999f095384cc3ee146f97ad26351995e2e579ce75053
                                                                                                                • Instruction ID: caa029027ac23c5d4d5e7652a2e976a4fe6c6b60b4df67921b65e57e22210c87
                                                                                                                • Opcode Fuzzy Hash: e0b18ba387cdb8e38a93999f095384cc3ee146f97ad26351995e2e579ce75053
                                                                                                                • Instruction Fuzzy Hash: 7A517022A08F4581EB149F15E8501AAB7B0FF96FA0F499535EB6D077ADEFBCD4448B00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126EBF60 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 241COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 366 7ffa126ebf60-7ffa126ec00c OutputDebugStringA call 7ffa126fd640 369 7ffa126ec00e-7ffa126ec017 366->369 370 7ffa126ec02c-7ffa126ec046 call 7ffa127006f0 366->370 371 7ffa126ec019 369->371 372 7ffa126ec01c-7ffa126ec027 call 7ffa126e9100 369->372 376 7ffa126ec048-7ffa126ec05d 370->376 377 7ffa126ec080-7ffa126ec0e1 call 7ffa126f4280 call 7ffa126e5600 370->377 371->372 372->370 378 7ffa126ec05f-7ffa126ec072 376->378 379 7ffa126ec07b call 7ffa127056e4 376->379 386 7ffa126ec0e3-7ffa126ec0f8 377->386 387 7ffa126ec11b-7ffa126ec14c call 7ffa126ee0d0 call 7ffa126f4280 call 7ffa126efe00 377->387 378->379 382 7ffa126ec074-7ffa126ec07a _invalid_parameter_noinfo_noreturn 378->382 379->377 382->379 388 7ffa126ec116 call 7ffa127056e4 386->388 389 7ffa126ec0fa-7ffa126ec10d 386->389 398 7ffa126ec187-7ffa126ec1a8 387->398 399 7ffa126ec14e-7ffa126ec163 387->399 388->387 389->388 391 7ffa126ec10f-7ffa126ec115 _invalid_parameter_noinfo_noreturn 389->391 391->388 402 7ffa126ec3f8-7ffa126ec40b call 7ffa12705c04 398->402 403 7ffa126ec1ae-7ffa126ec31c call 7ffa126e5db0 398->403 400 7ffa126ec165-7ffa126ec178 399->400 401 7ffa126ec181-7ffa126ec186 call 7ffa127056e4 399->401 400->401 404 7ffa126ec17a-7ffa126ec180 _invalid_parameter_noinfo_noreturn 400->404 401->398 402->403 411 7ffa126ec411-7ffa126ec41e call 7ffa127056a8 402->411 410 7ffa126ec321-7ffa126ec341 call 7ffa127006f0 403->410 404->401 416 7ffa126ec343-7ffa126ec358 410->416 417 7ffa126ec37c-7ffa126ec3f7 call 7ffa12705e20 410->417 419 7ffa126ec449-7ffa126ec46a call 7ffa12705a64 call 7ffa12705ba4 411->419 420 7ffa126ec420-7ffa126ec442 411->420 421 7ffa126ec376-7ffa126ec37b call 7ffa127056e4 416->421 422 7ffa126ec35a-7ffa126ec36d 416->422 419->403 420->419 421->417 422->421 425 7ffa126ec36f-7ffa126ec375 _invalid_parameter_noinfo_noreturn 422->425 425->421
                                                                                                                C-Code - Quality: 20%
                                                                                                                			E00007FFA7FFA126EBF60(long long __rbx, void* __rcx, void* __rbp, void* __r14, long long _a16) {
				signed int _v16;
				intOrPtr _v24;
				char _v48;
				intOrPtr _v56;
				char _v80;
				long long _v88;
				long long _v96;
				char _v106;
				short _v108;
				char _v112;
				long long _v128;
				long long _v168;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				long long _v208;
				long long _v216;
				long long _v224;
				long long _v232;
				long long _v240;
				long long _v248;
				long long _v256;
				char _v264;
				long long _v280;
				char _t73;
				void* _t100;
				void* _t112;
				signed long long _t120;
				signed long long _t121;
				long long _t125;
				intOrPtr _t134;
				intOrPtr* _t135;
				long long _t149;
				intOrPtr _t154;
				void* _t159;
				intOrPtr _t160;
				intOrPtr _t174;
				signed long long _t175;
				char _t177;
				long long _t185;
				intOrPtr _t190;
				intOrPtr _t195;
				void* _t196;
				intOrPtr _t199;
				intOrPtr _t202;
				void* _t206;
				void* _t207;
				void* _t208;
				void* _t211;

				_t215 = __r14;
				_t207 = __rbp;
				_a16 = __rbx;
				_t209 = _t208 - 0x130;
				_t120 =  *0x1272ec78; // 0xf623ed34940b
				_t121 = _t120 ^ _t208 - 0x00000130;
				_v16 = _t121;
				_t159 = __rcx;
				OutputDebugStringA(??); // executed
				_v112 = 0;
				_v88 = 0xf;
				_v96 = 6;
				_t73 = "system"; // 0x74737973
				_v112 = _t73;
				_v108 =  *0x1271ba84 & 0x0000ffff;
				_v106 = 0;
				_v80 = 0;
				asm("movdqa xmm0, [0x303b5]");
				asm("movdqu [esp+0xf8], xmm0");
				_v80 = 0;
				E00007FFA7FFA126FD640(__rcx, "wfaxport.dll initialize", _t211);
				if ( &_v80 == _t121) goto 0x126ec02c;
				_t212 =  *((intOrPtr*)(_t121 + 0x10));
				if ( *((long long*)(_t121 + 0x18)) - 0x10 < 0) goto 0x126ec01c;
				E00007FFA7FFA126E9100(_t159,  &_v80,  *_t121,  *((intOrPtr*)(_t121 + 0x10)), __r14);
				E00007FFA7FFA127006F0( *((long long*)(_t121 + 0x18)) - 0x10,  *_t121,  &_v112,  *((intOrPtr*)(_t121 + 0x10)));
				_t185 = _v88;
				if (_t185 - 0x10 < 0) goto 0x126ec080;
				if (_t185 + 1 - 0x1000 < 0) goto 0x126ec07b;
				_t125 = _v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8;
				if (_t125 - 0x1f <= 0) goto 0x126ec07b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v96 = 0;
				_v88 = 0xf;
				_v112 = 0;
				E00007FFA7FFA126F4280(_t100, _t159,  &_v48, _t159, _t206, _t207);
				_v280 = _t125;
				r8d = 0xd7;
				E00007FFA7FFA126E5600(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "InitializePrintMonitor \'{}\'"); // executed
				_t190 = _v24;
				if (_t190 - 0x10 < 0) goto 0x126ec11b;
				_t170 = _v48;
				if (_t190 + 1 - 0x1000 < 0) goto 0x126ec116;
				if (_v48 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ec116;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA126EE0D0( *((intOrPtr*)(_t170 - 8)), _t190 + 0x28);
				E00007FFA7FFA126F4280(_t100, _t159,  &_v48, _t159, _t206, _t207);
				E00007FFA7FFA126EFE00(_v48 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8 - 0x1f, _t159, _v48 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8, _v48 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8, _t207,  *((intOrPtr*)(_t121 + 0x10)), _t215); // executed
				_t195 = _v24;
				if (_t195 - 0x10 < 0) goto 0x126ec187;
				_t196 = _t195 + 1;
				_t174 = _v48;
				if (_t196 - 0x1000 < 0) goto 0x126ec181;
				_t175 =  *((intOrPtr*)(_t174 - 8));
				if (_t174 - _t175 + 0xfffffff8 - 0x1f <= 0) goto 0x126ec181;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_t112 =  *0x12731a88 -  *((intOrPtr*)(_t196 + 0x27 +  *((intOrPtr*)( *[gs:0x58] + _t175 * 8)))); // 0x8000000c
				if (_t112 > 0) goto 0x126ec3f8;
				_t134 =  *0x12731a80; // 0xd18a20
				asm("xorps xmm0, xmm0");
				asm("movups [eax+0x8], xmm0");
				asm("movups [eax+0x18], xmm0");
				asm("movups [eax+0x28], xmm0");
				asm("movups [eax+0x38], xmm0");
				asm("movups [eax+0x48], xmm0");
				asm("movups [eax+0x58], xmm0");
				asm("movups [eax+0x68], xmm0");
				asm("movups [eax+0x78], xmm0");
				 *(_t134 + 0x88) = _t175;
				_t135 =  *0x12731a80; // 0xd18a20
				 *_t135 = 0x88;
				_v256 = 0x7ffa126ea1f0;
				_v248 = 0x7ffa126ea620;
				_v240 = 0x7ffa126ea8e0;
				_v232 = 0x7ffa126eab60;
				_v224 = 0x7ffa126eae80;
				_v216 = 0x7ffa126ea8f0;
				_v208 = 0x7ffa126ea000;
				_v200 = 0x7ffa126e9780;
				_v192 = 0x7ffa126e93c0;
				_v184 = 0x7ffa126e9770;
				_v176 = 0x7ffa126e9980;
				_v168 = 0x7ffa126e9c50;
				asm("xorps xmm2, xmm2");
				_v128 = 0x7ffa126e9c50;
				asm("movups xmm0, [esp+0x38]");
				asm("movups [eax+0x8], xmm0");
				asm("movups xmm1, [esp+0x48]");
				asm("movups [eax+0x18], xmm1");
				asm("movups xmm0, [esp+0x58]");
				asm("movups [eax+0x28], xmm0");
				asm("movups xmm1, [esp+0x68]");
				asm("movups [eax+0x38], xmm1");
				asm("movups xmm0, [esp+0x78]");
				asm("movups [eax+0x48], xmm0");
				asm("movups xmm1, [esp+0x88]");
				asm("movups [eax+0x58], xmm1");
				asm("movups [eax+0x68], xmm2");
				asm("movups [eax+0x78], xmm2");
				asm("movsd xmm0, [esp+0xb8]");
				asm("movsd [eax+0x88], xmm0");
				_t149 =  *0x12731a80; // 0xd18a20
				_v264 = _t149;
				_v280 =  &_v264;
				r8d = 0xf0;
				E00007FFA7FFA126E5DB0(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "return MONITOREX {:#x}");
				_t160 =  *0x12731a80; // 0xd18a20
				E00007FFA7FFA127006F0(_t112,  &_v264,  &_v80,  *((intOrPtr*)(_t121 + 0x10)));
				_t199 = _v56;
				if (_t199 - 0x10 < 0) goto 0x126ec37c;
				_t177 = _v80;
				if (_t199 + 1 - 0x1000 < 0) goto 0x126ec376;
				_t115 = _t177 -  *((intOrPtr*)(_t177 - 8)) + 0xfffffff8 - 0x1f;
				if (_t177 -  *((intOrPtr*)(_t177 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ec376;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_t154 = _t160;
				E00007FFA7FFA127006F0(_t115, _t154,  &_v80, _t212);
				_t202 = _v56;
				if (_t202 - 0x10 < 0) goto 0x126ec3d5;
				if (_t202 + 1 - 0x1000 < 0) goto 0x126ec3cf;
				if (_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ec3cf;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				return E00007FFA7FFA12705E20(0, 1, _v16 ^ _t209);
			}





















































                                                                                                                0x7ffa126ebf60
                                                                                                                0x7ffa126ebf60
                                                                                                                0x7ffa126ebf60
                                                                                                                0x7ffa126ebf66
                                                                                                                0x7ffa126ebf6d
                                                                                                                0x7ffa126ebf74
                                                                                                                0x7ffa126ebf77
                                                                                                                0x7ffa126ebf7f
                                                                                                                0x7ffa126ebf89
                                                                                                                0x7ffa126ebf8f
                                                                                                                0x7ffa126ebf9b
                                                                                                                0x7ffa126ebfa7
                                                                                                                0x7ffa126ebfb3
                                                                                                                0x7ffa126ebfb9
                                                                                                                0x7ffa126ebfc7
                                                                                                                0x7ffa126ebfcf
                                                                                                                0x7ffa126ebfd7
                                                                                                                0x7ffa126ebfe3
                                                                                                                0x7ffa126ebfeb
                                                                                                                0x7ffa126ebff4
                                                                                                                0x7ffa126ebffc
                                                                                                                0x7ffa126ec00c
                                                                                                                0x7ffa126ec00e
                                                                                                                0x7ffa126ec017
                                                                                                                0x7ffa126ec027
                                                                                                                0x7ffa126ec034
                                                                                                                0x7ffa126ec03a
                                                                                                                0x7ffa126ec046
                                                                                                                0x7ffa126ec05d
                                                                                                                0x7ffa126ec06a
                                                                                                                0x7ffa126ec072
                                                                                                                0x7ffa126ec074
                                                                                                                0x7ffa126ec07a
                                                                                                                0x7ffa126ec07b
                                                                                                                0x7ffa126ec080
                                                                                                                0x7ffa126ec08c
                                                                                                                0x7ffa126ec098
                                                                                                                0x7ffa126ec0ab
                                                                                                                0x7ffa126ec0b1
                                                                                                                0x7ffa126ec0bd
                                                                                                                0x7ffa126ec0cf
                                                                                                                0x7ffa126ec0d5
                                                                                                                0x7ffa126ec0e1
                                                                                                                0x7ffa126ec0e6
                                                                                                                0x7ffa126ec0f8
                                                                                                                0x7ffa126ec10d
                                                                                                                0x7ffa126ec10f
                                                                                                                0x7ffa126ec115
                                                                                                                0x7ffa126ec116
                                                                                                                0x7ffa126ec11b
                                                                                                                0x7ffa126ec12e
                                                                                                                0x7ffa126ec13a
                                                                                                                0x7ffa126ec140
                                                                                                                0x7ffa126ec14c
                                                                                                                0x7ffa126ec14e
                                                                                                                0x7ffa126ec151
                                                                                                                0x7ffa126ec163
                                                                                                                0x7ffa126ec169
                                                                                                                0x7ffa126ec178
                                                                                                                0x7ffa126ec17a
                                                                                                                0x7ffa126ec180
                                                                                                                0x7ffa126ec181
                                                                                                                0x7ffa126ec1a2
                                                                                                                0x7ffa126ec1a8
                                                                                                                0x7ffa126ec1ae
                                                                                                                0x7ffa126ec1b5
                                                                                                                0x7ffa126ec1ba
                                                                                                                0x7ffa126ec1be
                                                                                                                0x7ffa126ec1c2
                                                                                                                0x7ffa126ec1c6
                                                                                                                0x7ffa126ec1ca
                                                                                                                0x7ffa126ec1ce
                                                                                                                0x7ffa126ec1d2
                                                                                                                0x7ffa126ec1d6
                                                                                                                0x7ffa126ec1da
                                                                                                                0x7ffa126ec1e1
                                                                                                                0x7ffa126ec1e8
                                                                                                                0x7ffa126ec1f5
                                                                                                                0x7ffa126ec201
                                                                                                                0x7ffa126ec20d
                                                                                                                0x7ffa126ec219
                                                                                                                0x7ffa126ec225
                                                                                                                0x7ffa126ec231
                                                                                                                0x7ffa126ec23d
                                                                                                                0x7ffa126ec249
                                                                                                                0x7ffa126ec255
                                                                                                                0x7ffa126ec261
                                                                                                                0x7ffa126ec270
                                                                                                                0x7ffa126ec27f
                                                                                                                0x7ffa126ec287
                                                                                                                0x7ffa126ec28c
                                                                                                                0x7ffa126ec29b
                                                                                                                0x7ffa126ec2a0
                                                                                                                0x7ffa126ec2a4
                                                                                                                0x7ffa126ec2a9
                                                                                                                0x7ffa126ec2ad
                                                                                                                0x7ffa126ec2b2
                                                                                                                0x7ffa126ec2b6
                                                                                                                0x7ffa126ec2bb
                                                                                                                0x7ffa126ec2bf
                                                                                                                0x7ffa126ec2c4
                                                                                                                0x7ffa126ec2c8
                                                                                                                0x7ffa126ec2d0
                                                                                                                0x7ffa126ec2d4
                                                                                                                0x7ffa126ec2d8
                                                                                                                0x7ffa126ec2dc
                                                                                                                0x7ffa126ec2e5
                                                                                                                0x7ffa126ec2ed
                                                                                                                0x7ffa126ec2f4
                                                                                                                0x7ffa126ec2fe
                                                                                                                0x7ffa126ec30a
                                                                                                                0x7ffa126ec31c
                                                                                                                0x7ffa126ec321
                                                                                                                0x7ffa126ec330
                                                                                                                0x7ffa126ec335
                                                                                                                0x7ffa126ec341
                                                                                                                0x7ffa126ec346
                                                                                                                0x7ffa126ec358
                                                                                                                0x7ffa126ec369
                                                                                                                0x7ffa126ec36d
                                                                                                                0x7ffa126ec36f
                                                                                                                0x7ffa126ec375
                                                                                                                0x7ffa126ec376
                                                                                                                0x7ffa126ec37c
                                                                                                                0x7ffa126ec389
                                                                                                                0x7ffa126ec38e
                                                                                                                0x7ffa126ec39a
                                                                                                                0x7ffa126ec3b1
                                                                                                                0x7ffa126ec3c6
                                                                                                                0x7ffa126ec3c8
                                                                                                                0x7ffa126ec3ce
                                                                                                                0x7ffa126ec3cf
                                                                                                                0x7ffa126ec3f7

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$DebugOutputString__tlregdtor
                                                                                                                • String ID: InitializePrintMonitor '{}'$c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$return MONITOREX {:#x}$system$wfaxport.dll initialize
                                                                                                                • API String ID: 4009608328-1001868195
                                                                                                                • Opcode ID: 3da459a02e7e73172a59d9f7160ef17faa6894996fca4895aa336ad0b2ec704d
                                                                                                                • Instruction ID: 9aeec676fb2ea77c805237d7be9a02282a3006aaefc6e8c50e4d820b5cb01789
                                                                                                                • Opcode Fuzzy Hash: 3da459a02e7e73172a59d9f7160ef17faa6894996fca4895aa336ad0b2ec704d
                                                                                                                • Instruction Fuzzy Hash: 4BD11F22919FC181FA50CB14E4403BA67A1FB97764F52D235E69D027E9EFACE5C8CB04
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F0020 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 193COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 432 7ffa126f0020-7ffa126f0083 call 7ffa126f3d90 call 7ffa126f3c10 437 7ffa126f00f5 432->437 438 7ffa126f0085-7ffa126f008e 432->438 441 7ffa126f00f7-7ffa126f0103 437->441 439 7ffa126f0090-7ffa126f00a2 438->439 440 7ffa126f00be-7ffa126f00f3 438->440 442 7ffa126f00b9 call 7ffa127056e4 439->442 443 7ffa126f00a4-7ffa126f00b7 439->443 440->441 444 7ffa126f0105-7ffa126f011a 441->444 445 7ffa126f013e-7ffa126f0156 call 7ffa126f3b40 441->445 442->440 443->442 447 7ffa126f0131-7ffa126f0137 _invalid_parameter_noinfo_noreturn 443->447 449 7ffa126f0138-7ffa126f013d call 7ffa127056e4 444->449 450 7ffa126f011c-7ffa126f012f 444->450 455 7ffa126f0158-7ffa126f017a call 7ffa126e5600 445->455 456 7ffa126f017f-7ffa126f0202 call 7ffa126e49b0 call 7ffa126f3b40 445->456 447->449 449->445 450->447 450->449 455->456 462 7ffa126f0204-7ffa126f0229 call 7ffa126e5600 456->462 463 7ffa126f022e-7ffa126f02b3 call 7ffa126e49b0 call 7ffa126f3b40 456->463 462->463 468 7ffa126f02b8-7ffa126f02ba 463->468 469 7ffa126f02e6-7ffa126f0325 468->469 470 7ffa126f02bc-7ffa126f02e1 call 7ffa126e5600 468->470 472 7ffa126f0327-7ffa126f033c 469->472 473 7ffa126f035f-7ffa126f0384 469->473 470->469 476 7ffa126f033e-7ffa126f0351 472->476 477 7ffa126f035a call 7ffa127056e4 472->477 474 7ffa126f0386-7ffa126f0398 473->474 475 7ffa126f03bb-7ffa126f03e2 call 7ffa12705e20 473->475 479 7ffa126f03b6 call 7ffa127056e4 474->479 480 7ffa126f039a-7ffa126f03ad 474->480 476->477 482 7ffa126f0353-7ffa126f0359 _invalid_parameter_noinfo_noreturn 476->482 477->473 479->475 480->479 483 7ffa126f03af-7ffa126f03b5 _invalid_parameter_noinfo_noreturn 480->483 482->477 483->479
                                                                                                                C-Code - Quality: 36%
                                                                                                                			E00007FFA7FFA126F0020(long long __rbx, long long __rcx, long long __rsi, void* __r8, long long _a16, long long _a24) {
				void* _v8;
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v88;
				long long _v96;
				char _v104;
				long long _v112;
				long long _v120;
				char _v136;
				long long _v144;
				long long _v152;
				char _v168;
				long long _v176;
				char _v184;
				long long _v208;
				long long _v216;
				long long _v232;
				void* __rdi;
				void* _t77;
				void* _t81;
				void* _t84;
				void* _t87;
				void* _t92;
				signed long long _t118;
				signed long long _t119;
				long long _t170;
				intOrPtr _t173;
				long long _t181;
				intOrPtr _t184;
				long long _t187;
				signed long long _t189;
				void* _t191;
				void* _t192;
				void* _t195;
				void* _t202;

				_t195 = __r8;
				_a16 = __rbx;
				_a24 = __rsi;
				_t193 = _t192 - 0x100;
				_t118 =  *0x1272ec78; // 0xf623ed34940b
				_t119 = _t118 ^ _t192 - 0x00000100;
				_v24 = _t119;
				_v104 = __rcx;
				_t77 = E00007FFA7FFA126F3D90(_t92, __rcx,  &_v168, __rsi, _t191, __r8, _t202);
				asm("movups xmm0, [0x2e0f7]");
				asm("movaps [esp+0x30], xmm0");
				E00007FFA7FFA126F3C10(_t77, _t92, __rcx,  &_v56, _t195, _t202); // executed
				_t189 = _t119;
				if ( &_v168 == _t189) goto 0x126f00f5;
				_t170 = _v144;
				if (_t170 - 0x10 < 0) goto 0x126f00be;
				if (_t170 + 1 - 0x1000 < 0) goto 0x126f00b9;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x126f0131;
				E00007FFA7FFA127056E4();
				_v152 = _t187;
				_v144 = 0xf;
				_v168 = dil;
				asm("movups xmm0, [esi]");
				asm("movups [esp+0x60], xmm0");
				asm("movups xmm1, [esi+0x10]");
				asm("movups [esp+0x70], xmm1");
				 *((long long*)(_t189 + 0x10)) = _t187;
				 *((long long*)(_t189 + 0x18)) = 0xf;
				 *_t189 = dil;
				goto 0x126f00f7;
				_t173 = _v32;
				if (_t173 - 0x10 < 0) goto 0x126f013e;
				if (_t173 + 1 - 0x1000 < 0) goto 0x126f0138;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126f0138;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_t81 = E00007FFA7FFA126F3B40( &_v168); // executed
				if (_t81 != 0) goto 0x126f017f;
				_v232 =  &_v168;
				r8d = 0x1d;
				E00007FFA7FFA126E5600(_t195 - 0x19, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create ProgramData dir \'{}\'");
				_t129 =  >=  ? _v168 :  &_v168;
				_v104 =  >=  ? _v168 :  &_v168;
				_v96 = _v152;
				_v184 = 0xe;
				_v176 =  &_v104;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x30], xmm0");
				_v184 = "{}\\Wildix";
				_v176 = 9;
				E00007FFA7FFA126E49B0(_v104,  &_v136, _t187, _t189);
				_t84 = E00007FFA7FFA126F3B40( &_v136); // executed
				if (_t84 != 0) goto 0x126f022e;
				_v232 =  &_v136;
				r8d = 0x20;
				E00007FFA7FFA126E5600( &_v216 - 0x1c, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create Wildix dir \'{}\'");
				_t135 =  >=  ? _v136 :  &_v136;
				_v184 =  >=  ? _v136 :  &_v136;
				_v176 = _v120;
				_v216 = 0xe;
				_v208 =  &_v184;
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0xd0], xmm0");
				_v216 = "{}\\FaxPrinter";
				_v208 = 0xd;
				E00007FFA7FFA126E49B0(_v104,  &_v88, _t187, _t189);
				_t87 = E00007FFA7FFA126F3B40( &_v88); // executed
				if (_t87 != 0) goto 0x126f02e6;
				_v232 =  &_v88;
				r8d = 0x23;
				E00007FFA7FFA126E5600( &_v56 - 0x1f, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create printing dir \'{}\'");
				asm("movups xmm0, [esp+0xb0]");
				asm("movups [ebx], xmm0");
				asm("movups xmm1, [esp+0xc0]");
				asm("movups [ebx+0x10], xmm1");
				_v72 = _t187;
				_v64 = 0xf;
				_v88 = 0;
				_t181 = _v112;
				if (_t181 - 0x10 < 0) goto 0x126f035f;
				if (_t181 + 1 - 0x1000 < 0) goto 0x126f035a;
				if (_v136 -  *((intOrPtr*)(_v136 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126f035a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v120 = _t187;
				_v112 = 0xf;
				_v136 = 0;
				_t184 = _v144;
				if (_t184 - 0x10 < 0) goto 0x126f03bb;
				if (_t184 + 1 - 0x1000 < 0) goto 0x126f03b6;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126f03b6;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFA7FFA12705E20(E00007FFA7FFA127056E4(),  &_v56 - 0x1f, _v24 ^ _t193);
			}









































                                                                                                                0x7ffa126f0020
                                                                                                                0x7ffa126f0020
                                                                                                                0x7ffa126f0025
                                                                                                                0x7ffa126f002b
                                                                                                                0x7ffa126f0032
                                                                                                                0x7ffa126f0039
                                                                                                                0x7ffa126f003c
                                                                                                                0x7ffa126f0047
                                                                                                                0x7ffa126f0054
                                                                                                                0x7ffa126f005a
                                                                                                                0x7ffa126f0061
                                                                                                                0x7ffa126f0073
                                                                                                                0x7ffa126f0078
                                                                                                                0x7ffa126f0083
                                                                                                                0x7ffa126f0085
                                                                                                                0x7ffa126f008e
                                                                                                                0x7ffa126f00a2
                                                                                                                0x7ffa126f00b7
                                                                                                                0x7ffa126f00b9
                                                                                                                0x7ffa126f00c0
                                                                                                                0x7ffa126f00c5
                                                                                                                0x7ffa126f00ce
                                                                                                                0x7ffa126f00d3
                                                                                                                0x7ffa126f00d6
                                                                                                                0x7ffa126f00db
                                                                                                                0x7ffa126f00df
                                                                                                                0x7ffa126f00e4
                                                                                                                0x7ffa126f00e8
                                                                                                                0x7ffa126f00f0
                                                                                                                0x7ffa126f00f3
                                                                                                                0x7ffa126f00f7
                                                                                                                0x7ffa126f0103
                                                                                                                0x7ffa126f011a
                                                                                                                0x7ffa126f012f
                                                                                                                0x7ffa126f0131
                                                                                                                0x7ffa126f0137
                                                                                                                0x7ffa126f0138
                                                                                                                0x7ffa126f014f
                                                                                                                0x7ffa126f0156
                                                                                                                0x7ffa126f015d
                                                                                                                0x7ffa126f0169
                                                                                                                0x7ffa126f017a
                                                                                                                0x7ffa126f018a
                                                                                                                0x7ffa126f0190
                                                                                                                0x7ffa126f019d
                                                                                                                0x7ffa126f01a5
                                                                                                                0x7ffa126f01b6
                                                                                                                0x7ffa126f01bb
                                                                                                                0x7ffa126f01c0
                                                                                                                0x7ffa126f01cd
                                                                                                                0x7ffa126f01d2
                                                                                                                0x7ffa126f01ed
                                                                                                                0x7ffa126f01fb
                                                                                                                0x7ffa126f0202
                                                                                                                0x7ffa126f020c
                                                                                                                0x7ffa126f0218
                                                                                                                0x7ffa126f0229
                                                                                                                0x7ffa126f023f
                                                                                                                0x7ffa126f0248
                                                                                                                0x7ffa126f0255
                                                                                                                0x7ffa126f025a
                                                                                                                0x7ffa126f0268
                                                                                                                0x7ffa126f026d
                                                                                                                0x7ffa126f0272
                                                                                                                0x7ffa126f0282
                                                                                                                0x7ffa126f0287
                                                                                                                0x7ffa126f02a5
                                                                                                                0x7ffa126f02b3
                                                                                                                0x7ffa126f02ba
                                                                                                                0x7ffa126f02c4
                                                                                                                0x7ffa126f02d0
                                                                                                                0x7ffa126f02e1
                                                                                                                0x7ffa126f02e6
                                                                                                                0x7ffa126f02ee
                                                                                                                0x7ffa126f02f1
                                                                                                                0x7ffa126f02f9
                                                                                                                0x7ffa126f02fd
                                                                                                                0x7ffa126f0305
                                                                                                                0x7ffa126f0311
                                                                                                                0x7ffa126f0319
                                                                                                                0x7ffa126f0325
                                                                                                                0x7ffa126f033c
                                                                                                                0x7ffa126f0351
                                                                                                                0x7ffa126f0353
                                                                                                                0x7ffa126f0359
                                                                                                                0x7ffa126f035a
                                                                                                                0x7ffa126f035f
                                                                                                                0x7ffa126f0367
                                                                                                                0x7ffa126f0373
                                                                                                                0x7ffa126f037b
                                                                                                                0x7ffa126f0384
                                                                                                                0x7ffa126f0398
                                                                                                                0x7ffa126f03ad
                                                                                                                0x7ffa126f03af
                                                                                                                0x7ffa126f03b5
                                                                                                                0x7ffa126f03e2

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA126F3D90: GetTempPathW.KERNEL32 ref: 00007FFA126F3DDA
                                                                                                                  • Part of subcall function 00007FFA126F3D90: GetLastError.KERNEL32 ref: 00007FFA126F3DE4
                                                                                                                  • Part of subcall function 00007FFA126F3D90: WideCharToMultiByte.KERNEL32 ref: 00007FFA126F3E63
                                                                                                                  • Part of subcall function 00007FFA126F3D90: WideCharToMultiByte.KERNEL32 ref: 00007FFA126F3E9C
                                                                                                                  • Part of subcall function 00007FFA126F3C10: WideCharToMultiByte.KERNEL32 ref: 00007FFA126F3CE0
                                                                                                                  • Part of subcall function 00007FFA126F3C10: WideCharToMultiByte.KERNEL32 ref: 00007FFA126F3D19
                                                                                                                  • Part of subcall function 00007FFA126F3C10: CoTaskMemFree.OLE32 ref: 00007FFA126F3D27
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126F0131
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$ErrorFreeLastPathTaskTemp_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't create ProgramData dir '{}'$couldn't create Wildix dir '{}'$couldn't create printing dir '{}'${}\FaxPrinter${}\Wildix
                                                                                                                • API String ID: 965925647-3675253893
                                                                                                                • Opcode ID: 814bb4d282d98a97a078d227fad3520b52953a00b6aa0836243e57b26735bf16
                                                                                                                • Instruction ID: 7ff671a2e99bd6413b9578c11628bddd39f2e0e8b2af6865c23b001b6c56dbda
                                                                                                                • Opcode Fuzzy Hash: 814bb4d282d98a97a078d227fad3520b52953a00b6aa0836243e57b26735bf16
                                                                                                                • Instruction Fuzzy Hash: 2AA14272518FC581EB20CB54F4503AAA3A1FB963A4F519635D6DC06ADDEFBCD184CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F0140 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 127COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                C-Code - Quality: 45%
                                                                                                                			E00007FFA7FFA126F0140(long long __rdi, void* __rsi, void* __r8, long long _a32, long long _a48, long long _a56, char _a80, long long _a88, char _a96, long long _a112, intOrPtr _a120, char _a128, long long _a144, long long _a152, char _a160, long long _a168, char _a176, long long _a192, long long _a200, char _a208, signed int _a240, void* _a256) {
				void* _t58;
				void* _t61;
				void* _t64;
				long long _t123;
				intOrPtr _t126;
				long long _t129;
				signed long long _t133;

				_t131 = __rsi;
				_t129 = __rdi;
				_t58 = E00007FFA7FFA126F3B40( &_a96); // executed
				if (_t58 != 0) goto 0x126f017f;
				_a32 =  &_a96;
				r8d = 0x1d;
				E00007FFA7FFA126E5600(__r8 - 0x19, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create ProgramData dir \'{}\'");
				_t87 =  >=  ? _a96 :  &_a96;
				_a160 =  >=  ? _a96 :  &_a96;
				_a168 = _a112;
				_a80 = 0xe;
				_a88 =  &_a160;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x30], xmm0");
				_a80 = "{}\\Wildix";
				_a88 = 9;
				E00007FFA7FFA126E49B0(_a160,  &_a128, __rdi, __rsi);
				_t61 = E00007FFA7FFA126F3B40( &_a128); // executed
				if (_t61 != 0) goto 0x126f022e;
				_a32 =  &_a128;
				r8d = 0x20;
				E00007FFA7FFA126E5600( &_a48 - 0x1c, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create Wildix dir \'{}\'");
				_t93 =  >=  ? _a128 :  &_a128;
				_a80 =  >=  ? _a128 :  &_a128;
				_a88 = _a144;
				_a48 = 0xe;
				_a56 =  &_a80;
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0xd0], xmm0");
				_a48 = "{}\\FaxPrinter";
				_a56 = 0xd;
				E00007FFA7FFA126E49B0(_a160,  &_a176, _t129, _t131);
				_t64 = E00007FFA7FFA126F3B40( &_a176); // executed
				if (_t64 != 0) goto 0x126f02e6;
				_a32 =  &_a176;
				r8d = 0x23;
				E00007FFA7FFA126E5600( &_a208 - 0x1f, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create printing dir \'{}\'");
				asm("movups xmm0, [esp+0xb0]");
				asm("movups [ebx], xmm0");
				asm("movups xmm1, [esp+0xc0]");
				asm("movups [ebx+0x10], xmm1");
				_a192 = _t129;
				_a200 = 0xf;
				_a176 = 0;
				_t123 = _a152;
				if (_t123 - 0x10 < 0) goto 0x126f035f;
				if (_t123 + 1 - 0x1000 < 0) goto 0x126f035a;
				if (_a128 -  *((intOrPtr*)(_a128 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126f035a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_a144 = _t129;
				_a152 = 0xf;
				_a128 = 0;
				_t126 = _a120;
				if (_t126 - 0x10 < 0) goto 0x126f03bb;
				if (_t126 + 1 - 0x1000 < 0) goto 0x126f03b6;
				if (_a96 -  *((intOrPtr*)(_a96 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126f03b6;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFA7FFA12705E20(E00007FFA7FFA127056E4(),  &_a208 - 0x1f, _a240 ^ _t133);
			}










                                                                                                                0x7ffa126f0140
                                                                                                                0x7ffa126f0140
                                                                                                                0x7ffa126f014f
                                                                                                                0x7ffa126f0156
                                                                                                                0x7ffa126f015d
                                                                                                                0x7ffa126f0169
                                                                                                                0x7ffa126f017a
                                                                                                                0x7ffa126f018a
                                                                                                                0x7ffa126f0190
                                                                                                                0x7ffa126f019d
                                                                                                                0x7ffa126f01a5
                                                                                                                0x7ffa126f01b6
                                                                                                                0x7ffa126f01bb
                                                                                                                0x7ffa126f01c0
                                                                                                                0x7ffa126f01cd
                                                                                                                0x7ffa126f01d2
                                                                                                                0x7ffa126f01ed
                                                                                                                0x7ffa126f01fb
                                                                                                                0x7ffa126f0202
                                                                                                                0x7ffa126f020c
                                                                                                                0x7ffa126f0218
                                                                                                                0x7ffa126f0229
                                                                                                                0x7ffa126f023f
                                                                                                                0x7ffa126f0248
                                                                                                                0x7ffa126f0255
                                                                                                                0x7ffa126f025a
                                                                                                                0x7ffa126f0268
                                                                                                                0x7ffa126f026d
                                                                                                                0x7ffa126f0272
                                                                                                                0x7ffa126f0282
                                                                                                                0x7ffa126f0287
                                                                                                                0x7ffa126f02a5
                                                                                                                0x7ffa126f02b3
                                                                                                                0x7ffa126f02ba
                                                                                                                0x7ffa126f02c4
                                                                                                                0x7ffa126f02d0
                                                                                                                0x7ffa126f02e1
                                                                                                                0x7ffa126f02e6
                                                                                                                0x7ffa126f02ee
                                                                                                                0x7ffa126f02f1
                                                                                                                0x7ffa126f02f9
                                                                                                                0x7ffa126f02fd
                                                                                                                0x7ffa126f0305
                                                                                                                0x7ffa126f0311
                                                                                                                0x7ffa126f0319
                                                                                                                0x7ffa126f0325
                                                                                                                0x7ffa126f033c
                                                                                                                0x7ffa126f0351
                                                                                                                0x7ffa126f0353
                                                                                                                0x7ffa126f0359
                                                                                                                0x7ffa126f035a
                                                                                                                0x7ffa126f035f
                                                                                                                0x7ffa126f0367
                                                                                                                0x7ffa126f0373
                                                                                                                0x7ffa126f037b
                                                                                                                0x7ffa126f0384
                                                                                                                0x7ffa126f0398
                                                                                                                0x7ffa126f03ad
                                                                                                                0x7ffa126f03af
                                                                                                                0x7ffa126f03b5
                                                                                                                0x7ffa126f03e2

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA126F3B40: CreateDirectoryW.KERNELBASE ref: 00007FFA126F3B7F
                                                                                                                  • Part of subcall function 00007FFA126F3B40: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126F3BC0
                                                                                                                  • Part of subcall function 00007FFA126F3B40: GetLastError.KERNEL32 ref: 00007FFA126F3BD0
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126F0353
                                                                                                                  • Part of subcall function 00007FFA126E5600: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E574B
                                                                                                                  • Part of subcall function 00007FFA126E5600: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E5792
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126F03AF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CreateDirectoryErrorLast
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't create ProgramData dir '{}'$couldn't create Wildix dir '{}'$couldn't create printing dir '{}'${}\FaxPrinter${}\Wildix
                                                                                                                • API String ID: 3337396845-3675253893
                                                                                                                • Opcode ID: 864f5195004df463a56467fb8f5d7a3e04e741c881cd2680bc408f47a77548ff
                                                                                                                • Instruction ID: 0c6582000785447ded945d9ff0bb3a81f6d987096d501c95260a9204c7238f08
                                                                                                                • Opcode Fuzzy Hash: 864f5195004df463a56467fb8f5d7a3e04e741c881cd2680bc408f47a77548ff
                                                                                                                • Instruction Fuzzy Hash: E8612132518FC585EB60CB54F4503AAB3A1FB96364F518636D6DC42AADEFBCD148CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126EBD60 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 113threadCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                C-Code - Quality: 60%
                                                                                                                			E00007FFA7FFA126EBD60(void* __edx, long long __rbx, long long __rcx, void* __rbp, void* __r14, long long _a16) {
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v80;
				char _v88;
				char _v104;
				long long _v120;
				signed long long _t64;
				long long _t76;
				long long _t91;
				intOrPtr _t97;
				long long _t100;
				void* _t102;
				void* _t105;

				_t76 = __rbx;
				_a16 = __rbx;
				_t64 =  *0x1272ec78; // 0xf623ed34940b
				_v24 = _t64 ^ _t102 - 0x00000090;
				_t100 = __rcx;
				_v64 = 0xf;
				_v72 = 8;
				_v88 = 0x5f6c6c64;
				_v80 = 0;
				_v56 = 0;
				asm("movdqa xmm0, [0x305e5]");
				asm("movdqu [esp+0x70], xmm0");
				_v56 = 0;
				E00007FFA7FFA126FD640(__rbx, __rcx, _t105);
				if ( &_v56 == 0x5f6c6c64) goto 0x126ebdf0;
				if ( *0x6E69616D5F6C6C7C - 0x10 < 0) goto 0x126ebde3;
				E00007FFA7FFA126E9100(_t76,  &_v56,  *0x5f6c6c64,  *0x6E69616D5F6C6C74, __r14);
				E00007FFA7FFA127006F0( *0x6E69616D5F6C6C7C - 0x10,  *0x5f6c6c64,  &_v88,  *0x6E69616D5F6C6C74);
				_t91 = _v64;
				if (_t91 - 0x10 < 0) goto 0x126ebe3b;
				if (_t91 + 1 - 0x1000 < 0) goto 0x126ebe36;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ebe36;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v72 = 0;
				_v64 = 0xf;
				_v88 = 0;
				E00007FFA7FFA127006D0(0, __edx, _v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f, _v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8,  *((intOrPtr*)(_v88 - 8)), _t91 + 0x28,  *0x6E69616D5F6C6C74); // executed
				if (__edx == 0) goto 0x126ebebc;
				if (__edx != 1) goto 0x126ebeea;
				_v104 = _t100;
				_v120 =  &_v104;
				r8d = 0xfb;
				E00007FFA7FFA126E5DB0(__edx, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "process attach, instance {:#x}"); // executed
				if (DisableThreadLibraryCalls(??) != 0) goto 0x126ebeea;
				r8d = 0xfd;
				E00007FFA7FFA126E52D0(_t76 + 2, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "DisableThreadLibraryCalls() failed");
				goto 0x126ebeea;
				_v104 = _t100;
				_v120 =  &_v104;
				r8d = 0x101;
				E00007FFA7FFA126E5DB0(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "process detach, instance {:#x}");
				E00007FFA7FFA127006F0(DisableThreadLibraryCalls(??),  &_v104,  &_v56,  *0x6E69616D5F6C6C74);
				_t97 = _v32;
				if (_t97 - 0x10 < 0) goto 0x126ebf35;
				if (_t97 + 1 - 0x1000 < 0) goto 0x126ebf2f;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ebf2f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				return E00007FFA7FFA12705E20(1, 1, _v24 ^ _t102 - 0x00000090);
			}



















                                                                                                                0x7ffa126ebd60
                                                                                                                0x7ffa126ebd60
                                                                                                                0x7ffa126ebd6d
                                                                                                                0x7ffa126ebd77
                                                                                                                0x7ffa126ebd81
                                                                                                                0x7ffa126ebd84
                                                                                                                0x7ffa126ebd8d
                                                                                                                0x7ffa126ebda0
                                                                                                                0x7ffa126ebda5
                                                                                                                0x7ffa126ebdaa
                                                                                                                0x7ffa126ebdb3
                                                                                                                0x7ffa126ebdbb
                                                                                                                0x7ffa126ebdc1
                                                                                                                0x7ffa126ebdc6
                                                                                                                0x7ffa126ebdd3
                                                                                                                0x7ffa126ebdde
                                                                                                                0x7ffa126ebdeb
                                                                                                                0x7ffa126ebdf5
                                                                                                                0x7ffa126ebdfb
                                                                                                                0x7ffa126ebe04
                                                                                                                0x7ffa126ebe18
                                                                                                                0x7ffa126ebe2d
                                                                                                                0x7ffa126ebe2f
                                                                                                                0x7ffa126ebe35
                                                                                                                0x7ffa126ebe36
                                                                                                                0x7ffa126ebe3b
                                                                                                                0x7ffa126ebe44
                                                                                                                0x7ffa126ebe4d
                                                                                                                0x7ffa126ebe54
                                                                                                                0x7ffa126ebe5c
                                                                                                                0x7ffa126ebe61
                                                                                                                0x7ffa126ebe67
                                                                                                                0x7ffa126ebe71
                                                                                                                0x7ffa126ebe7d
                                                                                                                0x7ffa126ebe8c
                                                                                                                0x7ffa126ebe9c
                                                                                                                0x7ffa126ebea5
                                                                                                                0x7ffa126ebeb5
                                                                                                                0x7ffa126ebeba
                                                                                                                0x7ffa126ebebc
                                                                                                                0x7ffa126ebec6
                                                                                                                0x7ffa126ebed2
                                                                                                                0x7ffa126ebee4
                                                                                                                0x7ffa126ebeef
                                                                                                                0x7ffa126ebef4
                                                                                                                0x7ffa126ebefd
                                                                                                                0x7ffa126ebf11
                                                                                                                0x7ffa126ebf26
                                                                                                                0x7ffa126ebf28
                                                                                                                0x7ffa126ebf2e
                                                                                                                0x7ffa126ebf2f
                                                                                                                0x7ffa126ebf5a

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CallsDisableLibraryThread__tlregdtor
                                                                                                                • String ID: DisableThreadLibraryCalls() failed$c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$dll_main$process attach, instance {:#x}$process detach, instance {:#x}
                                                                                                                • API String ID: 4146258558-105971010
                                                                                                                • Opcode ID: 03e865174120058d9e108d2211f40708f87fc382396c02e20b730f4e8c4c7978
                                                                                                                • Instruction ID: 7a50cc6cef21e42a1b254aa1d7eb06150db88491ba58de818ea53dbd8e5c31e8
                                                                                                                • Opcode Fuzzy Hash: 03e865174120058d9e108d2211f40708f87fc382396c02e20b730f4e8c4c7978
                                                                                                                • Instruction Fuzzy Hash: A3516F21A18F8681FA10DB64E4443BE63A1FF877A0F419135E6AD06ADDEFADD048CF44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA127061F0 Relevance: 13.7, APIs: 9, Instructions: 230COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 561 7ffa127061f0-7ffa127061f6 562 7ffa127061f8-7ffa127061fb 561->562 563 7ffa12706231-7ffa1270623b 561->563 564 7ffa12706225-7ffa12706264 call 7ffa12705868 562->564 565 7ffa127061fd-7ffa12706200 562->565 566 7ffa12706358-7ffa1270636d 563->566 581 7ffa12706332 564->581 582 7ffa1270626a-7ffa1270627f call 7ffa127056fc 564->582 567 7ffa12706218 __scrt_dllmain_crt_thread_attach 565->567 568 7ffa12706202-7ffa12706205 565->568 569 7ffa1270636f 566->569 570 7ffa1270637c-7ffa12706396 call 7ffa127056fc 566->570 576 7ffa1270621d-7ffa12706224 567->576 572 7ffa12706207-7ffa12706210 568->572 573 7ffa12706211-7ffa12706216 call 7ffa127057ac 568->573 574 7ffa12706371-7ffa1270637b 569->574 584 7ffa12706398-7ffa127063cd call 7ffa12705824 call 7ffa12706960 call 7ffa127069d4 call 7ffa127059d8 call 7ffa127059fc call 7ffa12705854 570->584 585 7ffa127063cf-7ffa12706400 call 7ffa12706758 570->585 573->576 586 7ffa12706334-7ffa12706349 581->586 593 7ffa12706285-7ffa12706296 call 7ffa1270576c 582->593 594 7ffa1270634a-7ffa12706357 call 7ffa12706758 582->594 584->574 595 7ffa12706402-7ffa12706408 585->595 596 7ffa12706411-7ffa12706417 585->596 612 7ffa12706298-7ffa127062b5 call 7ffa12706998 call 7ffa12706950 call 7ffa12706974 call 7ffa1271718b 593->612 613 7ffa127062e7-7ffa127062f1 call 7ffa127059d8 593->613 594->566 595->596 600 7ffa1270640a-7ffa1270640c 595->600 601 7ffa12706419-7ffa12706423 596->601 602 7ffa1270645e-7ffa12706466 call 7ffa126ebd60 596->602 607 7ffa127064ff-7ffa1270650c 600->607 608 7ffa12706425-7ffa1270642d 601->608 609 7ffa1270642f-7ffa1270643d 601->609 614 7ffa1270646b-7ffa12706474 602->614 615 7ffa12706443-7ffa1270644b call 7ffa127061f0 608->615 609->615 625 7ffa127064f5-7ffa127064fd 609->625 659 7ffa127062ba-7ffa127062bc 612->659 613->581 633 7ffa127062f3-7ffa127062ff call 7ffa12706990 613->633 621 7ffa12706476-7ffa12706478 614->621 622 7ffa127064ac-7ffa127064ae 614->622 627 7ffa12706450-7ffa12706458 615->627 621->622 630 7ffa1270647a-7ffa1270649c call 7ffa126ebd60 call 7ffa12706358 621->630 623 7ffa127064b5-7ffa127064ca call 7ffa127061f0 622->623 624 7ffa127064b0-7ffa127064b3 622->624 623->625 642 7ffa127064cc-7ffa127064d6 623->642 624->623 624->625 625->607 627->602 627->625 630->622 656 7ffa1270649e-7ffa127064a3 630->656 650 7ffa12706325-7ffa12706330 633->650 651 7ffa12706301-7ffa1270630b call 7ffa12705940 633->651 647 7ffa127064d8-7ffa127064df 642->647 648 7ffa127064e1-7ffa127064f1 642->648 647->625 648->625 650->586 651->650 660 7ffa1270630d-7ffa1270631b 651->660 656->622 659->613 661 7ffa127062be-7ffa127062c5 __scrt_dllmain_after_initialize_c 659->661 660->650 661->613 662 7ffa127062c7-7ffa127062e4 call 7ffa12717185 661->662 662->613
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00007FFA7FFA127061F0(void* __edx) {
				void* _t5;

				_t5 = __edx;
				if (_t5 == 0) goto 0x12706231;
				if (_t5 == 0) goto 0x12706225;
				if (_t5 == 0) goto 0x12706218;
				if (__edx == 1) goto 0x12706211;
				return 1;
			}




                                                                                                                0x7ffa127061f4
                                                                                                                0x7ffa127061f6
                                                                                                                0x7ffa127061fb
                                                                                                                0x7ffa12706200
                                                                                                                0x7ffa12706205
                                                                                                                0x7ffa12706210

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                • String ID:
                                                                                                                • API String ID: 349153199-0
                                                                                                                • Opcode ID: eb18400eeceb43c411f8f7cee53bc90404758fa191ef5bee891e186665a63c3a
                                                                                                                • Instruction ID: a7de3125140adf1f52b25c014d5ca30ea44df7102eae8009a1693b1c63d64176
                                                                                                                • Opcode Fuzzy Hash: eb18400eeceb43c411f8f7cee53bc90404758fa191ef5bee891e186665a63c3a
                                                                                                                • Instruction Fuzzy Hash: FC819228E18A4789F6549B2594512FB62F0AF577A0F26C035E90C4739EDEBCE54D8F08
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126EA1F0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 183COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 665 7ffa126ea1f0-7ffa126ea2ad call 7ffa126fd640 668 7ffa126ea2af-7ffa126ea2b8 665->668 669 7ffa126ea2cd-7ffa126ea2e7 call 7ffa127006f0 665->669 671 7ffa126ea2bd-7ffa126ea2c8 call 7ffa126e9100 668->671 672 7ffa126ea2ba 668->672 675 7ffa126ea2e9-7ffa126ea2fe 669->675 676 7ffa126ea321-7ffa126ea3cf call 7ffa126f4280 call 7ffa126e57c0 669->676 671->669 672->671 677 7ffa126ea300-7ffa126ea313 675->677 678 7ffa126ea31c call 7ffa127056e4 675->678 685 7ffa126ea409-7ffa126ea440 call 7ffa126ee0d0 call 7ffa126f4280 call 7ffa126ef010 676->685 686 7ffa126ea3d1-7ffa126ea3e6 676->686 677->678 680 7ffa126ea315-7ffa126ea31b _invalid_parameter_noinfo_noreturn 677->680 678->676 680->678 696 7ffa126ea445-7ffa126ea453 685->696 688 7ffa126ea3e8-7ffa126ea3fb 686->688 689 7ffa126ea404 call 7ffa127056e4 686->689 688->689 692 7ffa126ea3fd-7ffa126ea403 _invalid_parameter_noinfo_noreturn 688->692 689->685 692->689 697 7ffa126ea455-7ffa126ea46a 696->697 698 7ffa126ea48e-7ffa126ea4b2 call 7ffa127006f0 696->698 700 7ffa126ea488-7ffa126ea48d call 7ffa127056e4 697->700 701 7ffa126ea46c-7ffa126ea47f 697->701 705 7ffa126ea4b4-7ffa126ea4c9 698->705 706 7ffa126ea4ed-7ffa126ea61b call 7ffa12705e20 698->706 700->698 701->700 703 7ffa126ea481-7ffa126ea487 _invalid_parameter_noinfo_noreturn 701->703 703->700 708 7ffa126ea4e7-7ffa126ea4ec call 7ffa127056e4 705->708 709 7ffa126ea4cb-7ffa126ea4de 705->709 708->706 709->708 711 7ffa126ea4e0-7ffa126ea4e6 _invalid_parameter_noinfo_noreturn 709->711 711->708
                                                                                                                C-Code - Quality: 34%
                                                                                                                			E00007FFA7FFA126EA1F0(char __edx, void* __rcx, void* __rbp, long long __r8, intOrPtr* _a40, intOrPtr* _a48) {
				signed int _v72;
				intOrPtr _v80;
				char _v104;
				long long _v112;
				long long _v120;
				char _v130;
				short _v132;
				char _v136;
				intOrPtr _v144;
				char _v168;
				char _v200;
				char _v208;
				char _v216;
				char _v224;
				char _v232;
				long long _v240;
				char _v248;
				long long _v256;
				long long _v264;
				long long _v272;
				long long _v280;
				long long _v288;
				long long _v296;
				void* __rbx;
				void* __rsi;
				void* __r14;
				char _t71;
				intOrPtr _t82;
				void* _t98;
				signed long long _t124;
				signed long long _t125;
				long long _t129;
				void* _t148;
				long long _t149;
				char _t170;
				long long _t184;
				intOrPtr _t189;
				intOrPtr _t194;
				intOrPtr _t197;
				intOrPtr _t200;
				intOrPtr _t203;
				intOrPtr _t206;
				long long _t209;
				long long _t210;
				void* _t212;
				void* _t213;
				intOrPtr _t217;
				void* _t220;
				intOrPtr* _t221;
				intOrPtr* _t222;
				void* _t223;

				_t212 = __rbp;
				_t220 = _t213;
				_t214 = _t213 - 0x110;
				_t124 =  *0x1272ec78; // 0xf623ed34940b
				_t125 = _t124 ^ _t213 - 0x00000110;
				_v72 = _t125;
				_t209 = __r8;
				r13d = __edx;
				_t223 = __rcx;
				_v224 = __edx;
				_v232 = r9d;
				_t221 = _a40;
				_v240 = _t221;
				_t222 = _a48;
				 *((long long*)(_t220 - 0x88)) = _t210;
				 *((long long*)(_t220 - 0x70)) = 0xf;
				 *((long long*)(_t220 - 0x78)) = 6;
				_t71 = "system"; // 0x74737973
				_v136 = _t71;
				_v132 =  *0x1271ba84 & 0x0000ffff;
				_v130 = sil;
				 *((long long*)(_t220 - 0xa8)) = _t210;
				asm("movdqa xmm0, [0x32114]");
				asm("movdqu [esp+0xb0], xmm0");
				_v168 = sil;
				E00007FFA7FFA126FD640(_t148, __rcx, __r8);
				if ( &_v168 == _t125) goto 0x126ea2cd;
				_t217 =  *((intOrPtr*)(_t125 + 0x10));
				if ( *((long long*)(_t125 + 0x18)) - 0x10 < 0) goto 0x126ea2bd;
				E00007FFA7FFA126E9100(_t148,  &_v168,  *_t125, _t217, _t222);
				E00007FFA7FFA127006F0( *((long long*)(_t125 + 0x18)) - 0x10,  *_t125,  &_v136, _t217);
				_t184 = _v112;
				if (_t184 - 0x10 < 0) goto 0x126ea321;
				if (_t184 + 1 - 0x1000 < 0) goto 0x126ea31c;
				_t129 = _v136 -  *((intOrPtr*)(_v136 - 8)) + 0xfffffff8;
				if (_t129 - 0x1f <= 0) goto 0x126ea31c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v120 = _t210;
				_v112 = 0xf;
				_v136 = 0;
				_v248 = 0;
				 *_t222 = 0;
				 *_t221 = 0;
				_v208 = _t222;
				_v200 = _t209;
				_v216 = _t209;
				E00007FFA7FFA126F4280(_t98, _t148,  &_v104, _t223, _t210, _t212);
				_v256 =  &_v208;
				_v264 =  &_v200;
				_v272 =  &_v232;
				_v280 =  &_v216;
				_v288 =  &_v224;
				_v296 = _t129;
				r8d = 0x74;
				_t96 = _t217 - 0x73;
				E00007FFA7FFA126E57C0(_t217 - 0x73, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_enumports \'{}\', {}, {:#x}, {}, {:#x}, {:#x}"); // executed
				_t189 = _v80;
				if (_t189 - 0x10 < 0) goto 0x126ea409;
				if (_t189 + 1 - 0x1000 < 0) goto 0x126ea404;
				_t132 = _v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8;
				if (_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ea404;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA126EE0D0( *((intOrPtr*)(_v104 - 8)), _t189 + 0x28);
				_t149 = _t148 + _t209;
				E00007FFA7FFA126F4280(_t98, _t149,  &_v104, _t223, _v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8, _t212);
				_v288 =  &_v248;
				_v296 = _t149;
				r8d = r13d;
				_t82 = E00007FFA7FFA126EF010(0, _t149, _t132, _t209); // executed
				_t194 = _v80;
				if (_t194 - 0x10 < 0) goto 0x126ea48e;
				if (_t194 + 1 - 0x1000 < 0) goto 0x126ea488;
				if (_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ea488;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				 *_t221 = _v248;
				 *_t222 = _t82;
				E00007FFA7FFA127006F0(_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f, _v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8,  &_v168, _t217);
				_t197 = _v144;
				if (_t197 - 0x10 < 0) goto 0x126ea4ed;
				_t170 = _v168;
				if (_t197 + 1 - 0x1000 < 0) goto 0x126ea4e7;
				_t138 = _t170 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8;
				_t113 = _t170 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8 - 0x1f;
				if (_t170 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ea4e7;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA127006F0(_t113, _t138,  &_v168, _t217);
				_t200 = _v144;
				if (_t200 - 0x10 < 0) goto 0x126ea5f7;
				if (_t200 + 1 - 0x1000 < 0) goto 0x126ea5f1;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ea5f1;
				__imp___invalid_parameter_noinfo_noreturn();
				E00007FFA7FFA127006F0(_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f, _v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8,  &_v168, _t217);
				_t203 = _v144;
				if (_t203 - 0x10 < 0) goto 0x126ea5f7;
				if (_t203 + 1 - 0x1000 < 0) goto 0x126ea5f1;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ea5f1;
				__imp___invalid_parameter_noinfo_noreturn();
				E00007FFA7FFA127006F0(_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f, _v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8,  &_v168, _t217);
				_t206 = _v144;
				if (_t206 - 0x10 < 0) goto 0x126ea5f7;
				if (_t206 + 1 - 0x1000 < 0) goto 0x126ea5f1;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ea5f1;
				__imp___invalid_parameter_noinfo_noreturn();
				E00007FFA7FFA127056E4();
				return E00007FFA7FFA12705E20(0, _t96, _v72 ^ _t214);
			}






















































                                                                                                                0x7ffa126ea1f0
                                                                                                                0x7ffa126ea1f0
                                                                                                                0x7ffa126ea1fe
                                                                                                                0x7ffa126ea205
                                                                                                                0x7ffa126ea20c
                                                                                                                0x7ffa126ea20f
                                                                                                                0x7ffa126ea21a
                                                                                                                0x7ffa126ea21d
                                                                                                                0x7ffa126ea220
                                                                                                                0x7ffa126ea223
                                                                                                                0x7ffa126ea227
                                                                                                                0x7ffa126ea22b
                                                                                                                0x7ffa126ea233
                                                                                                                0x7ffa126ea238
                                                                                                                0x7ffa126ea242
                                                                                                                0x7ffa126ea249
                                                                                                                0x7ffa126ea251
                                                                                                                0x7ffa126ea259
                                                                                                                0x7ffa126ea25f
                                                                                                                0x7ffa126ea26d
                                                                                                                0x7ffa126ea275
                                                                                                                0x7ffa126ea27d
                                                                                                                0x7ffa126ea284
                                                                                                                0x7ffa126ea28c
                                                                                                                0x7ffa126ea295
                                                                                                                0x7ffa126ea29d
                                                                                                                0x7ffa126ea2ad
                                                                                                                0x7ffa126ea2af
                                                                                                                0x7ffa126ea2b8
                                                                                                                0x7ffa126ea2c8
                                                                                                                0x7ffa126ea2d5
                                                                                                                0x7ffa126ea2db
                                                                                                                0x7ffa126ea2e7
                                                                                                                0x7ffa126ea2fe
                                                                                                                0x7ffa126ea30b
                                                                                                                0x7ffa126ea313
                                                                                                                0x7ffa126ea315
                                                                                                                0x7ffa126ea31b
                                                                                                                0x7ffa126ea31c
                                                                                                                0x7ffa126ea321
                                                                                                                0x7ffa126ea329
                                                                                                                0x7ffa126ea335
                                                                                                                0x7ffa126ea33d
                                                                                                                0x7ffa126ea341
                                                                                                                0x7ffa126ea344
                                                                                                                0x7ffa126ea348
                                                                                                                0x7ffa126ea34d
                                                                                                                0x7ffa126ea355
                                                                                                                0x7ffa126ea365
                                                                                                                0x7ffa126ea370
                                                                                                                0x7ffa126ea37d
                                                                                                                0x7ffa126ea387
                                                                                                                0x7ffa126ea391
                                                                                                                0x7ffa126ea39b
                                                                                                                0x7ffa126ea3a0
                                                                                                                0x7ffa126ea3ac
                                                                                                                0x7ffa126ea3b9
                                                                                                                0x7ffa126ea3bd
                                                                                                                0x7ffa126ea3c3
                                                                                                                0x7ffa126ea3cf
                                                                                                                0x7ffa126ea3e6
                                                                                                                0x7ffa126ea3f3
                                                                                                                0x7ffa126ea3fb
                                                                                                                0x7ffa126ea3fd
                                                                                                                0x7ffa126ea403
                                                                                                                0x7ffa126ea404
                                                                                                                0x7ffa126ea409
                                                                                                                0x7ffa126ea411
                                                                                                                0x7ffa126ea41f
                                                                                                                0x7ffa126ea42a
                                                                                                                0x7ffa126ea42f
                                                                                                                0x7ffa126ea437
                                                                                                                0x7ffa126ea440
                                                                                                                0x7ffa126ea447
                                                                                                                0x7ffa126ea453
                                                                                                                0x7ffa126ea46a
                                                                                                                0x7ffa126ea47f
                                                                                                                0x7ffa126ea481
                                                                                                                0x7ffa126ea487
                                                                                                                0x7ffa126ea488
                                                                                                                0x7ffa126ea492
                                                                                                                0x7ffa126ea496
                                                                                                                0x7ffa126ea4a1
                                                                                                                0x7ffa126ea4a6
                                                                                                                0x7ffa126ea4b2
                                                                                                                0x7ffa126ea4b7
                                                                                                                0x7ffa126ea4c9
                                                                                                                0x7ffa126ea4d6
                                                                                                                0x7ffa126ea4da
                                                                                                                0x7ffa126ea4de
                                                                                                                0x7ffa126ea4e0
                                                                                                                0x7ffa126ea4e6
                                                                                                                0x7ffa126ea4e7
                                                                                                                0x7ffa126ea4ff
                                                                                                                0x7ffa126ea504
                                                                                                                0x7ffa126ea510
                                                                                                                0x7ffa126ea52b
                                                                                                                0x7ffa126ea544
                                                                                                                0x7ffa126ea54a
                                                                                                                0x7ffa126ea559
                                                                                                                0x7ffa126ea55e
                                                                                                                0x7ffa126ea56a
                                                                                                                0x7ffa126ea585
                                                                                                                0x7ffa126ea59a
                                                                                                                0x7ffa126ea59c
                                                                                                                0x7ffa126ea5ab
                                                                                                                0x7ffa126ea5b0
                                                                                                                0x7ffa126ea5bc
                                                                                                                0x7ffa126ea5d3
                                                                                                                0x7ffa126ea5e8
                                                                                                                0x7ffa126ea5ea
                                                                                                                0x7ffa126ea5f1
                                                                                                                0x7ffa126ea61b

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA126FD640: __tlregdtor.LIBCMT ref: 00007FFA126FD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EA315
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EA3FD
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EA481
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EA4E0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_enumports '{}', {}, {:#x}, {}, {:#x}, {:#x}$system
                                                                                                                • API String ID: 333172304-2864149607
                                                                                                                • Opcode ID: 9bf2fde0c874050469056fbb2993a46d0ec429c9a4e55342d40de94e9496e62f
                                                                                                                • Instruction ID: e33eef0ab121b0545d5e1b3724f0779d83809e1bab25ee26a08a7e69a72b4850
                                                                                                                • Opcode Fuzzy Hash: 9bf2fde0c874050469056fbb2993a46d0ec429c9a4e55342d40de94e9496e62f
                                                                                                                • Instruction Fuzzy Hash: 63815872619B8181FA20CB55F4443AE73A1FB967B0F418235EAAD47AD9EFBCD444CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126EA620 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 147COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 716 7ffa126ea620-7ffa126ea6a1 call 7ffa126fd640 719 7ffa126ea6a3-7ffa126ea6ac 716->719 720 7ffa126ea6be-7ffa126ea6d2 call 7ffa127006f0 716->720 721 7ffa126ea6b1-7ffa126ea6b9 call 7ffa126e9100 719->721 722 7ffa126ea6ae 719->722 726 7ffa126ea709-7ffa126ea759 call 7ffa126f4280 call 7ffa126e59e0 720->726 727 7ffa126ea6d4-7ffa126ea6e6 720->727 721->720 722->721 735 7ffa126ea75e-7ffa126ea76b 726->735 728 7ffa126ea6e8-7ffa126ea6fb 727->728 729 7ffa126ea704 call 7ffa127056e4 727->729 728->729 731 7ffa126ea6fd-7ffa126ea703 _invalid_parameter_noinfo_noreturn 728->731 729->726 731->729 736 7ffa126ea7a5-7ffa126ea7d9 call 7ffa126ee0d0 call 7ffa126f4280 call 7ffa126f03f0 735->736 737 7ffa126ea76d-7ffa126ea782 735->737 748 7ffa126ea814-7ffa126ea827 call 7ffa127006f0 736->748 749 7ffa126ea7db-7ffa126ea7f0 736->749 738 7ffa126ea784-7ffa126ea797 737->738 739 7ffa126ea7a0 call 7ffa127056e4 737->739 738->739 742 7ffa126ea799-7ffa126ea79f _invalid_parameter_noinfo_noreturn 738->742 739->736 742->739 757 7ffa126ea829-7ffa126ea83b 748->757 758 7ffa126ea85f-7ffa126ea8d7 call 7ffa12705e20 748->758 750 7ffa126ea7f2-7ffa126ea805 749->750 751 7ffa126ea80e-7ffa126ea813 call 7ffa127056e4 749->751 750->751 753 7ffa126ea807-7ffa126ea80d _invalid_parameter_noinfo_noreturn 750->753 751->748 753->751 760 7ffa126ea859-7ffa126ea85e call 7ffa127056e4 757->760 761 7ffa126ea83d-7ffa126ea850 757->761 760->758 761->760 762 7ffa126ea852-7ffa126ea858 _invalid_parameter_noinfo_noreturn 761->762 762->760
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E00007FFA7FFA126EA620(long long __rbx, void* __rcx, long long __rdx, long long __rsi, void* __rbp, void* __r14, long long _a24, long long _a32) {
				void* _v8;
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				intOrPtr _v64;
				char _v88;
				long long _v96;
				long long _v104;
				char _v114;
				short _v116;
				char _v120;
				char _v136;
				long long _v144;
				long long _v152;
				char _t48;
				void* _t58;
				void* _t70;
				signed long long _t89;
				signed long long _t90;
				long long _t94;
				long long _t107;
				char _t125;
				long long _t134;
				intOrPtr _t139;
				intOrPtr _t144;
				intOrPtr _t147;
				intOrPtr _t150;
				void* _t153;
				long long _t155;
				void* _t157;
				void* _t158;
				void* _t161;
				intOrPtr _t162;

				_t157 = __rbp;
				_t107 = __rbx;
				_a24 = __rbx;
				_a32 = __rsi;
				_t159 = _t158 - 0xb0;
				_t89 =  *0x1272ec78; // 0xf623ed34940b
				_t90 = _t89 ^ _t158 - 0x000000b0;
				_v24 = _t90;
				_t155 = __rdx;
				_t153 = __rcx;
				_v120 = __rbx;
				_v96 = 0xf;
				_v104 = 6;
				_t48 = "system"; // 0x74737973
				_v120 = _t48;
				_v116 =  *0x1271ba84 & 0x0000ffff;
				_v114 = 0;
				_v88 = __rbx;
				asm("movdqa xmm0, [0x31d16]");
				asm("movdqu [esp+0x70], xmm0");
				_v88 = 0;
				E00007FFA7FFA126FD640(__rbx, __rcx, _t161);
				if ( &_v88 == _t90) goto 0x126ea6be;
				_t162 =  *((intOrPtr*)(_t90 + 0x10));
				if ( *((long long*)(_t90 + 0x18)) - 0x10 < 0) goto 0x126ea6b1;
				E00007FFA7FFA126E9100(_t107,  &_v88,  *_t90, _t162, __r14);
				E00007FFA7FFA127006F0( *((long long*)(_t90 + 0x18)) - 0x10,  *_t90,  &_v120, _t162);
				_t134 = _v96;
				if (_t134 - 0x10 < 0) goto 0x126ea709;
				if (_t134 + 1 - 0x1000 < 0) goto 0x126ea704;
				_t94 = _v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8;
				if (_t94 - 0x1f <= 0) goto 0x126ea704;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v104 = _t107;
				_v96 = 0xf;
				_v120 = 0;
				_v136 = _t155;
				E00007FFA7FFA126F4280(_t70, _t107,  &_v56, _t153, _t155, _t157);
				_v144 =  &_v136;
				_v152 = _t94;
				r8d = 0x2e;
				_t69 = _t162 - 0x2d;
				E00007FFA7FFA126E59E0(_t162 - 0x2d, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_openport \'{}\', {:#x}"); // executed
				_t139 = _v32;
				if (_t139 - 0x10 < 0) goto 0x126ea7a5;
				if (_t139 + 1 - 0x1000 < 0) goto 0x126ea7a0;
				_t97 = _v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ea7a0;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA126EE0D0( *((intOrPtr*)(_v56 - 8)), _t139 + 0x28);
				_t58 = E00007FFA7FFA126F4280(_t70, _t97,  &_v56, _t153, _t155, _t157);
				_t163 = _t155;
				E00007FFA7FFA126F03F0(_t58, _t97, _t97, _t97, _t157, _t155);
				_t144 = _v32;
				if (_t144 - 0x10 < 0) goto 0x126ea814;
				if (_t144 + 1 - 0x1000 < 0) goto 0x126ea80e;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ea80e;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA127006F0(_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f, _v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8,  &_v88, _t155);
				_t147 = _v64;
				if (_t147 - 0x10 < 0) goto 0x126ea85f;
				_t125 = _v88;
				if (_t147 + 1 - 0x1000 < 0) goto 0x126ea859;
				_t103 = _t125 -  *((intOrPtr*)(_t125 - 8)) + 0xfffffff8;
				_t84 = _t125 -  *((intOrPtr*)(_t125 - 8)) + 0xfffffff8 - 0x1f;
				if (_t125 -  *((intOrPtr*)(_t125 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ea859;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA127006F0(_t84, _t103,  &_v88, _t163);
				_t150 = _v64;
				if (_t150 - 0x10 < 0) goto 0x126ea8b1;
				if (_t150 + 1 - 0x1000 < 0) goto 0x126ea8ab;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ea8ab;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				return E00007FFA7FFA12705E20(0, _t69, _v24 ^ _t159);
			}




































                                                                                                                0x7ffa126ea620
                                                                                                                0x7ffa126ea620
                                                                                                                0x7ffa126ea620
                                                                                                                0x7ffa126ea625
                                                                                                                0x7ffa126ea62b
                                                                                                                0x7ffa126ea632
                                                                                                                0x7ffa126ea639
                                                                                                                0x7ffa126ea63c
                                                                                                                0x7ffa126ea644
                                                                                                                0x7ffa126ea647
                                                                                                                0x7ffa126ea64c
                                                                                                                0x7ffa126ea651
                                                                                                                0x7ffa126ea65a
                                                                                                                0x7ffa126ea663
                                                                                                                0x7ffa126ea669
                                                                                                                0x7ffa126ea674
                                                                                                                0x7ffa126ea679
                                                                                                                0x7ffa126ea67d
                                                                                                                0x7ffa126ea682
                                                                                                                0x7ffa126ea68a
                                                                                                                0x7ffa126ea690
                                                                                                                0x7ffa126ea694
                                                                                                                0x7ffa126ea6a1
                                                                                                                0x7ffa126ea6a3
                                                                                                                0x7ffa126ea6ac
                                                                                                                0x7ffa126ea6b9
                                                                                                                0x7ffa126ea6c3
                                                                                                                0x7ffa126ea6c9
                                                                                                                0x7ffa126ea6d2
                                                                                                                0x7ffa126ea6e6
                                                                                                                0x7ffa126ea6f3
                                                                                                                0x7ffa126ea6fb
                                                                                                                0x7ffa126ea6fd
                                                                                                                0x7ffa126ea703
                                                                                                                0x7ffa126ea704
                                                                                                                0x7ffa126ea709
                                                                                                                0x7ffa126ea70e
                                                                                                                0x7ffa126ea717
                                                                                                                0x7ffa126ea71c
                                                                                                                0x7ffa126ea72c
                                                                                                                0x7ffa126ea737
                                                                                                                0x7ffa126ea73c
                                                                                                                0x7ffa126ea748
                                                                                                                0x7ffa126ea755
                                                                                                                0x7ffa126ea759
                                                                                                                0x7ffa126ea75f
                                                                                                                0x7ffa126ea76b
                                                                                                                0x7ffa126ea782
                                                                                                                0x7ffa126ea78f
                                                                                                                0x7ffa126ea797
                                                                                                                0x7ffa126ea799
                                                                                                                0x7ffa126ea79f
                                                                                                                0x7ffa126ea7a0
                                                                                                                0x7ffa126ea7a5
                                                                                                                0x7ffa126ea7b8
                                                                                                                0x7ffa126ea7be
                                                                                                                0x7ffa126ea7c7
                                                                                                                0x7ffa126ea7cd
                                                                                                                0x7ffa126ea7d9
                                                                                                                0x7ffa126ea7f0
                                                                                                                0x7ffa126ea805
                                                                                                                0x7ffa126ea807
                                                                                                                0x7ffa126ea80d
                                                                                                                0x7ffa126ea80e
                                                                                                                0x7ffa126ea819
                                                                                                                0x7ffa126ea81e
                                                                                                                0x7ffa126ea827
                                                                                                                0x7ffa126ea82c
                                                                                                                0x7ffa126ea83b
                                                                                                                0x7ffa126ea848
                                                                                                                0x7ffa126ea84c
                                                                                                                0x7ffa126ea850
                                                                                                                0x7ffa126ea852
                                                                                                                0x7ffa126ea858
                                                                                                                0x7ffa126ea859
                                                                                                                0x7ffa126ea86b
                                                                                                                0x7ffa126ea870
                                                                                                                0x7ffa126ea879
                                                                                                                0x7ffa126ea88d
                                                                                                                0x7ffa126ea8a2
                                                                                                                0x7ffa126ea8a4
                                                                                                                0x7ffa126ea8aa
                                                                                                                0x7ffa126ea8ab
                                                                                                                0x7ffa126ea8d7

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA126FD640: __tlregdtor.LIBCMT ref: 00007FFA126FD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EA6FD
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EA799
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EA807
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EA852
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_openport '{}', {:#x}$system
                                                                                                                • API String ID: 333172304-33612538
                                                                                                                • Opcode ID: 6fa6c247fdee1d97a4ab246a2aee9091d9b3f152b3ee41501171ff8f04a6126a
                                                                                                                • Instruction ID: fce44e6382a807370be21cfddc0a609ad68e635f5bab502ed544c18dfc01a771
                                                                                                                • Opcode Fuzzy Hash: 6fa6c247fdee1d97a4ab246a2aee9091d9b3f152b3ee41501171ff8f04a6126a
                                                                                                                • Instruction Fuzzy Hash: 23517162A18A8541FA10DB55E4443AF63A1FB877B0F518235EAAD43BDDEFACD484CB04
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F3C10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$FreeTask
                                                                                                                • String ID: c:\design\wiservice\wiservice\ext\win\ext-win-winutil.cpp$couldn't get special folder, error {}
                                                                                                                • API String ID: 1807027773-2105816268
                                                                                                                • Opcode ID: 1622e010b120b899079a5ea0814c22eff35c6c73c0cfa628f69e3cba74106a05
                                                                                                                • Instruction ID: f7cd8d1253b1b1e68937940af0bd63d52e7a7b4983800fe6b73273d833f829a5
                                                                                                                • Opcode Fuzzy Hash: 1622e010b120b899079a5ea0814c22eff35c6c73c0cfa628f69e3cba74106a05
                                                                                                                • Instruction Fuzzy Hash: D1419136608F8582EB218F15F45026AB7B5FB867A0F549135EB9D07B98EF7CE054CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F9190 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 141COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                C-Code - Quality: 40%
                                                                                                                			E00007FFA7FFA126F9190(void* __eflags, long long __rbx, intOrPtr* __rcx, long long __rsi, long long _a16, long long _a24) {
				void* _v8;
				signed int _v16;
				long long _v24;
				long long _v32;
				char _v48;
				long long _v56;
				long long _v64;
				char _v80;
				long long _v88;
				long long _v96;
				intOrPtr _v102;
				short _v104;
				char _v112;
				long long _v120;
				void* __rdi;
				void* _t60;
				signed long long _t78;
				char* _t93;
				intOrPtr _t113;
				long long _t116;
				long long _t119;
				intOrPtr _t122;
				void* _t125;
				void* _t129;
				void* _t134;

				_t127 = __rsi;
				_a16 = __rbx;
				_a24 = __rsi;
				_t78 =  *0x1272ec78; // 0xf623ed34940b
				_v16 = _t78 ^ _t129 - 0x00000090;
				_t93 = __rcx;
				_v120 = __rcx;
				 *((long long*)(__rcx)) = __rsi;
				 *((long long*)(__rcx + 0x10)) = __rsi;
				 *((long long*)(__rcx + 0x18)) = 0xf;
				 *__rcx = sil;
				 *((long long*)(__rcx + 0x38)) = 0xf;
				 *((intOrPtr*)(__rcx + 0x20)) = sil;
				 *((long long*)(__rcx + 0x30)) = 8;
				 *((long long*)(__rcx + 0x20)) = 0x646c6f5f;
				 *((intOrPtr*)(__rcx + 0x28)) = sil;
				 *((long long*)(__rcx + 0x40)) = 0x2710;
				 *((long long*)(__rcx + 0x48)) = __rsi;
				 *((intOrPtr*)(__rcx + 0x50)) = 0;
				 *((intOrPtr*)(__rcx + 0x50)) = 0x3a875d21;
				_v88 = 0xf;
				_v96 = 0xa;
				asm("movsd xmm0, [0x24162]");
				asm("movsd [esp+0x28], xmm0");
				_v104 =  *0x1271d390 & 0x0000ffff;
				_v102 = sil;
				E00007FFA7FFA126FD6B0(0x646c6f5f,  &_v48); // executed
				E00007FFA7FFA126F3370(__rcx,  &_v80, 0x646c6f5f, _t125,  &_v112);
				if (__rcx == 0x646c6f5f) goto 0x126f92c4;
				_t113 =  *((intOrPtr*)(__rcx + 0x18));
				if (_t113 - 0x10 < 0) goto 0x126f9298;
				if (_t113 + 1 - 0x1000 < 0) goto 0x126f9293;
				if ( *__rcx -  *((intOrPtr*)( *__rcx - 8)) - 8 - 0x1f > 0) goto 0x126f92f8;
				E00007FFA7FFA127056E4();
				 *((long long*)(_t93 + 0x10)) = __rsi;
				 *((long long*)(_t93 + 0x18)) = 0xf;
				 *_t93 = 0;
				asm("movups xmm0, [edi]");
				asm("movups [ebx], xmm0");
				asm("movups xmm1, [edi+0x10]");
				asm("movups [ebx+0x10], xmm1");
				 *0x7478742E646C6F6F = __rsi;
				 *0x7478742E646C6F77 = 0xf;
				 *0x646c6f5f = 0;
				_t116 = _v56;
				if (_t116 - 0x10 < 0) goto 0x126f9304;
				if (_t116 + 1 - 0x1000 < 0) goto 0x126f92ff;
				if (_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126f92ff;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v64 = __rsi;
				_v56 = 0xf;
				_v80 = 0;
				_t119 = _v24;
				if (_t119 - 0x10 < 0) goto 0x126f935a;
				if (_t119 + 1 - 0x1000 < 0) goto 0x126f9355;
				if (_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126f9355;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v32 = __rsi;
				_v24 = 0xf;
				_v48 = 0;
				_t122 = _v88;
				if (_t122 - 0x10 < 0) goto 0x126f93b0;
				if (_t122 + 1 - 0x1000 < 0) goto 0x126f93ab;
				if (_v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126f93ab;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA126FDE70(_t60, _t93, _t93, _t122 + 0x28, 0x646c6f5f, __rsi, _t134);
				E00007FFA7FFA126FDB70(_v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8, _t93, _t93, _t122 + 0x28, 0x646c6f5f, _t127, _t134);
				return E00007FFA7FFA12705E20(E00007FFA7FFA127005F0(0, _v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8, _t93, _t93, _t127), _t60, _v16 ^ _t129 - 0x00000090);
			}




























                                                                                                                0x7ffa126f9190
                                                                                                                0x7ffa126f9190
                                                                                                                0x7ffa126f9195
                                                                                                                0x7ffa126f91a2
                                                                                                                0x7ffa126f91ac
                                                                                                                0x7ffa126f91b4
                                                                                                                0x7ffa126f91b7
                                                                                                                0x7ffa126f91be
                                                                                                                0x7ffa126f91c1
                                                                                                                0x7ffa126f91c5
                                                                                                                0x7ffa126f91cd
                                                                                                                0x7ffa126f91d0
                                                                                                                0x7ffa126f91d8
                                                                                                                0x7ffa126f91dc
                                                                                                                0x7ffa126f91ee
                                                                                                                0x7ffa126f91f2
                                                                                                                0x7ffa126f91f6
                                                                                                                0x7ffa126f91fe
                                                                                                                0x7ffa126f9202
                                                                                                                0x7ffa126f9205
                                                                                                                0x7ffa126f920c
                                                                                                                0x7ffa126f9215
                                                                                                                0x7ffa126f921e
                                                                                                                0x7ffa126f9226
                                                                                                                0x7ffa126f9233
                                                                                                                0x7ffa126f9238
                                                                                                                0x7ffa126f9242
                                                                                                                0x7ffa126f9255
                                                                                                                0x7ffa126f9260
                                                                                                                0x7ffa126f9262
                                                                                                                0x7ffa126f926a
                                                                                                                0x7ffa126f9279
                                                                                                                0x7ffa126f928e
                                                                                                                0x7ffa126f9293
                                                                                                                0x7ffa126f9298
                                                                                                                0x7ffa126f929c
                                                                                                                0x7ffa126f92a4
                                                                                                                0x7ffa126f92a7
                                                                                                                0x7ffa126f92aa
                                                                                                                0x7ffa126f92ad
                                                                                                                0x7ffa126f92b1
                                                                                                                0x7ffa126f92b5
                                                                                                                0x7ffa126f92b9
                                                                                                                0x7ffa126f92c1
                                                                                                                0x7ffa126f92c4
                                                                                                                0x7ffa126f92cd
                                                                                                                0x7ffa126f92e1
                                                                                                                0x7ffa126f92f6
                                                                                                                0x7ffa126f92f8
                                                                                                                0x7ffa126f92fe
                                                                                                                0x7ffa126f92ff
                                                                                                                0x7ffa126f9304
                                                                                                                0x7ffa126f9309
                                                                                                                0x7ffa126f9312
                                                                                                                0x7ffa126f9317
                                                                                                                0x7ffa126f9323
                                                                                                                0x7ffa126f9337
                                                                                                                0x7ffa126f934c
                                                                                                                0x7ffa126f934e
                                                                                                                0x7ffa126f9354
                                                                                                                0x7ffa126f9355
                                                                                                                0x7ffa126f935a
                                                                                                                0x7ffa126f935f
                                                                                                                0x7ffa126f936b
                                                                                                                0x7ffa126f9370
                                                                                                                0x7ffa126f9379
                                                                                                                0x7ffa126f938d
                                                                                                                0x7ffa126f93a2
                                                                                                                0x7ffa126f93a4
                                                                                                                0x7ffa126f93aa
                                                                                                                0x7ffa126f93ab
                                                                                                                0x7ffa126f93b3
                                                                                                                0x7ffa126f93bb
                                                                                                                0x7ffa126f93f2

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126F92F8
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126F934E
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126F93A4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: _old.txt
                                                                                                                • API String ID: 3668304517-616907513
                                                                                                                • Opcode ID: e2eeb52d6b6e59b90e3991592558ed2ba420185344d285cf3c641dcd5f9135e0
                                                                                                                • Instruction ID: 16d196fda56e43a98f830487f11273d3745d125e4296a6b2ed0bf0ffb22f9d69
                                                                                                                • Opcode Fuzzy Hash: e2eeb52d6b6e59b90e3991592558ed2ba420185344d285cf3c641dcd5f9135e0
                                                                                                                • Instruction Fuzzy Hash: 2361B272618B8181EF10CB28E05436E73A1FB46BE4F108635E6AD0BAD9DFBDD085CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F9AD0 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140(?,?,00000000,?,?,00007FFA126F610B), ref: 00007FFA126F9B1D
                                                                                                                • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140(?,?,00000000,?,?,00007FFA126F610B), ref: 00007FFA126F9C07
                                                                                                                • ?exceptions@ios_base@std@@QEAAXH@Z.MSVCP140(?,?,00000000,?,?,00007FFA126F610B), ref: 00007FFA126F9C4A
                                                                                                                • ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z.MSVCP140(?,?,00000000,?,?,00007FFA126F610B), ref: 00007FFA126F9C6D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_ostream@??0?$basic_streambuf@?exceptions@ios_base@std@@?imbue@?$basic_ios@D@std@@@1@_V32@@V?$basic_streambuf@Vlocale@2@
                                                                                                                • String ID:
                                                                                                                • API String ID: 3082451130-0
                                                                                                                • Opcode ID: 65962441ffbfd86a22632ce13964d0f0351af5448cad341264558a9a5c1d9756
                                                                                                                • Instruction ID: a632f2cf4e505b483a0c754853da837b95d4777696e1b8baa4102e88014071cd
                                                                                                                • Opcode Fuzzy Hash: 65962441ffbfd86a22632ce13964d0f0351af5448cad341264558a9a5c1d9756
                                                                                                                • Instruction Fuzzy Hash: 8B515832601B4486EB049F2AD89036A77A4FB4AFE8F458435CF5D077A8DF78D4A5C740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F6090 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 35%
                                                                                                                			E00007FFA7FFA126F6090(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v32;
				char _v40;
				char _v56;
				void* _t25;
				void* _t32;
				void* _t36;
				long long _t41;
				long long _t44;
				long long _t63;
				void* _t67;
				void* _t78;

				_t41 = __rax;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_a8 = __rcx;
				_t44 = __rcx;
				_t25 = E00007FFA7FFA12716670(__rax);
				if (_t41 == 0) goto 0x126f60d1;
				r8d =  *((intOrPtr*)(__rcx + 0x28));
				if ( *_t41 == r8d) goto 0x126f6145;
				_v40 = __rcx + 0x10;
				__imp__AcquireSRWLockShared();
				E00007FFA7FFA127056A8(_t25, _t41, __rcx + 0x10);
				_v32 = _t41;
				if (_t41 == 0) goto 0x126f6110;
				E00007FFA7FFA126F9AD0(_t32,  *((intOrPtr*)(_t44 + 0x28)), _t36, _t44, _t41, _t44 + 0x38, _t44 + 0x30); // executed
				_t63 = _t41;
				goto 0x126f6112;
				__imp__ReleaseSRWLockShared();
				E00007FFA7FFA12716670(_t41);
				if (_t41 == _t63) goto 0x126f6145;
				_v56 = 1;
				E00007FFA7FFA12716E20( *((intOrPtr*)(_t44 + 0x28)), _t41, _t44, _t44 + 0x48, 0x126fc340, _t63, __rsi, _t67,  *((intOrPtr*)(_t44 + 0x48)), _t63, _t78);
				_v40 = _t63;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t63 + 0x128))))))();
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				E00007FFA7FFA1270DF50(); // executed
				return E00007FFA7FFA126FA810(_t44,  &_v40);
			}














                                                                                                                0x7ffa126f6090
                                                                                                                0x7ffa126f6090
                                                                                                                0x7ffa126f6095
                                                                                                                0x7ffa126f609a
                                                                                                                0x7ffa126f609f
                                                                                                                0x7ffa126f60b4
                                                                                                                0x7ffa126f60bb
                                                                                                                0x7ffa126f60c6
                                                                                                                0x7ffa126f60c8
                                                                                                                0x7ffa126f60cf
                                                                                                                0x7ffa126f60d5
                                                                                                                0x7ffa126f60dd
                                                                                                                0x7ffa126f60e9
                                                                                                                0x7ffa126f60ee
                                                                                                                0x7ffa126f60f6
                                                                                                                0x7ffa126f6106
                                                                                                                0x7ffa126f610b
                                                                                                                0x7ffa126f610e
                                                                                                                0x7ffa126f6115
                                                                                                                0x7ffa126f611f
                                                                                                                0x7ffa126f6127
                                                                                                                0x7ffa126f6129
                                                                                                                0x7ffa126f6140
                                                                                                                0x7ffa126f6145
                                                                                                                0x7ffa126f615b
                                                                                                                0x7ffa126f6164
                                                                                                                0x7ffa126f6174
                                                                                                                0x7ffa126f619d

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LockShared$?flush@?$basic_ostream@AcquireD@std@@@std@@ReleaseU?$char_traits@V12@
                                                                                                                • String ID:
                                                                                                                • API String ID: 2998771425-0
                                                                                                                • Opcode ID: c63d80af33eb38eef14d7db0ce99088c79d6b7ac8d3a8db6c670529646bb2af8
                                                                                                                • Instruction ID: 790dac0954bc0fd7d44fc5f0e78b08523b90d55c96aac96071706d9f3c22f48e
                                                                                                                • Opcode Fuzzy Hash: c63d80af33eb38eef14d7db0ce99088c79d6b7ac8d3a8db6c670529646bb2af8
                                                                                                                • Instruction Fuzzy Hash: FE219132618F4291DB00DB25E4100AA63A0FF86BE4F418432EE5D07BADDF7CE959CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F3B40 Relevance: 4.5, APIs: 3, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 26%
                                                                                                                			E00007FFA7FFA126F3B40(intOrPtr* __rcx) {
				signed int _v24;
				signed long long _v32;
				char _v56;
				void* __rbx;
				int _t14;
				void* _t19;
				void* _t21;
				signed long long _t31;
				void* _t36;
				void* _t41;
				signed long long _t47;
				void* _t50;
				void* _t51;
				signed long long _t52;

				_t31 =  *0x1272ec78; // 0xf623ed34940b
				_v24 = _t31 ^ _t52;
				if ( *((long long*)(__rcx + 0x18)) - 0x10 < 0) goto 0x126f3b5f;
				E00007FFA7FFA126F3FF0(_t19, _t36,  &_v56,  *__rcx, _t50, _t51);
				_t41 =  >=  ? _v56 :  &_v56;
				_t14 = CreateDirectoryW(??, ??); // executed
				_t47 = _v32;
				if (_t47 - 8 < 0) goto 0x126f3bcc;
				if (2 + _t47 * 2 - 0x1000 < 0) goto 0x126f3bc7;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126f3bc7;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				if (_t14 != 0) goto 0x126f3bf2;
				if (GetLastError() == 0xb7) goto 0x126f3bf2;
				return E00007FFA7FFA12705E20(0, _t21, _v24 ^ _t52);
			}

















                                                                                                                0x7ffa126f3b46
                                                                                                                0x7ffa126f3b50
                                                                                                                0x7ffa126f3b5a
                                                                                                                0x7ffa126f3b67
                                                                                                                0x7ffa126f3b77
                                                                                                                0x7ffa126f3b7f
                                                                                                                0x7ffa126f3b85
                                                                                                                0x7ffa126f3b90
                                                                                                                0x7ffa126f3ba9
                                                                                                                0x7ffa126f3bbe
                                                                                                                0x7ffa126f3bc0
                                                                                                                0x7ffa126f3bc6
                                                                                                                0x7ffa126f3bc7
                                                                                                                0x7ffa126f3bce
                                                                                                                0x7ffa126f3bdb
                                                                                                                0x7ffa126f3bf1

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateDirectoryErrorLast_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 1363081247-0
                                                                                                                • Opcode ID: faef024df2a03db1270b99d93008469492379fdd24af4c472736017e69ee614e
                                                                                                                • Instruction ID: 62771c7676e3400f0f71c425228e7dba1e0b31b3bb115b64565a5852b1b15daf
                                                                                                                • Opcode Fuzzy Hash: faef024df2a03db1270b99d93008469492379fdd24af4c472736017e69ee614e
                                                                                                                • Instruction Fuzzy Hash: 5D11CB61A18E8181FF10AB34E46913A23B1FF977B4F415531D66D466DDDEACD0848A00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12717B10 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00007FFA7FFA12717B10(long long __rdx, void* __r8) {
				void* _t11;
				long long _t15;
				long _t22;
				void* _t25;

				 *((long long*)(_t25 + 0x10)) = __rdx;
				_t15 =  *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x88))));
				 *((intOrPtr*)(_t15 + 8))();
				 *((long long*)(__rdx + 0x70)) = _t15;
				 *((long long*)(_t25 - 0x50 + 0x20)) = __rdx + 0x70;
				r8d = 0x7a;
				_t11 = E00007FFA7FFA126E5460(__r8 - 0x76, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "\'enum_ports\' method throwed BufferSizeException: {}"); // executed
				SetLastError(_t22);
				 *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x58)))) =  *((intOrPtr*)(__rdx + 0x50));
				return _t11;
			}







                                                                                                                0x7ffa12717b10
                                                                                                                0x7ffa12717b24
                                                                                                                0x7ffa12717b27
                                                                                                                0x7ffa12717b2a
                                                                                                                0x7ffa12717b32
                                                                                                                0x7ffa12717b3e
                                                                                                                0x7ffa12717b4f
                                                                                                                0x7ffa12717b59
                                                                                                                0x7ffa12717b66
                                                                                                                0x7ffa12717b77

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA126E5460: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E558E
                                                                                                                  • Part of subcall function 00007FFA126E5460: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E55D5
                                                                                                                • SetLastError.KERNEL32 ref: 00007FFA12717B59
                                                                                                                Strings
                                                                                                                • c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp, xrefs: 00007FFA12717B44
                                                                                                                • 'enum_ports' method throwed BufferSizeException: {}, xrefs: 00007FFA12717B37
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ErrorLast
                                                                                                                • String ID: 'enum_ports' method throwed BufferSizeException: {}$c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp
                                                                                                                • API String ID: 3964982034-30933652
                                                                                                                • Opcode ID: 7869ff0d80f280c4edbe0d1ae805a5289204315e6fb73086d8f10c0cbf007131
                                                                                                                • Instruction ID: fdf067254f99235abe0f041de4b0bd5114b637a81d1d08f48fe1b0c6a24f8db8
                                                                                                                • Opcode Fuzzy Hash: 7869ff0d80f280c4edbe0d1ae805a5289204315e6fb73086d8f10c0cbf007131
                                                                                                                • Instruction Fuzzy Hash: D5F0F476A04F44CAD700CF24E8403AA33A1FB89BA8F418136EA4D077A8EF78D549CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA127056A8 Relevance: 4.5, APIs: 3, Instructions: 21COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA126E8F4E), ref: 00007FFA127056C2
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA127056D8
                                                                                                                  • Part of subcall function 00007FFA12706570: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFA12706579
                                                                                                                  • Part of subcall function 00007FFA12706570: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FFA127056DD,?,?,?,00007FFA126E103E), ref: 00007FFA1270658A
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA127056DE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Concurrency::cancel_current_task$ExceptionThrowmallocstd::bad_alloc::bad_alloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 594857686-0
                                                                                                                • Opcode ID: 6a9dde96a4e5c5a546da14e1cc1e920901ba229958cfcef968a0db875d2be652
                                                                                                                • Instruction ID: d18f79eefeeaa16cc4406fc9bc6e1f49965bb3e1228abeb2b180bf652ca71fd8
                                                                                                                • Opcode Fuzzy Hash: 6a9dde96a4e5c5a546da14e1cc1e920901ba229958cfcef968a0db875d2be652
                                                                                                                • Instruction Fuzzy Hash: 2FE0EC48F0D90745FA2863A125260FA00F41F57B70E2E9B30D97E092DEFE9CE4AD4D24
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F3980 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(?,?,?,?,00007FFA126F41C5,?,?,?,?,00000000,?,?,?,00000000,00007FFA126F3B6C), ref: 00007FFA126F398B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Xlength_error@std@@
                                                                                                                • String ID: vector too long
                                                                                                                • API String ID: 1004598685-2873823879
                                                                                                                • Opcode ID: 7facf0b4ce551dd9ebe7992f8db6e7374516873740b80f86a9a3de763a5ba51c
                                                                                                                • Instruction ID: 87c13e291d8d0f29f2578a5b5fab8fa18fa06ab141c35fb85df0f998b78cc55e
                                                                                                                • Opcode Fuzzy Hash: 7facf0b4ce551dd9ebe7992f8db6e7374516873740b80f86a9a3de763a5ba51c
                                                                                                                • Instruction Fuzzy Hash: AEA0121491480180D004F700D8510E501701F13310E614431E10C005952D48D04E4F08
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E57C0 Relevance: 3.1, APIs: 2, Instructions: 120COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 40%
                                                                                                                			E00007FFA7FFA126E57C0(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40, intOrPtr* _a48, intOrPtr* _a56, intOrPtr* _a64, intOrPtr* _a72, intOrPtr* _a80) {
				signed int _v56;
				long long _v72;
				long long _v88;
				intOrPtr _v104;
				long long _v120;
				intOrPtr _v136;
				long long _v144;
				char _v152;
				intOrPtr _v160;
				char _v184;
				long long _v208;
				long long _v216;
				long long _v224;
				long long _v232;
				char _v248;
				long long _v272;
				long long _v280;
				intOrPtr _v288;
				intOrPtr _v296;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t56;
				signed long long _t68;
				intOrPtr* _t70;
				intOrPtr _t105;
				intOrPtr _t108;
				intOrPtr* _t111;
				void* _t112;
				void* _t113;
				signed long long _t114;

				_t68 =  *0x1272ec78; // 0xf623ed34940b
				_v56 = _t68 ^ _t114;
				_t111 = __rdx;
				_v288 = __ecx;
				_v272 = __rdx;
				_v296 = r14d;
				_v280 = __r9;
				_t70 = _a40;
				if ( *((long long*)(_t70 + 0x18)) - 0x10 < 0) goto 0x126e580f;
				_v152 =  *_t70;
				_v144 =  *((intOrPtr*)(_t70 + 0x10));
				_v136 =  *_a48;
				_v120 =  *_a56;
				_v104 =  *_a64;
				_v88 =  *_a72;
				_v72 =  *_a80;
				_v216 = 0xa51946e;
				_v208 =  &_v152;
				asm("movaps xmm0, [esp+0x80]");
				asm("movdqa [esp+0x60], xmm0");
				_v216 = __r9;
				asm("o16 nop [eax+eax]");
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x126e58c0;
				_v208 = 0;
				E00007FFA7FFA126E49B0(0xffffffff,  &_v184, __rdx, _t112);
				_v248 = 0;
				_v232 = 0;
				_v224 = 0xf;
				_v248 = 0;
				if ( *_t111 != 0) goto 0x126e5906;
				E00007FFA7FFA126E9100(0,  &_v248, _t111, 0, r8d);
				E00007FFA7FFA126FE5B0(__ecx, _t56, 0, 0,  &_v248,  &_v248, _t112, _t113, r8d,  &_v184); // executed
				_t105 = _v224;
				if (_t105 - 0x10 < 0) goto 0x126e5978;
				if (_t105 + 1 - 0x1000 < 0) goto 0x126e5972;
				if (_v248 -  *((intOrPtr*)(_v248 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e5972;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_t108 = _v160;
				if (_t108 - 0x10 < 0) goto 0x126e59bf;
				if (_t108 + 1 - 0x1000 < 0) goto 0x126e59b9;
				if (_v184 -  *((intOrPtr*)(_v184 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e59b9;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFA7FFA12705E20(E00007FFA7FFA127056E4(), __ecx, _v56 ^ _t114);
			}



































                                                                                                                0x7ffa126e57cd
                                                                                                                0x7ffa126e57d7
                                                                                                                0x7ffa126e57e2
                                                                                                                0x7ffa126e57e7
                                                                                                                0x7ffa126e57eb
                                                                                                                0x7ffa126e57f0
                                                                                                                0x7ffa126e57f5
                                                                                                                0x7ffa126e57fa
                                                                                                                0x7ffa126e580a
                                                                                                                0x7ffa126e5813
                                                                                                                0x7ffa126e581b
                                                                                                                0x7ffa126e582d
                                                                                                                0x7ffa126e583f
                                                                                                                0x7ffa126e5851
                                                                                                                0x7ffa126e5863
                                                                                                                0x7ffa126e5876
                                                                                                                0x7ffa126e587e
                                                                                                                0x7ffa126e5892
                                                                                                                0x7ffa126e589a
                                                                                                                0x7ffa126e58a2
                                                                                                                0x7ffa126e58a8
                                                                                                                0x7ffa126e58ba
                                                                                                                0x7ffa126e58c8
                                                                                                                0x7ffa126e58ca
                                                                                                                0x7ffa126e58e7
                                                                                                                0x7ffa126e58ef
                                                                                                                0x7ffa126e58f4
                                                                                                                0x7ffa126e58f9
                                                                                                                0x7ffa126e5902
                                                                                                                0x7ffa126e590c
                                                                                                                0x7ffa126e5919
                                                                                                                0x7ffa126e5931
                                                                                                                0x7ffa126e5937
                                                                                                                0x7ffa126e5940
                                                                                                                0x7ffa126e5954
                                                                                                                0x7ffa126e5969
                                                                                                                0x7ffa126e596b
                                                                                                                0x7ffa126e5971
                                                                                                                0x7ffa126e5972
                                                                                                                0x7ffa126e5978
                                                                                                                0x7ffa126e5984
                                                                                                                0x7ffa126e599b
                                                                                                                0x7ffa126e59b0
                                                                                                                0x7ffa126e59b2
                                                                                                                0x7ffa126e59b8
                                                                                                                0x7ffa126e59db

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E596B
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E59B2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: 73e43ceae187663198f51ab07dd2624a4768c643729dcd27bd6d0a5b931211e7
                                                                                                                • Instruction ID: bb909ceb0d7616ddd9d0d9ceded41891c9d407cba49922f7f85427b78d3cd305
                                                                                                                • Opcode Fuzzy Hash: 73e43ceae187663198f51ab07dd2624a4768c643729dcd27bd6d0a5b931211e7
                                                                                                                • Instruction Fuzzy Hash: 9D510D72609FC985EA60DB15F4403AA77A1F79A7A0F408225EAAD43BD9EF7CD044CB04
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E59E0 Relevance: 3.1, APIs: 2, Instructions: 107COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 41%
                                                                                                                			E00007FFA7FFA126E59E0(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40, intOrPtr* _a48) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v104;
				long long _v112;
				char _v120;
				long long _v144;
				long long _v152;
				long long _v160;
				long long _v168;
				char _v184;
				long long _v208;
				long long _v216;
				intOrPtr _v224;
				intOrPtr _v232;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t46;
				signed long long _t58;
				intOrPtr* _t60;
				intOrPtr _t89;
				intOrPtr _t92;
				intOrPtr* _t95;
				void* _t96;
				void* _t97;
				signed long long _t98;

				_t58 =  *0x1272ec78; // 0xf623ed34940b
				_v56 = _t58 ^ _t98;
				_t95 = __rdx;
				_v224 = __ecx;
				_v208 = __rdx;
				_v232 = r14d;
				_v216 = __r9;
				_t60 = _a40;
				if ( *((long long*)(_t60 + 0x18)) - 0x10 < 0) goto 0x126e5a2f;
				_v120 =  *_t60;
				_v112 =  *((intOrPtr*)(_t60 + 0x10));
				_v104 =  *_a48;
				_v152 = 0xae;
				_v144 =  &_v120;
				asm("movaps xmm0, [esp+0x80]");
				asm("movdqa [esp+0x60], xmm0");
				_v152 = __r9;
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x126e5a92;
				_v144 = 0;
				E00007FFA7FFA126E49B0(0xffffffff,  &_v88, __rdx, _t96);
				_v184 = 0;
				_v168 = 0;
				_v160 = 0xf;
				_v184 = 0;
				if ( *_t95 != 0) goto 0x126e5ad8;
				E00007FFA7FFA126E9100(0,  &_v184, _t95, 0, r8d);
				E00007FFA7FFA126FE5B0(__ecx, _t46, 0, 0,  &_v184,  &_v184, _t96, _t97, r8d,  &_v88); // executed
				_t89 = _v160;
				if (_t89 - 0x10 < 0) goto 0x126e5b4a;
				if (_t89 + 1 - 0x1000 < 0) goto 0x126e5b44;
				if (_v184 -  *((intOrPtr*)(_v184 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e5b44;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_t92 = _v64;
				if (_t92 - 0x10 < 0) goto 0x126e5b91;
				if (_t92 + 1 - 0x1000 < 0) goto 0x126e5b8b;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e5b8b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFA7FFA12705E20(E00007FFA7FFA127056E4(), __ecx, _v56 ^ _t98);
			}































                                                                                                                0x7ffa126e59ed
                                                                                                                0x7ffa126e59f7
                                                                                                                0x7ffa126e5a02
                                                                                                                0x7ffa126e5a07
                                                                                                                0x7ffa126e5a0b
                                                                                                                0x7ffa126e5a10
                                                                                                                0x7ffa126e5a15
                                                                                                                0x7ffa126e5a1a
                                                                                                                0x7ffa126e5a2a
                                                                                                                0x7ffa126e5a33
                                                                                                                0x7ffa126e5a3b
                                                                                                                0x7ffa126e5a4e
                                                                                                                0x7ffa126e5a56
                                                                                                                0x7ffa126e5a6a
                                                                                                                0x7ffa126e5a72
                                                                                                                0x7ffa126e5a7a
                                                                                                                0x7ffa126e5a80
                                                                                                                0x7ffa126e5a9a
                                                                                                                0x7ffa126e5a9c
                                                                                                                0x7ffa126e5ab9
                                                                                                                0x7ffa126e5ac1
                                                                                                                0x7ffa126e5ac6
                                                                                                                0x7ffa126e5acb
                                                                                                                0x7ffa126e5ad4
                                                                                                                0x7ffa126e5ade
                                                                                                                0x7ffa126e5aeb
                                                                                                                0x7ffa126e5b03
                                                                                                                0x7ffa126e5b09
                                                                                                                0x7ffa126e5b12
                                                                                                                0x7ffa126e5b26
                                                                                                                0x7ffa126e5b3b
                                                                                                                0x7ffa126e5b3d
                                                                                                                0x7ffa126e5b43
                                                                                                                0x7ffa126e5b44
                                                                                                                0x7ffa126e5b4a
                                                                                                                0x7ffa126e5b56
                                                                                                                0x7ffa126e5b6d
                                                                                                                0x7ffa126e5b82
                                                                                                                0x7ffa126e5b84
                                                                                                                0x7ffa126e5b8a
                                                                                                                0x7ffa126e5bad

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E5B3D
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E5B84
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: 97c44221c89b743faa690c19e7458c184bfa7aaf1c1567da121e75d63c1948a0
                                                                                                                • Instruction ID: 85c3cd6a8682494c195e792d927de8ee553cb485c4c53b7a15319d6e9f4a0453
                                                                                                                • Opcode Fuzzy Hash: 97c44221c89b743faa690c19e7458c184bfa7aaf1c1567da121e75d63c1948a0
                                                                                                                • Instruction Fuzzy Hash: 59413F72609BC581EA60CB15F4443AA63A1FB867B0F419235EAAD47BD9EF7CD085CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E5600 Relevance: 3.1, APIs: 2, Instructions: 105COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 41%
                                                                                                                			E00007FFA7FFA126E5600(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v96;
				char _v104;
				long long _v128;
				long long _v136;
				long long _v144;
				long long _v152;
				char _v168;
				long long _v192;
				long long _v200;
				intOrPtr _v208;
				intOrPtr _v216;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t44;
				signed long long _t56;
				intOrPtr* _t58;
				intOrPtr _t85;
				intOrPtr _t88;
				intOrPtr* _t91;
				void* _t92;
				void* _t93;
				signed long long _t94;

				_t56 =  *0x1272ec78; // 0xf623ed34940b
				_v56 = _t56 ^ _t94;
				_t91 = __rdx;
				_v208 = __ecx;
				_v192 = __rdx;
				_v216 = r14d;
				_v200 = __r9;
				_t58 = _a40;
				if ( *((long long*)(_t58 + 0x18)) - 0x10 < 0) goto 0x126e564f;
				_v104 =  *_t58;
				_v96 =  *((intOrPtr*)(_t58 + 0x10));
				_v136 = 0xe;
				_v128 =  &_v104;
				asm("movaps xmm0, [esp+0x80]");
				asm("movdqa [esp+0x60], xmm0");
				_v136 = __r9;
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x126e56a0;
				_v128 = 0;
				E00007FFA7FFA126E49B0(0xffffffff,  &_v88, __rdx, _t92);
				_v168 = 0;
				_v152 = 0;
				_v144 = 0xf;
				_v168 = 0;
				if ( *_t91 != 0) goto 0x126e56e6;
				E00007FFA7FFA126E9100(0,  &_v168, _t91, 0, r8d);
				E00007FFA7FFA126FE5B0(__ecx, _t44, 0, 0,  &_v168,  &_v168, _t92, _t93, r8d,  &_v88); // executed
				_t85 = _v144;
				if (_t85 - 0x10 < 0) goto 0x126e5758;
				if (_t85 + 1 - 0x1000 < 0) goto 0x126e5752;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e5752;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_t88 = _v64;
				if (_t88 - 0x10 < 0) goto 0x126e579f;
				if (_t88 + 1 - 0x1000 < 0) goto 0x126e5799;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e5799;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFA7FFA12705E20(E00007FFA7FFA127056E4(), __ecx, _v56 ^ _t94);
			}






























                                                                                                                0x7ffa126e560d
                                                                                                                0x7ffa126e5617
                                                                                                                0x7ffa126e5622
                                                                                                                0x7ffa126e5627
                                                                                                                0x7ffa126e562b
                                                                                                                0x7ffa126e5630
                                                                                                                0x7ffa126e5635
                                                                                                                0x7ffa126e563a
                                                                                                                0x7ffa126e564a
                                                                                                                0x7ffa126e5653
                                                                                                                0x7ffa126e565b
                                                                                                                0x7ffa126e5663
                                                                                                                0x7ffa126e5677
                                                                                                                0x7ffa126e567f
                                                                                                                0x7ffa126e5687
                                                                                                                0x7ffa126e568d
                                                                                                                0x7ffa126e56a8
                                                                                                                0x7ffa126e56aa
                                                                                                                0x7ffa126e56c7
                                                                                                                0x7ffa126e56cf
                                                                                                                0x7ffa126e56d4
                                                                                                                0x7ffa126e56d9
                                                                                                                0x7ffa126e56e2
                                                                                                                0x7ffa126e56ec
                                                                                                                0x7ffa126e56f9
                                                                                                                0x7ffa126e5711
                                                                                                                0x7ffa126e5717
                                                                                                                0x7ffa126e5720
                                                                                                                0x7ffa126e5734
                                                                                                                0x7ffa126e5749
                                                                                                                0x7ffa126e574b
                                                                                                                0x7ffa126e5751
                                                                                                                0x7ffa126e5752
                                                                                                                0x7ffa126e5758
                                                                                                                0x7ffa126e5764
                                                                                                                0x7ffa126e577b
                                                                                                                0x7ffa126e5790
                                                                                                                0x7ffa126e5792
                                                                                                                0x7ffa126e5798
                                                                                                                0x7ffa126e57bb

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E574B
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E5792
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: 58070835333cbe6a373e52650213dcef8f5b34f3e3a1ea89039551fc6100ad9f
                                                                                                                • Instruction ID: 21e5d04772b036d50f5cd55af831f440966f5c73ec7506e961f818beb237a13e
                                                                                                                • Opcode Fuzzy Hash: 58070835333cbe6a373e52650213dcef8f5b34f3e3a1ea89039551fc6100ad9f
                                                                                                                • Instruction Fuzzy Hash: 6C415E72609BC581EA20CB15F4443AA63A1FB867B0F519235E6AD43BD9EF7CD084CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E5460 Relevance: 3.1, APIs: 2, Instructions: 101COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E00007FFA7FFA126E5460(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v128;
				long long _v136;
				char _v152;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				intOrPtr _v208;
				intOrPtr _v216;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t41;
				signed long long _t52;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t85;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t96;

				_t96 = _t88;
				_t52 =  *0x1272ec78; // 0xf623ed34940b
				_v56 = _t52 ^ _t88 - 0x000000e8;
				_t85 = __rdx;
				_v208 = __ecx;
				_v176 = __rdx;
				_v216 = r14d;
				_v184 = __r9;
				 *((long long*)(_t96 - 0x78)) =  *_a40;
				_v200 = 0xd;
				_v192 = _t96 - 0x78;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x70], xmm0");
				_v200 = __r9;
				asm("o16 nop [eax+eax]");
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x126e54e0;
				_v192 = 0;
				E00007FFA7FFA126E49B0(0xffffffff,  &_v88, __rdx, _t86);
				_v152 = 0;
				_v136 = 0;
				_v128 = 0xf;
				_v152 = 0;
				if ( *_t85 != 0) goto 0x126e5526;
				E00007FFA7FFA126E9100(0,  &_v152, _t85, 0, r8d);
				E00007FFA7FFA126FE5B0(__ecx, _t41, 0, 0,  &_v152,  &_v152, _t86, _t87, r8d,  &_v88); // executed
				_t79 = _v128;
				if (_t79 - 0x10 < 0) goto 0x126e559b;
				if (_t79 + 1 - 0x1000 < 0) goto 0x126e5595;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e5595;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_t82 = _v64;
				if (_t82 - 0x10 < 0) goto 0x126e55e2;
				if (_t82 + 1 - 0x1000 < 0) goto 0x126e55dc;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e55dc;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFA7FFA12705E20(E00007FFA7FFA127056E4(), __ecx, _v56 ^ _t88 - 0x000000e8);
			}




























                                                                                                                0x7ffa126e5460
                                                                                                                0x7ffa126e546f
                                                                                                                0x7ffa126e5479
                                                                                                                0x7ffa126e5484
                                                                                                                0x7ffa126e5489
                                                                                                                0x7ffa126e548d
                                                                                                                0x7ffa126e5492
                                                                                                                0x7ffa126e5497
                                                                                                                0x7ffa126e54a7
                                                                                                                0x7ffa126e54ab
                                                                                                                0x7ffa126e54b8
                                                                                                                0x7ffa126e54bd
                                                                                                                0x7ffa126e54c2
                                                                                                                0x7ffa126e54c8
                                                                                                                0x7ffa126e54d7
                                                                                                                0x7ffa126e54e8
                                                                                                                0x7ffa126e54ea
                                                                                                                0x7ffa126e5501
                                                                                                                0x7ffa126e5509
                                                                                                                0x7ffa126e550e
                                                                                                                0x7ffa126e5516
                                                                                                                0x7ffa126e5522
                                                                                                                0x7ffa126e552c
                                                                                                                0x7ffa126e5539
                                                                                                                0x7ffa126e5551
                                                                                                                0x7ffa126e5557
                                                                                                                0x7ffa126e5563
                                                                                                                0x7ffa126e5577
                                                                                                                0x7ffa126e558c
                                                                                                                0x7ffa126e558e
                                                                                                                0x7ffa126e5594
                                                                                                                0x7ffa126e5595
                                                                                                                0x7ffa126e559b
                                                                                                                0x7ffa126e55a7
                                                                                                                0x7ffa126e55be
                                                                                                                0x7ffa126e55d3
                                                                                                                0x7ffa126e55d5
                                                                                                                0x7ffa126e55db
                                                                                                                0x7ffa126e55fe

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E558E
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E55D5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: 585ab8c111b80109885c95715f613b819b89ea8e91eddc5d2342e53328770bff
                                                                                                                • Instruction ID: c4a029f001982e64f33215a16dc20c3416ec6043e8c9f746efb137c5ea800538
                                                                                                                • Opcode Fuzzy Hash: 585ab8c111b80109885c95715f613b819b89ea8e91eddc5d2342e53328770bff
                                                                                                                • Instruction Fuzzy Hash: A5415262A19FC581EA10CB64F4443AE63A1FB867B0F519235E7AC437D9EF7CD4458B00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126ECD20 Relevance: 3.1, APIs: 2, Instructions: 101COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 40%
                                                                                                                			E00007FFA7FFA126ECD20(intOrPtr __ecx, long long __rdx, void* __rbp, long long __r9, intOrPtr* _a40) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v128;
				long long _v136;
				char _v152;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				intOrPtr _v208;
				intOrPtr _v216;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t42;
				signed long long _t53;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t85;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t96;

				_t87 = __rbp;
				_t96 = _t88;
				_t53 =  *0x1272ec78; // 0xf623ed34940b
				_v56 = _t53 ^ _t88 - 0x000000e8;
				_t85 = __rdx;
				_v208 = __ecx;
				_v176 = __rdx;
				_v216 = r14d;
				_v184 = __r9;
				 *((intOrPtr*)(_t96 - 0x78)) =  *_a40;
				_v200 = 2;
				_v192 = _t96 - 0x78;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x70], xmm0");
				_v200 = __r9;
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x126ecd96;
				_v192 = 0;
				E00007FFA7FFA126E49B0(0xffffffff,  &_v88, __rdx, _t86);
				_v152 = 0;
				_v136 = 0;
				_v128 = 0xf;
				_v152 = 0;
				if ( *_t85 != 0) goto 0x126ecde0;
				E00007FFA7FFA126E9100(0,  &_v152, _t85, 0, r8d);
				E00007FFA7FFA126FE5B0(__ecx, _t42, 0, 0,  &_v152,  &_v152, _t86, _t87, r8d,  &_v88); // executed
				_t79 = _v128;
				if (_t79 - 0x10 < 0) goto 0x126ece55;
				if (_t79 + 1 - 0x1000 < 0) goto 0x126ece4f;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ece4f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_t82 = _v64;
				if (_t82 - 0x10 < 0) goto 0x126ece9c;
				if (_t82 + 1 - 0x1000 < 0) goto 0x126ece96;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ece96;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFA7FFA12705E20(E00007FFA7FFA127056E4(), __ecx, _v56 ^ _t88 - 0x000000e8);
			}




























                                                                                                                0x7ffa126ecd20
                                                                                                                0x7ffa126ecd20
                                                                                                                0x7ffa126ecd2f
                                                                                                                0x7ffa126ecd39
                                                                                                                0x7ffa126ecd44
                                                                                                                0x7ffa126ecd49
                                                                                                                0x7ffa126ecd4d
                                                                                                                0x7ffa126ecd52
                                                                                                                0x7ffa126ecd57
                                                                                                                0x7ffa126ecd66
                                                                                                                0x7ffa126ecd6a
                                                                                                                0x7ffa126ecd77
                                                                                                                0x7ffa126ecd7c
                                                                                                                0x7ffa126ecd81
                                                                                                                0x7ffa126ecd87
                                                                                                                0x7ffa126ecd9e
                                                                                                                0x7ffa126ecda0
                                                                                                                0x7ffa126ecdb7
                                                                                                                0x7ffa126ecdbf
                                                                                                                0x7ffa126ecdc4
                                                                                                                0x7ffa126ecdcc
                                                                                                                0x7ffa126ecdd8
                                                                                                                0x7ffa126ecde6
                                                                                                                0x7ffa126ecdf3
                                                                                                                0x7ffa126ece0b
                                                                                                                0x7ffa126ece11
                                                                                                                0x7ffa126ece1d
                                                                                                                0x7ffa126ece31
                                                                                                                0x7ffa126ece46
                                                                                                                0x7ffa126ece48
                                                                                                                0x7ffa126ece4e
                                                                                                                0x7ffa126ece4f
                                                                                                                0x7ffa126ece55
                                                                                                                0x7ffa126ece61
                                                                                                                0x7ffa126ece78
                                                                                                                0x7ffa126ece8d
                                                                                                                0x7ffa126ece8f
                                                                                                                0x7ffa126ece95
                                                                                                                0x7ffa126eceb8

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126ECE48
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126ECE8F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: 39db00e34ae5da5fe5c43bf372b592d77cbc2ec2faf336bcd6d5f0369a6ff326
                                                                                                                • Instruction ID: f793529c5ef47f029b517cbfcb8471f076cf1e036f58d72347856258550b8f0a
                                                                                                                • Opcode Fuzzy Hash: 39db00e34ae5da5fe5c43bf372b592d77cbc2ec2faf336bcd6d5f0369a6ff326
                                                                                                                • Instruction Fuzzy Hash: BB418262A09BC582EA10DB28F4443AE67A1FB867B0F519235E6AC437DDDF7CD485CB04
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E5DB0 Relevance: 3.1, APIs: 2, Instructions: 101COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E00007FFA7FFA126E5DB0(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v128;
				long long _v136;
				char _v152;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				intOrPtr _v208;
				intOrPtr _v216;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t41;
				signed long long _t52;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t85;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t96;

				_t96 = _t88;
				_t52 =  *0x1272ec78; // 0xf623ed34940b
				_v56 = _t52 ^ _t88 - 0x000000e8;
				_t85 = __rdx;
				_v208 = __ecx;
				_v176 = __rdx;
				_v216 = r14d;
				_v184 = __r9;
				 *((long long*)(_t96 - 0x78)) =  *_a40;
				_v200 = 5;
				_v192 = _t96 - 0x78;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x70], xmm0");
				_v200 = __r9;
				asm("o16 nop [eax+eax]");
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x126e5e30;
				_v192 = 0;
				E00007FFA7FFA126E49B0(0xffffffff,  &_v88, __rdx, _t86);
				_v152 = 0;
				_v136 = 0;
				_v128 = 0xf;
				_v152 = 0;
				if ( *_t85 != 0) goto 0x126e5e76;
				E00007FFA7FFA126E9100(0,  &_v152, _t85, 0, r8d);
				E00007FFA7FFA126FE5B0(__ecx, _t41, 0, 0,  &_v152,  &_v152, _t86, _t87, r8d,  &_v88); // executed
				_t79 = _v128;
				if (_t79 - 0x10 < 0) goto 0x126e5eeb;
				if (_t79 + 1 - 0x1000 < 0) goto 0x126e5ee5;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e5ee5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_t82 = _v64;
				if (_t82 - 0x10 < 0) goto 0x126e5f32;
				if (_t82 + 1 - 0x1000 < 0) goto 0x126e5f2c;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e5f2c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFA7FFA12705E20(E00007FFA7FFA127056E4(), __ecx, _v56 ^ _t88 - 0x000000e8);
			}




























                                                                                                                0x7ffa126e5db0
                                                                                                                0x7ffa126e5dbf
                                                                                                                0x7ffa126e5dc9
                                                                                                                0x7ffa126e5dd4
                                                                                                                0x7ffa126e5dd9
                                                                                                                0x7ffa126e5ddd
                                                                                                                0x7ffa126e5de2
                                                                                                                0x7ffa126e5de7
                                                                                                                0x7ffa126e5df7
                                                                                                                0x7ffa126e5dfb
                                                                                                                0x7ffa126e5e08
                                                                                                                0x7ffa126e5e0d
                                                                                                                0x7ffa126e5e12
                                                                                                                0x7ffa126e5e18
                                                                                                                0x7ffa126e5e27
                                                                                                                0x7ffa126e5e38
                                                                                                                0x7ffa126e5e3a
                                                                                                                0x7ffa126e5e51
                                                                                                                0x7ffa126e5e59
                                                                                                                0x7ffa126e5e5e
                                                                                                                0x7ffa126e5e66
                                                                                                                0x7ffa126e5e72
                                                                                                                0x7ffa126e5e7c
                                                                                                                0x7ffa126e5e89
                                                                                                                0x7ffa126e5ea1
                                                                                                                0x7ffa126e5ea7
                                                                                                                0x7ffa126e5eb3
                                                                                                                0x7ffa126e5ec7
                                                                                                                0x7ffa126e5edc
                                                                                                                0x7ffa126e5ede
                                                                                                                0x7ffa126e5ee4
                                                                                                                0x7ffa126e5ee5
                                                                                                                0x7ffa126e5eeb
                                                                                                                0x7ffa126e5ef7
                                                                                                                0x7ffa126e5f0e
                                                                                                                0x7ffa126e5f23
                                                                                                                0x7ffa126e5f25
                                                                                                                0x7ffa126e5f2b
                                                                                                                0x7ffa126e5f4e

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E5EDE
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E5F25
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: 860ff049bbebb1a0453f7a4443ad5a2872bdfa942390d8d77d22af1d34ed5945
                                                                                                                • Instruction ID: 866a8e5e2f7b51ac0f2529539b34a1b6f288ddc065c8c6fa2ca0e4019b3b7ebd
                                                                                                                • Opcode Fuzzy Hash: 860ff049bbebb1a0453f7a4443ad5a2872bdfa942390d8d77d22af1d34ed5945
                                                                                                                • Instruction Fuzzy Hash: F8416162A19EC581EA10DB24F4443AE63A1FB867B0F519235E7AC437D9EF7CD4458B00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F8050 Relevance: 3.1, APIs: 2, Instructions: 54threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 33%
                                                                                                                			E00007FFA7FFA126F8050(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __r8, void* __r9, long long _a8, long long _a16, void* _a24) {
				long long _v40;
				void* __rdi;
				void* __rsi;
				long _t12;
				void* _t21;
				intOrPtr* _t25;

				_a16 = __rbx;
				_a8 = __rcx;
				_t25 = __r8;
				_t12 = GetCurrentThreadId();
				r10d =  *(__r8 + 4);
				_t21 = r10d - _t12;
				if (_t21 != 0) goto 0x126f8082;
				 *((intOrPtr*)(__r8)) =  *((intOrPtr*)(__r8)) + 1;
				goto 0x126f8093;
				asm("lock bts dword [ebx+0x8], 0x1f");
				if (_t21 < 0) goto 0x126f80f6;
				 *(__r8 + 4) = _t12;
				 *((intOrPtr*)(__r8)) = 1;
				_v40 = __r8;
				E00007FFA7FFA126F6090(__rax, __r8, __rcx, __rdx, __rcx, __r9, __r9); // executed
				 *_t25 =  *_t25 - 1;
				if (_t21 != 0) goto 0x126f80e6;
				 *((intOrPtr*)(_t25 + 4)) = 0;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t21 < 0) goto 0x126f80e6;
				if (0x80000000 - 0x80000000 <= 0) goto 0x126f80e6;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x126f80e6;
				E00007FFA7FFA126FD940(_t25 + 8);
				SetEvent(??);
				return 1;
			}









                                                                                                                0x7ffa126f8050
                                                                                                                0x7ffa126f8055
                                                                                                                0x7ffa126f8065
                                                                                                                0x7ffa126f806e
                                                                                                                0x7ffa126f8074
                                                                                                                0x7ffa126f8079
                                                                                                                0x7ffa126f807c
                                                                                                                0x7ffa126f807e
                                                                                                                0x7ffa126f8080
                                                                                                                0x7ffa126f8082
                                                                                                                0x7ffa126f8088
                                                                                                                0x7ffa126f808a
                                                                                                                0x7ffa126f808d
                                                                                                                0x7ffa126f8093
                                                                                                                0x7ffa126f80a6
                                                                                                                0x7ffa126f80ac
                                                                                                                0x7ffa126f80af
                                                                                                                0x7ffa126f80b3
                                                                                                                0x7ffa126f80bf
                                                                                                                0x7ffa126f80c3
                                                                                                                0x7ffa126f80c7
                                                                                                                0x7ffa126f80ce
                                                                                                                0x7ffa126f80d0
                                                                                                                0x7ffa126f80d5
                                                                                                                0x7ffa126f80d7
                                                                                                                0x7ffa126f80df
                                                                                                                0x7ffa126f80f5

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentEventThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2592414440-0
                                                                                                                • Opcode ID: 834fed51e2728882df6bb9cdc2855ed8d83aedfefd05cddf5e5c8f44ad8cabbe
                                                                                                                • Instruction ID: e68674dfec364a88f4c8e5f3e5e5036b69365ba0c9cdad12c858efcf0ef56fb9
                                                                                                                • Opcode Fuzzy Hash: 834fed51e2728882df6bb9cdc2855ed8d83aedfefd05cddf5e5c8f44ad8cabbe
                                                                                                                • Instruction Fuzzy Hash: 83119031908A9185EB018F35A41427A63E0FB47BA4F5AC930DE6C5B699DE7CD442DB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA127017C0 Relevance: 3.0, APIs: 2, Instructions: 47stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _localtime64strftime
                                                                                                                • String ID:
                                                                                                                • API String ID: 1396910471-0
                                                                                                                • Opcode ID: 5b3d6727782fdf8fe32fba85827f6283c99371045998f41104964c7c4878100e
                                                                                                                • Instruction ID: 63c04c9bf77cb94e04805cf416f2d5668c321bec9f83650fb44d8efd2e4e8285
                                                                                                                • Opcode Fuzzy Hash: 5b3d6727782fdf8fe32fba85827f6283c99371045998f41104964c7c4878100e
                                                                                                                • Instruction Fuzzy Hash: 34214F22A08F8486E7208F24F4413AA77B0FB9A7A4F459235DB9D47799DF7CD198CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA127056EC Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 45%
                                                                                                                			E00007FFA7FFA127056EC() {
				void* _t6;

				goto E00007FFA7FFA127056A8;
				asm("int3");
				asm("int3");
				asm("int3");
				goto E00007FFA7FFA127056E4;
				asm("int3");
				asm("int3");
				asm("int3");
				if (E00007FFA7FFA12706744() == 0) goto 0x1270572a;
				_t8 =  *[gs:0x30];
				goto 0x1270571d;
				_t6 =  *((intOrPtr*)( *[gs:0x30] + 8)) - _t8;
				if (_t6 == 0) goto 0x12705731;
				asm("lock dec eax");
				if (_t6 != 0) goto 0x12705718;
				return 0;
			}




                                                                                                                0x7ffa127056ec
                                                                                                                0x7ffa127056f1
                                                                                                                0x7ffa127056f2
                                                                                                                0x7ffa127056f3
                                                                                                                0x7ffa127056f4
                                                                                                                0x7ffa127056f9
                                                                                                                0x7ffa127056fa
                                                                                                                0x7ffa127056fb
                                                                                                                0x7ffa12705707
                                                                                                                0x7ffa12705709
                                                                                                                0x7ffa12705716
                                                                                                                0x7ffa12705718
                                                                                                                0x7ffa1270571b
                                                                                                                0x7ffa1270571f
                                                                                                                0x7ffa12705728
                                                                                                                0x7ffa12705730

                                                                                                                APIs
                                                                                                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA126E8F4E), ref: 00007FFA127056C2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2803490479-0
                                                                                                                • Opcode ID: ac6c544ded134a79f25742bd1af72606c236dfb0ef7b3eec61183bc74db5e06b
                                                                                                                • Instruction ID: 453edcb6bde0eb21e76c82310d93b2792ca273cb15af80ab06ce8af0d7ae4e50
                                                                                                                • Opcode Fuzzy Hash: ac6c544ded134a79f25742bd1af72606c236dfb0ef7b3eec61183bc74db5e06b
                                                                                                                • Instruction Fuzzy Hash: 82C00289F1B90681FE2923D121560B640A41F5BB20D1A9834895D05289AA88A49D5D28
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 00007FFA12704820 Relevance: 21.1, APIs: 14, Instructions: 134COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Locinfo@std@@$??0_??1_Cvtvec@@Getcvt@_Lockit@std@@$??0facet@locale@std@@?c_str@?$_Bid@locale@std@@D@std@@Facet_Getfalse@_Getgloballocale@locale@std@@Gettrue@_Locimp@12@RegisterYarn@localeconvmallocstd::_
                                                                                                                • String ID:
                                                                                                                • API String ID: 2189335433-0
                                                                                                                • Opcode ID: 706c7298bdb5ed52c7852ad7078a9bea27a3cadbc62628ee06193b1a0b2c10da
                                                                                                                • Instruction ID: 19f53c1f5cbbf9008079d1d2ed71a62f14d7a51f7f4ecb957a7d5757be6d6cd8
                                                                                                                • Opcode Fuzzy Hash: 706c7298bdb5ed52c7852ad7078a9bea27a3cadbc62628ee06193b1a0b2c10da
                                                                                                                • Instruction Fuzzy Hash: 0E513A26A09F8181E6249B12E4543BB63F1FF8BBA0F469535CA4D03758EFBCE45D8B44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12706758 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 313767242-0
                                                                                                                • Opcode ID: ec673b4035b9770a6a4f4f059dcc0db7cd818e2d541853e018e626a61b69cb06
                                                                                                                • Instruction ID: d97a0e35e545b43242ab544ea1af7c28e61c68c591a7b9ece800bc40ccd56aee
                                                                                                                • Opcode Fuzzy Hash: ec673b4035b9770a6a4f4f059dcc0db7cd818e2d541853e018e626a61b69cb06
                                                                                                                • Instruction Fuzzy Hash: DE316F76608E8189EB608F60E8503FA73B1FB86754F458439DA4E47A88EF78D64CCB14
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E14A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 48%
                                                                                                                			E00007FFA7FFA126E14A0(signed int __ebx) {
				void* __rbx;
				void* _t13;
				void* _t15;
				void* _t28;
				void* _t32;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t36;

				asm("cpuid");
				r8d = 0;
				if (0 - 1 < 0) goto 0x126e1589;
				asm("cpuid");
				asm("bt ecx, 0x9");
				if (0 - 1 >= 0) goto 0x126e14ff;
				 *0x1272ecb0 = E00007FFA7FFA127114B0;
				 *0x1272ecb8 = E00007FFA7FFA12711B10;
				 *0x1272ecc0 = E00007FFA7FFA12710610;
				 *0x1272ecc8 = E00007FFA7FFA12710C50;
				_t15 = r8d - 7;
				if (_t15 < 0) goto 0x126e1589;
				asm("bt ecx, 0x1b");
				if (_t15 >= 0) goto 0x126e1589;
				GetModuleHandleW(??);
				if (E00007FFA7FFA12710C50 == 0) goto 0x126e1589;
				GetProcAddress(??, ??);
				if (E00007FFA7FFA12710C50 == 0) goto 0x126e1589;
				E00007FFA7FFA12710C50(_t13, E00007FFA7FFA12710C50, _t28, E00007FFA7FFA12710C50, "GetEnabledExtendedFeatures", _t32, _t33, _t34, _t35, _t36);
				if (E00007FFA7FFA12710C50 != 6) goto 0x126e1589;
				asm("cpuid");
				if ((__ebx & 0x00000020) == 0) goto 0x126e1589;
				 *0x1272ecb0 = 0x12712ee0;
				 *0x1272ecb8 = 0x12713570;
				 *0x1272ecc0 = 0x12712150;
				 *0x1272ecc8 = 0x12712760;
				return 7;
			}












                                                                                                                0x7ffa126e14aa
                                                                                                                0x7ffa126e14ac
                                                                                                                0x7ffa126e14b2
                                                                                                                0x7ffa126e14bf
                                                                                                                0x7ffa126e14c1
                                                                                                                0x7ffa126e14c5
                                                                                                                0x7ffa126e14ce
                                                                                                                0x7ffa126e14dc
                                                                                                                0x7ffa126e14ea
                                                                                                                0x7ffa126e14f8
                                                                                                                0x7ffa126e14ff
                                                                                                                0x7ffa126e1503
                                                                                                                0x7ffa126e1509
                                                                                                                0x7ffa126e150d
                                                                                                                0x7ffa126e1516
                                                                                                                0x7ffa126e151f
                                                                                                                0x7ffa126e152b
                                                                                                                0x7ffa126e1534
                                                                                                                0x7ffa126e153b
                                                                                                                0x7ffa126e1541
                                                                                                                0x7ffa126e154a
                                                                                                                0x7ffa126e154f
                                                                                                                0x7ffa126e1558
                                                                                                                0x7ffa126e1566
                                                                                                                0x7ffa126e1574
                                                                                                                0x7ffa126e1582
                                                                                                                0x7ffa126e158e

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: GetEnabledExtendedFeatures$kernel32.dll
                                                                                                                • API String ID: 1646373207-4263775254
                                                                                                                • Opcode ID: f850ac751b7abb382709fc12ac46b43635d4a10ee8e8d7862937cf4f812eeb49
                                                                                                                • Instruction ID: b0d66dc70c02279ae1e33a855ee0d1a8d509556eb8747d508a620c937123fbc2
                                                                                                                • Opcode Fuzzy Hash: f850ac751b7abb382709fc12ac46b43635d4a10ee8e8d7862937cf4f812eeb49
                                                                                                                • Instruction Fuzzy Hash: 8F21B964A1EF02D6FA45CB54F8451B233F8BF47360F429939D45E427A8FEACF5988A04
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12715320 Relevance: 2.5, APIs: 2, Instructions: 22memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$FreeProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 3859560861-0
                                                                                                                • Opcode ID: 8804a116404f9e445d636f3393e9c3dd5e86df3c75c811aa0a92a579b212bfc9
                                                                                                                • Instruction ID: fa37749963163654802cfd2da2cc5a286ea11a7376aef79afc340f1db28efdb2
                                                                                                                • Opcode Fuzzy Hash: 8804a116404f9e445d636f3393e9c3dd5e86df3c75c811aa0a92a579b212bfc9
                                                                                                                • Instruction Fuzzy Hash: 42E04821B05A0542EB085B36D84813D63B1AF9FF75B1ED130CD1D47354EE6CD4498740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126FC7C0 Relevance: 1.6, APIs: 1, Instructions: 144timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 67%
                                                                                                                			E00007FFA7FFA126FC7C0(signed int __edi, long long __rbx, void* __rcx, unsigned int __rdx, void* __r9, long long _a24) {
				signed int _v32;
				void* _v72;
				char _v80;
				unsigned long long _v88;
				void* _v92;
				void* _v96;
				char _v104;
				signed short _t49;
				signed long long _t62;
				signed long long _t68;
				void* _t109;
				signed long long _t112;
				signed long long _t120;

				_a24 = __rbx;
				_t62 =  *0x1272ec78; // 0xf623ed34940b
				_v32 = _t62 ^ _t109 - 0x00000070;
				GetSystemTimeAsFileTime(??);
				_t101 =  &_v72;
				_v88 = __rdx >> 0x12;
				 *__rdx();
				r9d =  *0x431BDE82D7B634E7 & 0x0000ffff;
				if (__r9 + 1 - 2 < 0) goto 0x126fc975;
				if (r9d - 0x1f > 0) goto 0x126fc987;
				_t49 = ( *0x431BDE82D7B634EB & 0x0000ffff) + 1;
				if ((_t49 & 0x0000ffff) + 1 - 2 < 0) goto 0x126fc999;
				if (_t49 - 0xc > 0) goto 0x126fc9a7;
				r10d = 0x76c;
				r10w = r10w +  *0x431BDE82D7B634EF;
				if ((r10w & 0xffffffff) + 1 - 0x579 < 0) goto 0x126fc9b5;
				if (r10w - 0x270f > 0) goto 0x126fc9c7;
				r8d = _t49 & 0x0000ffff;
				E00007FFA7FFA126F9890(r10w & 0xffffffff, 0xd7b634db,  &_v104);
				_t120 =  *0xd7b634db;
				_t112 =  *((intOrPtr*)(0x431bde82d7b634df));
				_t68 =  *((intOrPtr*)(0x431bde82d7b634e3));
				r9d = __edi;
				if (_t68 < 0) goto 0x126fc8fd;
				if (_t112 < 0) goto 0x126fc8fd;
				if (_t120 < 0) goto 0x126fc8fd;
				goto 0x126fc936;
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				_v80 =  ~(__r9 + ((_t68 * 0x3c + _t112) * 0x3c + _t120) * 0xf4240) - ((((((_t68 * 0x0000003c + _t112) * 0x0000003c + _t120) * 0x000f4240 ^  &_v72) -  &_v72) * 0x3c + (_t112 ^  &_v72) -  &_v72) * 0x3c + (_t120 ^ _t101) - _t101) * 0xf4240;
				return E00007FFA7FFA12705E20(E00007FFA7FFA126F89B0(__rcx,  &_v104,  &_v80,  ~(__r9 + ((_t68 * 0x3c + _t112) * 0x3c + _t120) * 0xf4240) - ((((((_t68 * 0x0000003c + _t112) * 0x0000003c + _t120) * 0x000f4240 ^  &_v72) -  &_v72) * 0x3c + (_t112 ^  &_v72) -  &_v72) * 0x3c + (_t120 ^ _t101) - _t101) * 0xf4240), _v104, _v32 ^ _t109 - 0x00000070);
			}
















                                                                                                                0x7ffa126fc7c0
                                                                                                                0x7ffa126fc7cc
                                                                                                                0x7ffa126fc7d6
                                                                                                                0x7ffa126fc7e6
                                                                                                                0x7ffa126fc831
                                                                                                                0x7ffa126fc83a
                                                                                                                0x7ffa126fc83f
                                                                                                                0x7ffa126fc844
                                                                                                                0x7ffa126fc850
                                                                                                                0x7ffa126fc85a
                                                                                                                0x7ffa126fc864
                                                                                                                0x7ffa126fc86f
                                                                                                                0x7ffa126fc879
                                                                                                                0x7ffa126fc87f
                                                                                                                0x7ffa126fc885
                                                                                                                0x7ffa126fc895
                                                                                                                0x7ffa126fc8a4
                                                                                                                0x7ffa126fc8aa
                                                                                                                0x7ffa126fc8b7
                                                                                                                0x7ffa126fc8bc
                                                                                                                0x7ffa126fc8bf
                                                                                                                0x7ffa126fc8cd
                                                                                                                0x7ffa126fc8d1
                                                                                                                0x7ffa126fc8d7
                                                                                                                0x7ffa126fc8dc
                                                                                                                0x7ffa126fc8e1
                                                                                                                0x7ffa126fc8fb
                                                                                                                0x7ffa126fc8fd
                                                                                                                0x7ffa126fc90f
                                                                                                                0x7ffa126fc921
                                                                                                                0x7ffa126fc94b
                                                                                                                0x7ffa126fc974

                                                                                                                APIs
                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,-00000068,FFFFFFFF,00007FFA12709B58), ref: 00007FFA126FC7E6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Time$FileSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 2086374402-0
                                                                                                                • Opcode ID: b7ac8f5516a58b625ceba9e84dcddc79e8785dffc85ea15aa0aa2792f75a265c
                                                                                                                • Instruction ID: 9f5a3f901f3bc0aa25cd29f457a407b39aa52fab44bc6c6fa3d52996e02bea9c
                                                                                                                • Opcode Fuzzy Hash: b7ac8f5516a58b625ceba9e84dcddc79e8785dffc85ea15aa0aa2792f75a265c
                                                                                                                • Instruction Fuzzy Hash: 2D415C62B1875546EF1CCB28E0256B962D1EB8A794F119836EF9E0BBDDCD7CE1008F00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126EE730 Relevance: 56.5, APIs: 24, Strings: 8, Instructions: 451COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 21%
                                                                                                                			E00007FFA7FFA126EE730(void* __eax, void* __esi, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __rbp, void* __r8, long long _a8, long long _a24, long long _a32) {
				void* _v24;
				signed int _v32;
				intOrPtr _v72;
				char _v96;
				long long _v104;
				long long _v112;
				long long _v120;
				char _v128;
				long long _v136;
				long long _v144;
				long long _v152;
				char _v160;
				intOrPtr _v168;
				char _v192;
				intOrPtr _v200;
				char _v224;
				long long _v232;
				long long _v240;
				char _v256;
				long long _v264;
				long long _v272;
				short _v288;
				long long _v296;
				long long _v304;
				char _v320;
				long long _v328;
				long long _v336;
				char _v352;
				long long _v360;
				long long _v368;
				char _v384;
				long long _v392;
				long long _v400;
				char _v416;
				void* _v504;
				void* _v520;
				long long _v544;
				long long _v552;
				long long _v560;
				long long _v568;
				long long _v576;
				long long _v584;
				long long _v592;
				long long _v600;
				long long _v616;
				long long _v624;
				long long _v640;
				char _v656;
				char _v664;
				long long _v672;
				void* _v680;
				char _v688;
				char _v696;
				long long _v704;
				long long _v712;
				long long _v720;
				long long _v728;
				signed long long _t255;
				intOrPtr* _t257;
				intOrPtr _t258;
				long long _t313;
				intOrPtr _t317;
				void* _t340;
				intOrPtr* _t364;
				long long _t368;
				long long _t371;
				long long _t377;
				long long _t380;
				signed long long _t387;
				intOrPtr _t390;
				intOrPtr _t395;
				long long _t400;
				intOrPtr _t403;
				long long _t407;
				long long _t412;
				long long _t413;
				intOrPtr* _t414;
				void* _t416;
				void* _t417;
				long long _t427;

				_t416 = __rbp;
				_a8 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t418 = _t417 - 0x2e0;
				_t255 =  *0x1272ec78; // 0xf623ed34940b
				_v32 = _t255 ^ _t417 - 0x000002e0;
				asm("xorps xmm0, xmm0");
				asm("movdqu [esp+0x88], xmm0");
				_t407 = __rcx + 0x70;
				_v672 = _t407;
				0x12705430();
				if (__eax != 0) goto 0x126eef5b;
				_t364 =  *((intOrPtr*)(__rcx + 0x60));
				_t257 =  *_t364;
				if (_t257 == _t364) goto 0x126eef63;
				if ( *((intOrPtr*)(_t257 + 0x10)) == __rdx) goto 0x126ee7b7;
				_t317 =  *_t257;
				_t258 = _t317;
				if (_t317 == _t364) goto 0x126eef63;
				goto 0x126ee7a0;
				_t412 =  *((intOrPtr*)(_t258 + 0x18));
				_v680 = _t412;
				if (_t412 == 0) goto 0x126ee7d7;
				asm("lock inc dword [esi+0x8]");
				_t413 =  *((intOrPtr*)(_t258 + 0x18));
				_v680 = _t413;
				_t313 = _v672;
				_t427 =  *((intOrPtr*)(_t258 + 0x10));
				_v624 = _t427;
				_v616 = _t413;
				0x12705436();
				_v640 = _t407;
				0x12705430();
				if (__eax != 0) goto 0x126eefad;
				if ( *((intOrPtr*)(_t427 + 0xf0)) == 0) goto 0x126eeef3;
				FlushFileBuffers(??);
				CloseHandle(??);
				E00007FFA7FFA126ED4C0(_t258, _t313,  &_v384, _t427 + 0x40, _t413);
				E00007FFA7FFA126ED4C0(_t258, _t313,  &_v416, _t427 + 0x60, _t413);
				_t260 =  >=  ? _v416 :  &_v416;
				_v160 =  >=  ? _v416 :  &_v416;
				_v152 = _v400;
				_t263 =  >=  ? _v384 :  &_v384;
				_v144 =  >=  ? _v384 :  &_v384;
				_v136 = _v368;
				_v600 = 0x1ce;
				_v592 =  &_v160;
				asm("movaps xmm0, [esp+0xa0]");
				asm("movdqa [esp+0xf0], xmm0");
				_v584 = "{}\\temp_{}";
				_v576 = 0xa;
				E00007FFA7FFA126E49B0(_t313,  &_v192, _t407, _t413);
				_t368 = _v392;
				if (_t368 - 0x10 < 0) goto 0x126ee95f;
				if (_t368 + 1 - 0x1000 < 0) goto 0x126ee95a;
				if (_v416 -  *((intOrPtr*)(_v416 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ee95a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v400 = _t313;
				_v392 = 0xf;
				_v416 = 0;
				_t371 = _v360;
				if (_t371 - 0x10 < 0) goto 0x126ee9c2;
				if (_t371 + 1 - 0x1000 < 0) goto 0x126ee9bd;
				if (_v384 -  *((intOrPtr*)(_v384 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ee9bd;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v368 = _t313;
				_v360 = 0xf;
				_v384 = 0;
				E00007FFA7FFA126ED4C0(_v384 -  *((intOrPtr*)(_v384 - 8)) + 0xfffffff8, _t313,  &_v320, _t427 + 0x40, _t413);
				E00007FFA7FFA126ED4C0(_v384 -  *((intOrPtr*)(_v384 - 8)) + 0xfffffff8, _t313,  &_v352, _t427 + 0x60, _t413);
				_t274 =  >=  ? _v352 :  &_v352;
				_v128 =  >=  ? _v352 :  &_v352;
				_v120 = _v336;
				_t277 =  >=  ? _v320 :  &_v320;
				_v112 =  >=  ? _v320 :  &_v320;
				_v104 = _v304;
				_v568 = 0x1ce;
				_v560 =  &_v128;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movdqa [esp+0x100], xmm0");
				_v552 = "{}\\{}";
				_v544 = 5;
				E00007FFA7FFA126E49B0(_t313,  &_v256, _t407, _t413);
				_t377 = _v328;
				if (_t377 - 0x10 < 0) goto 0x126eeb12;
				if (_t377 + 1 - 0x1000 < 0) goto 0x126eeb0d;
				if (_v352 -  *((intOrPtr*)(_v352 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126eeb0d;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v336 = _t313;
				_v328 = 0xf;
				_v352 = 0;
				_t380 = _v296;
				if (_t380 - 0x10 < 0) goto 0x126eeb74;
				if (_t380 + 1 - 0x1000 < 0) goto 0x126eeb6f;
				if (_v320 -  *((intOrPtr*)(_v320 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126eeb6f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v304 = _t313;
				_v296 = 0xf;
				_v320 = 0;
				if ( *((intOrPtr*)(_t427 + 0x100)) == 0) goto 0x126eeba2;
				DeleteDC(??);
				 *((long long*)(_t427 + 0xf0)) = _t313;
				 *((long long*)(_t427 + 0x100)) = _t313;
				 *((char*)(_t427 + 0xa1)) = 0;
				_v688 = _t313;
				E00007FFA7FFA126ED4C0(_v320 -  *((intOrPtr*)(_v320 - 8)) + 0xfffffff8, _t313,  &_v224, _t427 + 0x80, _t413);
				_t385 =  >=  ? _v224 :  &_v224;
				E00007FFA7FFA126F3FF0(0, _t313,  &_v288,  >=  ? _v224 :  &_v224, _t413, _t416);
				_t340 =  >=  ? _v288 :  &_v288;
				r8d = 0;
				r15b = OpenPrinterW(??, ??, ??) > 0;
				_v696 = r15b;
				_t387 = _v264;
				if (_t387 - 8 < 0) goto 0x126eec76;
				if (2 + _t387 * 2 - 0x1000 < 0) goto 0x126eec71;
				if (_v288 -  *((intOrPtr*)(_v288 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126eec71;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v272 = _t313;
				_v264 = 7;
				_v288 = 0;
				_t390 = _v200;
				if (_t390 - 0x10 < 0) goto 0x126eecd8;
				if (_t390 + 1 - 0x1000 < 0) goto 0x126eecd3;
				if (_v224 -  *((intOrPtr*)(_v224 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126eecd3;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v664 = _v688;
				_v656 =  &_v688;
				E00007FFA7FFA126ED4C0( &_v688, _t313,  &_v96, _t427 + 0x80, _t413);
				_v704 =  &_v696;
				_v712 =  &_v664;
				_v720 =  &_v656;
				_v728 =  &_v96;
				r8d = 0x210;
				E00007FFA7FFA126ED2C0(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", _t416, "OpenPrinterW (\'{}\', {:#x} -> {:#x}, NULL) -> {}");
				_t395 = _v72;
				if (_t395 - 0x10 < 0) goto 0x126eed91;
				if (_t395 + 1 - 0x1000 < 0) goto 0x126eed8c;
				if (_v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126eed8c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				if (r15b == 0) goto 0x126eedc1;
				_v728 = 5;
				r9d = 0;
				r8d = 0;
				0x12705406();
				CloseHandle(??);
				_v728 =  &_v192;
				r8d = 0x24d;
				E00007FFA7FFA126E5600(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "finalizing PCL \'{}\'");
				if (E00007FFA7FFA126F3F10( &_v192) == 0) goto 0x126eefb5;
				if (E00007FFA7FFA126F3F10( &_v256) == 0) goto 0x126eee1f;
				E00007FFA7FFA126F2D50( &_v256);
				if (E00007FFA7FFA126F2DE0(0, _t313,  &_v192,  &_v256) == 0) goto 0x126eefdd;
				_t414 = _v680;
				_t400 = _v232;
				if (_t400 - 0x10 < 0) goto 0x126eee90;
				if (_t400 + 1 - 0x1000 < 0) goto 0x126eee8b;
				if (_v256 -  *((intOrPtr*)(_v256 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126eee8b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v240 = _t313;
				_v232 = 0xf;
				_v256 = 0;
				_t403 = _v168;
				if (_t403 - 0x10 < 0) goto 0x126eeef3;
				if (_t403 + 1 - 0x1000 < 0) goto 0x126eeeed;
				if (_v192 -  *((intOrPtr*)(_v192 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126eeeed;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				0x12705436();
				if (_t414 == 0) goto 0x126eef2d;
				asm("lock xadd [esi+0x8], eax");
				if (0xffffffff != 1) goto 0x126eef2d;
				 *((intOrPtr*)( *_t414))();
				asm("lock xadd [esi+0xc], ebx");
				if (0xffffffff != 1) goto 0x126eef2d;
				return E00007FFA7FFA12705E20( *((intOrPtr*)( *_t414 + 8))(), 1, _v32 ^ _t418);
			}



















































































                                                                                                                0x7ffa126ee730
                                                                                                                0x7ffa126ee730
                                                                                                                0x7ffa126ee735
                                                                                                                0x7ffa126ee73a
                                                                                                                0x7ffa126ee745
                                                                                                                0x7ffa126ee74c
                                                                                                                0x7ffa126ee756
                                                                                                                0x7ffa126ee764
                                                                                                                0x7ffa126ee767
                                                                                                                0x7ffa126ee770
                                                                                                                0x7ffa126ee777
                                                                                                                0x7ffa126ee77f
                                                                                                                0x7ffa126ee786
                                                                                                                0x7ffa126ee78c
                                                                                                                0x7ffa126ee790
                                                                                                                0x7ffa126ee796
                                                                                                                0x7ffa126ee7a4
                                                                                                                0x7ffa126ee7a6
                                                                                                                0x7ffa126ee7a9
                                                                                                                0x7ffa126ee7af
                                                                                                                0x7ffa126ee7b5
                                                                                                                0x7ffa126ee7b7
                                                                                                                0x7ffa126ee7bb
                                                                                                                0x7ffa126ee7c3
                                                                                                                0x7ffa126ee7c5
                                                                                                                0x7ffa126ee7c9
                                                                                                                0x7ffa126ee7cd
                                                                                                                0x7ffa126ee7d2
                                                                                                                0x7ffa126ee7d7
                                                                                                                0x7ffa126ee7db
                                                                                                                0x7ffa126ee7e3
                                                                                                                0x7ffa126ee7ee
                                                                                                                0x7ffa126ee7f3
                                                                                                                0x7ffa126ee7fb
                                                                                                                0x7ffa126ee802
                                                                                                                0x7ffa126ee812
                                                                                                                0x7ffa126ee818
                                                                                                                0x7ffa126ee825
                                                                                                                0x7ffa126ee837
                                                                                                                0x7ffa126ee849
                                                                                                                0x7ffa126ee860
                                                                                                                0x7ffa126ee869
                                                                                                                0x7ffa126ee879
                                                                                                                0x7ffa126ee892
                                                                                                                0x7ffa126ee89b
                                                                                                                0x7ffa126ee8ab
                                                                                                                0x7ffa126ee8b3
                                                                                                                0x7ffa126ee8c7
                                                                                                                0x7ffa126ee8cf
                                                                                                                0x7ffa126ee8d7
                                                                                                                0x7ffa126ee8e7
                                                                                                                0x7ffa126ee8ef
                                                                                                                0x7ffa126ee913
                                                                                                                0x7ffa126ee919
                                                                                                                0x7ffa126ee925
                                                                                                                0x7ffa126ee93c
                                                                                                                0x7ffa126ee951
                                                                                                                0x7ffa126ee953
                                                                                                                0x7ffa126ee959
                                                                                                                0x7ffa126ee95a
                                                                                                                0x7ffa126ee961
                                                                                                                0x7ffa126ee969
                                                                                                                0x7ffa126ee975
                                                                                                                0x7ffa126ee97c
                                                                                                                0x7ffa126ee988
                                                                                                                0x7ffa126ee99f
                                                                                                                0x7ffa126ee9b4
                                                                                                                0x7ffa126ee9b6
                                                                                                                0x7ffa126ee9bc
                                                                                                                0x7ffa126ee9bd
                                                                                                                0x7ffa126ee9c2
                                                                                                                0x7ffa126ee9ca
                                                                                                                0x7ffa126ee9d6
                                                                                                                0x7ffa126ee9ea
                                                                                                                0x7ffa126ee9fc
                                                                                                                0x7ffa126eea13
                                                                                                                0x7ffa126eea1c
                                                                                                                0x7ffa126eea2c
                                                                                                                0x7ffa126eea45
                                                                                                                0x7ffa126eea4e
                                                                                                                0x7ffa126eea5e
                                                                                                                0x7ffa126eea66
                                                                                                                0x7ffa126eea7a
                                                                                                                0x7ffa126eea82
                                                                                                                0x7ffa126eea8a
                                                                                                                0x7ffa126eea9a
                                                                                                                0x7ffa126eeaa2
                                                                                                                0x7ffa126eeac6
                                                                                                                0x7ffa126eeacc
                                                                                                                0x7ffa126eead8
                                                                                                                0x7ffa126eeaef
                                                                                                                0x7ffa126eeb04
                                                                                                                0x7ffa126eeb06
                                                                                                                0x7ffa126eeb0c
                                                                                                                0x7ffa126eeb0d
                                                                                                                0x7ffa126eeb12
                                                                                                                0x7ffa126eeb1a
                                                                                                                0x7ffa126eeb26
                                                                                                                0x7ffa126eeb2e
                                                                                                                0x7ffa126eeb3a
                                                                                                                0x7ffa126eeb51
                                                                                                                0x7ffa126eeb66
                                                                                                                0x7ffa126eeb68
                                                                                                                0x7ffa126eeb6e
                                                                                                                0x7ffa126eeb6f
                                                                                                                0x7ffa126eeb74
                                                                                                                0x7ffa126eeb7c
                                                                                                                0x7ffa126eeb88
                                                                                                                0x7ffa126eeb9a
                                                                                                                0x7ffa126eeb9c
                                                                                                                0x7ffa126eeba2
                                                                                                                0x7ffa126eeba9
                                                                                                                0x7ffa126eebb0
                                                                                                                0x7ffa126eebb8
                                                                                                                0x7ffa126eebcc
                                                                                                                0x7ffa126eebe3
                                                                                                                0x7ffa126eebf4
                                                                                                                0x7ffa126eec0a
                                                                                                                0x7ffa126eec13
                                                                                                                0x7ffa126eec22
                                                                                                                0x7ffa126eec26
                                                                                                                0x7ffa126eec2b
                                                                                                                0x7ffa126eec37
                                                                                                                0x7ffa126eec53
                                                                                                                0x7ffa126eec68
                                                                                                                0x7ffa126eec6a
                                                                                                                0x7ffa126eec70
                                                                                                                0x7ffa126eec71
                                                                                                                0x7ffa126eec76
                                                                                                                0x7ffa126eec7e
                                                                                                                0x7ffa126eec8a
                                                                                                                0x7ffa126eec92
                                                                                                                0x7ffa126eec9e
                                                                                                                0x7ffa126eecb5
                                                                                                                0x7ffa126eecca
                                                                                                                0x7ffa126eeccc
                                                                                                                0x7ffa126eecd2
                                                                                                                0x7ffa126eecd3
                                                                                                                0x7ffa126eecdd
                                                                                                                0x7ffa126eece7
                                                                                                                0x7ffa126eecfb
                                                                                                                0x7ffa126eed06
                                                                                                                0x7ffa126eed10
                                                                                                                0x7ffa126eed1a
                                                                                                                0x7ffa126eed27
                                                                                                                0x7ffa126eed33
                                                                                                                0x7ffa126eed45
                                                                                                                0x7ffa126eed4b
                                                                                                                0x7ffa126eed57
                                                                                                                0x7ffa126eed6e
                                                                                                                0x7ffa126eed83
                                                                                                                0x7ffa126eed85
                                                                                                                0x7ffa126eed8b
                                                                                                                0x7ffa126eed8c
                                                                                                                0x7ffa126eed94
                                                                                                                0x7ffa126eed96
                                                                                                                0x7ffa126eed9e
                                                                                                                0x7ffa126eeda1
                                                                                                                0x7ffa126eedb0
                                                                                                                0x7ffa126eedba
                                                                                                                0x7ffa126eedc9
                                                                                                                0x7ffa126eedd5
                                                                                                                0x7ffa126eede7
                                                                                                                0x7ffa126eedfb
                                                                                                                0x7ffa126eee10
                                                                                                                0x7ffa126eee1a
                                                                                                                0x7ffa126eee36
                                                                                                                0x7ffa126eee45
                                                                                                                0x7ffa126eee4a
                                                                                                                0x7ffa126eee56
                                                                                                                0x7ffa126eee6d
                                                                                                                0x7ffa126eee82
                                                                                                                0x7ffa126eee84
                                                                                                                0x7ffa126eee8a
                                                                                                                0x7ffa126eee8b
                                                                                                                0x7ffa126eee90
                                                                                                                0x7ffa126eee98
                                                                                                                0x7ffa126eeea4
                                                                                                                0x7ffa126eeeac
                                                                                                                0x7ffa126eeeb8
                                                                                                                0x7ffa126eeecf
                                                                                                                0x7ffa126eeee4
                                                                                                                0x7ffa126eeee6
                                                                                                                0x7ffa126eeeec
                                                                                                                0x7ffa126eeeed
                                                                                                                0x7ffa126eeef6
                                                                                                                0x7ffa126eeeff
                                                                                                                0x7ffa126eef08
                                                                                                                0x7ffa126eef10
                                                                                                                0x7ffa126eef18
                                                                                                                0x7ffa126eef1a
                                                                                                                0x7ffa126eef22
                                                                                                                0x7ffa126eef5a

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ExceptionThrow$C_error@std@@CloseHandleMtx_lockMtx_unlockThrow_$BuffersConcurrency::cancel_current_taskDeleteFileFlushOpenPrinter__std_exception_copymemmove
                                                                                                                • String ID: OpenPrinterW ('{}', {:#x} -> {:#x}, NULL) -> {}$c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't rename file$file not found$finalizing PCL '{}'$port object {:#x} is not present in the list${}\temp_{}${}\{}
                                                                                                                • API String ID: 2160768893-1265162037
                                                                                                                • Opcode ID: 58beda62e6417c6e25b5ef48cfd193df8d72ce1e7ef7f8c60a0b7f69ff954c08
                                                                                                                • Instruction ID: eb97f7dbdba2187517dba3ca990d82eecc4987bf5d9b9276f9e98c41ece27664
                                                                                                                • Opcode Fuzzy Hash: 58beda62e6417c6e25b5ef48cfd193df8d72ce1e7ef7f8c60a0b7f69ff954c08
                                                                                                                • Instruction Fuzzy Hash: 0E221E72609FC280EA60DB14E4443EE63A5FB96774F418235D6AD46AEDDFBCD089CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F2420 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 260fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$C_error@std@@Mtx_lockMtx_unlockThrow_$ExceptionThrow$CloseFileHandleOpenPrinterWrite
                                                                                                                • String ID: OpenPrinterW ('{}', {:#x} -> {:#x}, NULL) -> {}$c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$no file handle to write$port object {:#x} is not present in the list
                                                                                                                • API String ID: 2224752147-625230079
                                                                                                                • Opcode ID: 932e98acf6a538dfd0b4d71e54e13c4e5c1377931cc4050753ee50d299f82302
                                                                                                                • Instruction ID: ee2de5bc89bfc1fb9e65d1734b12c7b499557210bba899f665a6dfc9521ef2f2
                                                                                                                • Opcode Fuzzy Hash: 932e98acf6a538dfd0b4d71e54e13c4e5c1377931cc4050753ee50d299f82302
                                                                                                                • Instruction Fuzzy Hash: BBB1AF72B08F8285EB00DB64E4503AE67B1FB867A4F518135EE5D17AADDF78D489CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12715590 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 250COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 25%
                                                                                                                			E00007FFA7FFA12715590(void* __ecx, void* __edx, long long __rbx, long long* __rcx, long long __rsi, long long __rbp, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				char _v144;
				long long _v152;
				void* _t78;
				void* _t83;
				void* _t95;
				char _t100;
				signed long long _t109;
				intOrPtr* _t119;
				intOrPtr* _t121;
				intOrPtr* _t122;
				long long _t138;
				intOrPtr _t144;
				intOrPtr _t156;
				intOrPtr* _t157;
				intOrPtr _t160;
				intOrPtr* _t162;
				intOrPtr _t167;
				void* _t169;
				long long* _t174;
				long long _t175;
				intOrPtr _t176;
				intOrPtr _t177;

				_t78 = __ecx;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t109 =  *0x1272ec78; // 0xf623ed34940b
				_v56 = _t109 ^ _t169 - 0x00000090;
				_t174 = __rcx;
				 *__rcx = 0x1271ef88;
				_t162 =  *((intOrPtr*)(__rcx + 0x38));
				_t167 =  *((intOrPtr*)(__rcx + 0x40));
				r13d = 0;
				_t83 = _t162 - _t167;
				if (_t83 == 0) goto 0x12715744;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t83 < 0) goto 0x12715611;
				if (0x80000000 - 0x80000000 <= 0) goto 0x12715611;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x12715611;
				E00007FFA7FFA126FD940( *((intOrPtr*)(_t162 + 8)));
				SetEvent(??);
				_t176 =  *_t162;
				if ( *((intOrPtr*)(_t176 + 0x10)) == 0) goto 0x12715737;
				E00007FFA7FFA12716690( *((intOrPtr*)(_t176 + 0x10)), 0x1271ef88, __rbx, _t176, _t162);
				if ( *((intOrPtr*)(_t176 + 0x10)) != 0) goto 0x12715635;
				goto 0x12715706;
				 *((intOrPtr*)(_t176 + 0x10)) = r13d;
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				_t119 =  *((intOrPtr*)(_t176 + 0x18));
				_t156 =  *((intOrPtr*)(_t176 + 0x20));
				if (_t119 == _t156) goto 0x1271567f;
				asm("o16 nop [eax+eax]");
				 *((char*)( *_t119 + 0x14)) = 1;
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				if (_t119 + 8 != _t156) goto 0x12715660;
				_t177 =  *((intOrPtr*)(_t176 + 0x20));
				_t157 =  *((intOrPtr*)(_t176 + 0x18));
				if (_t157 == _t177) goto 0x127156ea;
				_t121 =  *_t157;
				if (_t121 == 0) goto 0x127156dd;
				asm("lock xadd [ebx+0x18], eax");
				if (0xffffffff != 1) goto 0x127156dd;
				if ( *((intOrPtr*)(_t121 + 8)) - 1 - 0xfffffffd > 0) goto 0x127156bc;
				CloseHandle(??);
				if ( *_t121 - 1 - 0xfffffffd > 0) goto 0x127156d0;
				CloseHandle(??);
				E00007FFA7FFA127056E4();
				if (_t157 + 8 != _t177) goto 0x12715690;
				 *((long long*)(_t176 + 0x20)) =  *((intOrPtr*)(_t176 + 0x18));
				_t95 =  *((intOrPtr*)(_t176 + 0x30)) - 1 - 0xfffffffd;
				if (_t95 > 0) goto 0x12715702;
				CloseHandle(??);
				 *((long long*)(_t176 + 0x30)) = _t175;
				asm("lock inc ecx");
				asm("bt eax, 0x1e");
				if (_t95 < 0) goto 0x12715737;
				if (0x80000000 - 0x80000000 <= 0) goto 0x12715737;
				asm("lock inc ecx");
				if (0x80000000 - 0x80000000 < 0) goto 0x12715737;
				E00007FFA7FFA126FD940(_t176);
				SetEvent(??);
				if (_t162 + 0x10 != _t167) goto 0x127155e2;
				_t122 =  *((intOrPtr*)(_t174 + 0x50));
				_t160 =  *((intOrPtr*)(_t174 + 0x58));
				if (_t122 == _t160) goto 0x127157c6;
				_t138 =  *_t122 + 0x30;
				_v152 = _t138;
				_v144 = 0;
				if (_t138 == 0) goto 0x1271588b;
				E00007FFA7FFA12716690(_t138,  *((intOrPtr*)(_t176 + 0x30)) - 1, _t122, _t138,  *_t122);
				_v144 = 1;
				E00007FFA7FFA127167A0();
				_t100 = _v144;
				if (_t100 == 0) goto 0x127157bd;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t100 < 0) goto 0x127157bd;
				if (0x80000000 - 0x80000000 <= 0) goto 0x127157bd;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x127157bd;
				E00007FFA7FFA126FD940(_v152);
				SetEvent(??);
				if (_t122 + 0x10 != _t160) goto 0x12715753;
				if ( *((intOrPtr*)(_t174 + 0x68)) - 1 - 0xfffffffd > 0) goto 0x127157dc;
				CloseHandle(??);
				E00007FFA7FFA127093E0(_t174 + 0x50);
				_t144 =  *((intOrPtr*)(_t174 + 0x38));
				if (_t144 == 0) goto 0x12715832;
				if (( *((intOrPtr*)(_t174 + 0x48)) - _t144 & 0xfffffff0) - 0x1000 < 0) goto 0x1271581d;
				if (_t144 -  *((intOrPtr*)(_t144 - 8)) - 8 - 0x1f > 0) goto 0x12715884;
				E00007FFA7FFA127056E4();
				 *((long long*)(_t174 + 0x38)) = _t175;
				 *((long long*)(_t174 + 0x40)) = _t175;
				 *((long long*)(_t174 + 0x48)) = _t175;
				E00007FFA7FFA127152C0(0x20, _t122 + 0x10, _t174 + 0x28);
				if ( *((intOrPtr*)(_t174 + 0x10)) - 1 - 0xfffffffd > 0) goto 0x12715853;
				return E00007FFA7FFA12705E20(CloseHandle(??), _t78, _v56 ^ _t169 - 0x00000090);
			}



























                                                                                                                0x7ffa12715590
                                                                                                                0x7ffa12715590
                                                                                                                0x7ffa12715595
                                                                                                                0x7ffa1271559a
                                                                                                                0x7ffa127155af
                                                                                                                0x7ffa127155b9
                                                                                                                0x7ffa127155c1
                                                                                                                0x7ffa127155cb
                                                                                                                0x7ffa127155ce
                                                                                                                0x7ffa127155d2
                                                                                                                0x7ffa127155d6
                                                                                                                0x7ffa127155d9
                                                                                                                0x7ffa127155dc
                                                                                                                0x7ffa127155eb
                                                                                                                0x7ffa127155ef
                                                                                                                0x7ffa127155f3
                                                                                                                0x7ffa127155fa
                                                                                                                0x7ffa127155fc
                                                                                                                0x7ffa12715601
                                                                                                                0x7ffa12715603
                                                                                                                0x7ffa1271560b
                                                                                                                0x7ffa12715611
                                                                                                                0x7ffa1271561a
                                                                                                                0x7ffa12715623
                                                                                                                0x7ffa1271562e
                                                                                                                0x7ffa12715630
                                                                                                                0x7ffa12715635
                                                                                                                0x7ffa12715639
                                                                                                                0x7ffa12715640
                                                                                                                0x7ffa12715646
                                                                                                                0x7ffa1271564a
                                                                                                                0x7ffa12715651
                                                                                                                0x7ffa12715657
                                                                                                                0x7ffa12715666
                                                                                                                0x7ffa1271566a
                                                                                                                0x7ffa12715670
                                                                                                                0x7ffa1271567d
                                                                                                                0x7ffa1271567f
                                                                                                                0x7ffa12715683
                                                                                                                0x7ffa1271568a
                                                                                                                0x7ffa12715690
                                                                                                                0x7ffa12715696
                                                                                                                0x7ffa1271569d
                                                                                                                0x7ffa127156a5
                                                                                                                0x7ffa127156b3
                                                                                                                0x7ffa127156b5
                                                                                                                0x7ffa127156c7
                                                                                                                0x7ffa127156c9
                                                                                                                0x7ffa127156d8
                                                                                                                0x7ffa127156e4
                                                                                                                0x7ffa127156ea
                                                                                                                0x7ffa127156f6
                                                                                                                0x7ffa127156fa
                                                                                                                0x7ffa127156fc
                                                                                                                0x7ffa12715702
                                                                                                                0x7ffa1271570b
                                                                                                                0x7ffa12715710
                                                                                                                0x7ffa12715714
                                                                                                                0x7ffa1271571b
                                                                                                                0x7ffa1271571d
                                                                                                                0x7ffa12715723
                                                                                                                0x7ffa12715728
                                                                                                                0x7ffa12715730
                                                                                                                0x7ffa1271573e
                                                                                                                0x7ffa12715744
                                                                                                                0x7ffa12715749
                                                                                                                0x7ffa12715751
                                                                                                                0x7ffa12715756
                                                                                                                0x7ffa1271575a
                                                                                                                0x7ffa1271575f
                                                                                                                0x7ffa12715767
                                                                                                                0x7ffa1271576d
                                                                                                                0x7ffa12715772
                                                                                                                0x7ffa1271577f
                                                                                                                0x7ffa12715785
                                                                                                                0x7ffa1271578a
                                                                                                                0x7ffa12715796
                                                                                                                0x7ffa1271579a
                                                                                                                0x7ffa1271579e
                                                                                                                0x7ffa127157a5
                                                                                                                0x7ffa127157a7
                                                                                                                0x7ffa127157ac
                                                                                                                0x7ffa127157ae
                                                                                                                0x7ffa127157b6
                                                                                                                0x7ffa127157c4
                                                                                                                0x7ffa127157d3
                                                                                                                0x7ffa127157d5
                                                                                                                0x7ffa127157e1
                                                                                                                0x7ffa127157e6
                                                                                                                0x7ffa127157ee
                                                                                                                0x7ffa12715803
                                                                                                                0x7ffa12715818
                                                                                                                0x7ffa1271581d
                                                                                                                0x7ffa12715823
                                                                                                                0x7ffa12715828
                                                                                                                0x7ffa1271582d
                                                                                                                0x7ffa12715837
                                                                                                                0x7ffa1271584a
                                                                                                                0x7ffa12715883

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle$Event$ReleaseSemaphore$Create__std_exception_destroy_invalid_parameter_noinfo_noreturnstd::bad_exception::bad_exception
                                                                                                                • String ID: boost unique_lock has no mutex
                                                                                                                • API String ID: 1979981141-1332336223
                                                                                                                • Opcode ID: 99d43ab599dc6fdb592f883fd878a795e6f26811ccc1dd07ce6a8332fe436380
                                                                                                                • Instruction ID: a911c1facb0b882b08477250ce9be8a84a4f92544594e668dbb74a64625298af
                                                                                                                • Opcode Fuzzy Hash: 99d43ab599dc6fdb592f883fd878a795e6f26811ccc1dd07ce6a8332fe436380
                                                                                                                • Instruction Fuzzy Hash: B8B1A022A05E4286EA548B25E44827A63F4FF47BB4F5A8231CA6D437D8EF7CD449CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E92D0 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 266COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E00007FFA7FFA126E92D0(long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi) {
				void* _t20;
				void* _t21;
				intOrPtr _t38;
				long long _t55;
				long long _t62;
				unsigned long long _t63;
				void* _t66;
				void* _t70;
				void* _t71;

				_t34 = __rax;
				 *((long long*)(_t66 + 8)) = __rbx;
				 *((long long*)(_t66 + 0x10)) = _t62;
				 *((long long*)(_t66 + 0x18)) = __rsi;
				 *((long long*)(_t66 + 0x20)) = __rdi;
				_t63 =  *((intOrPtr*)(__rcx + 0x18));
				_t71 = __rcx;
				_t38 =  *((intOrPtr*)(__rcx + 8));
				_t55 =  >  ? __rdx : (_t63 >> 1) + _t63;
				if (_t55 - 0x1000 < 0) goto 0x126e9337;
				if (_t55 + 0x27 - _t55 <= 0) goto 0x126e93b9;
				_t21 = E00007FFA7FFA127056A8(_t20, __rax, _t55 + 0x27);
				if (__rax == 0) goto 0x126e93b2;
				_t8 = _t34 + 0x27; // 0x27
				 *((long long*)((_t8 & 0xffffffe0) - 8)) = __rax;
				goto 0x126e934b;
				if (_t55 == 0) goto 0x126e9349;
				E00007FFA7FFA127056A8(_t21, __rax, _t55);
				goto 0x126e934b;
				memmove(_t70, ??);
				 *((long long*)(_t71 + 8)) = __rax;
				 *((long long*)(_t71 + 0x18)) = _t55;
				if (_t38 == _t71 + 0x20) goto 0x126e9397;
				if (_t63 - 0x1000 < 0) goto 0x126e938c;
				if (_t38 -  *((intOrPtr*)(_t38 - 8)) - 8 - 0x1f > 0) goto 0x126e93b2;
				return E00007FFA7FFA127056E4();
			}












                                                                                                                0x7ffa126e92d0
                                                                                                                0x7ffa126e92d0
                                                                                                                0x7ffa126e92d5
                                                                                                                0x7ffa126e92da
                                                                                                                0x7ffa126e92df
                                                                                                                0x7ffa126e92ea
                                                                                                                0x7ffa126e92ee
                                                                                                                0x7ffa126e92f1
                                                                                                                0x7ffa126e9301
                                                                                                                0x7ffa126e930c
                                                                                                                0x7ffa126e9315
                                                                                                                0x7ffa126e931b
                                                                                                                0x7ffa126e9323
                                                                                                                0x7ffa126e9329
                                                                                                                0x7ffa126e9331
                                                                                                                0x7ffa126e9335
                                                                                                                0x7ffa126e933a
                                                                                                                0x7ffa126e933f
                                                                                                                0x7ffa126e9347
                                                                                                                0x7ffa126e9355
                                                                                                                0x7ffa126e935e
                                                                                                                0x7ffa126e9362
                                                                                                                0x7ffa126e9369
                                                                                                                0x7ffa126e9372
                                                                                                                0x7ffa126e9387
                                                                                                                0x7ffa126e93b1

                                                                                                                APIs
                                                                                                                • memmove.VCRUNTIME140 ref: 00007FFA126E9355
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E93B2
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA126E93B9
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E94A6
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E9554
                                                                                                                  • Part of subcall function 00007FFA127056A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA126E8F4E), ref: 00007FFA127056C2
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E95B3
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E962E
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E968D
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E96E1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmallocmemmove
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_addport '{}', {:#x}, '{}'$system
                                                                                                                • API String ID: 2599383951-1193261317
                                                                                                                • Opcode ID: a4498f68436b03a7882b6bca6ddf34ea31ff5a2665c0f0b2bf1ea133035a0604
                                                                                                                • Instruction ID: 5cd466952d43025cc7b60a74139eca0b30bccd9e14676e3997442d41fa9dfa3b
                                                                                                                • Opcode Fuzzy Hash: a4498f68436b03a7882b6bca6ddf34ea31ff5a2665c0f0b2bf1ea133035a0604
                                                                                                                • Instruction Fuzzy Hash: 0EB19661A09E8141FA10D755E44436E63A1EF87BF0F518631EAAD47BDDDEBCD484CB04
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F07D0 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 168registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 23%
                                                                                                                			E00007FFA7FFA126F07D0(long long __rbx, long long __rcx, long long __rdi, long long __rsi, long long _a16, long long _a24, long long _a32) {
				void* _v8;
				signed int _v16;
				signed long long _v24;
				intOrPtr _v32;
				char _v48;
				long long _v56;
				long long _v64;
				char _v80;
				char _v88;
				intOrPtr _v96;
				long long _v104;
				void* __rbp;
				long _t58;
				void* _t74;
				signed long long _t100;
				void* _t143;
				signed long long _t144;
				long long _t150;
				long long _t156;
				signed long long _t161;
				long long _t165;
				intOrPtr* _t166;
				long long _t168;
				void* _t171;

				_t168 = __rsi;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t100 =  *0x1272ec78; // 0xf623ed34940b
				_v16 = _t100 ^ _t171 - 0x00000080;
				_t165 = __rcx;
				_v88 = __rsi;
				if ( *((long long*)(__rcx + 0x18)) - 0x10 < 0) goto 0x126f080e;
				E00007FFA7FFA126F3FF0(_t74, __rbx,  &_v48,  *((intOrPtr*)(__rcx)), __rsi, _t171);
				_t143 =  >=  ? _v48 :  &_v48;
				_v104 =  &_v88;
				r9d = 0x2001b;
				r8d = 0;
				_t58 = RegOpenKeyExW(??, ??, ??, ??, ??);
				_t144 = _v24;
				if (_t144 - 8 < 0) goto 0x126f0889;
				if (2 + _t144 * 2 - 0x1000 < 0) goto 0x126f0884;
				if (_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126f0884;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				if (_t58 == 0) goto 0x126f08b5;
				_v104 = _t165;
				r8d = 0x229;
				E00007FFA7FFA126E5600(4, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t open registry key \'HKLM\\{}\'");
				goto 0x126f0a63;
				_t166 =  *((intOrPtr*)(_t165 + 0x60));
				_t117 =  *_t166;
				if ( *_t166 == _t166) goto 0x126f0a59;
				E00007FFA7FFA126ED4C0(_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8,  *_t166,  &_v80,  *((intOrPtr*)( *_t166 + 0x10)), _t168);
				_v104 =  &_v80;
				r8d = 0x22d;
				E00007FFA7FFA126E5600(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "set \'name\' value to \'{}\'");
				_t150 = _v56;
				if (_t150 - 0x10 < 0) goto 0x126f0936;
				if (_t150 + 1 - 0x1000 < 0) goto 0x126f0931;
				if (_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x126f0a44;
				E00007FFA7FFA127056E4();
				E00007FFA7FFA126ED4C0(_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8,  *_t166,  &_v80,  *((intOrPtr*)( *_t166 + 0x10)), _t168);
				_t155 =  >=  ? _v80 :  &_v80;
				E00007FFA7FFA126F3FF0(_t58, _t117,  &_v48,  >=  ? _v80 :  &_v80, _t168, _t171);
				_t156 = _v56;
				if (_t156 - 0x10 < 0) goto 0x126f0997;
				if (_t156 + 1 - 0x1000 < 0) goto 0x126f0992;
				if (_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x126f0a4b;
				E00007FFA7FFA127056E4();
				_v64 = _t168;
				_v56 = 0xf;
				_v80 = 0;
				_t133 =  >=  ? _v48 :  &_v48;
				_v96 = _v32 + _v32;
				_v104 =  >=  ? _v48 :  &_v48;
				r9d = 1;
				r8d = 0;
				if (RegSetValueExW(??, ??, ??, ??, ??, ??) == 0) goto 0x126f0a00;
				r8d = 0x232;
				E00007FFA7FFA126E52D0(4, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t set \'name\' value for key");
				_t161 = _v24;
				if (_t161 - 8 < 0) goto 0x126f0a3c;
				if (2 + _t161 * 2 - 0x1000 < 0) goto 0x126f0a37;
				if (_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x126f0a52;
				E00007FFA7FFA127056E4();
				goto 0x126f08bc;
				__imp___invalid_parameter_noinfo_noreturn();
				__imp___invalid_parameter_noinfo_noreturn();
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFA7FFA12705E20(RegCloseKey(??), 4, _v16 ^ _t171 - 0x00000080);
			}



























                                                                                                                0x7ffa126f07d0
                                                                                                                0x7ffa126f07d0
                                                                                                                0x7ffa126f07d5
                                                                                                                0x7ffa126f07da
                                                                                                                0x7ffa126f07ea
                                                                                                                0x7ffa126f07f4
                                                                                                                0x7ffa126f07f8
                                                                                                                0x7ffa126f07fd
                                                                                                                0x7ffa126f0809
                                                                                                                0x7ffa126f0812
                                                                                                                0x7ffa126f0820
                                                                                                                0x7ffa126f0829
                                                                                                                0x7ffa126f082e
                                                                                                                0x7ffa126f0834
                                                                                                                0x7ffa126f083e
                                                                                                                0x7ffa126f0846
                                                                                                                0x7ffa126f084e
                                                                                                                0x7ffa126f0866
                                                                                                                0x7ffa126f087b
                                                                                                                0x7ffa126f087d
                                                                                                                0x7ffa126f0883
                                                                                                                0x7ffa126f0884
                                                                                                                0x7ffa126f088b
                                                                                                                0x7ffa126f088d
                                                                                                                0x7ffa126f0899
                                                                                                                0x7ffa126f08ab
                                                                                                                0x7ffa126f08b0
                                                                                                                0x7ffa126f08b5
                                                                                                                0x7ffa126f08b9
                                                                                                                0x7ffa126f08bf
                                                                                                                0x7ffa126f08cd
                                                                                                                0x7ffa126f08d7
                                                                                                                0x7ffa126f08e3
                                                                                                                0x7ffa126f08f5
                                                                                                                0x7ffa126f08fb
                                                                                                                0x7ffa126f0903
                                                                                                                0x7ffa126f0916
                                                                                                                0x7ffa126f092b
                                                                                                                0x7ffa126f0931
                                                                                                                0x7ffa126f093e
                                                                                                                0x7ffa126f094d
                                                                                                                0x7ffa126f0956
                                                                                                                0x7ffa126f095c
                                                                                                                0x7ffa126f0964
                                                                                                                0x7ffa126f0977
                                                                                                                0x7ffa126f098c
                                                                                                                0x7ffa126f0992
                                                                                                                0x7ffa126f0997
                                                                                                                0x7ffa126f099b
                                                                                                                0x7ffa126f09a3
                                                                                                                0x7ffa126f09b5
                                                                                                                0x7ffa126f09ba
                                                                                                                0x7ffa126f09be
                                                                                                                0x7ffa126f09c3
                                                                                                                0x7ffa126f09c9
                                                                                                                0x7ffa126f09df
                                                                                                                0x7ffa126f09e8
                                                                                                                0x7ffa126f09fa
                                                                                                                0x7ffa126f0a00
                                                                                                                0x7ffa126f0a08
                                                                                                                0x7ffa126f0a20
                                                                                                                0x7ffa126f0a35
                                                                                                                0x7ffa126f0a37
                                                                                                                0x7ffa126f0a3f
                                                                                                                0x7ffa126f0a44
                                                                                                                0x7ffa126f0a4b
                                                                                                                0x7ffa126f0a52
                                                                                                                0x7ffa126f0a58
                                                                                                                0x7ffa126f0a87

                                                                                                                APIs
                                                                                                                • RegOpenKeyExW.ADVAPI32 ref: 00007FFA126F083E
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126F087D
                                                                                                                • RegCloseKey.ADVAPI32 ref: 00007FFA126F0A5D
                                                                                                                  • Part of subcall function 00007FFA126E5600: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E574B
                                                                                                                  • Part of subcall function 00007FFA126E5600: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E5792
                                                                                                                • RegSetValueExW.ADVAPI32 ref: 00007FFA126F09D7
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126F0A44
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126F0A4B
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126F0A52
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CloseOpenValue
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't open registry key 'HKLM\{}'$couldn't set 'name' value for key$name$set 'name' value to '{}'
                                                                                                                • API String ID: 31251203-1549987888
                                                                                                                • Opcode ID: f213333980d3473a6b08d39c654d3b2c1dc675a5dbd0e615af430c2f992845d7
                                                                                                                • Instruction ID: 4eec057082e27ca8d66793c0b69badf6551f3ad2f38d05f9b9055f122b30b570
                                                                                                                • Opcode Fuzzy Hash: f213333980d3473a6b08d39c654d3b2c1dc675a5dbd0e615af430c2f992845d7
                                                                                                                • Instruction Fuzzy Hash: 68714962B14A4284FF109BA4E4553AD23B1EB4A7B4F419636DA2D16ADDEFB8D0858B00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126EF6B0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 277COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 31%
                                                                                                                			E00007FFA7FFA126EF6B0(void* __edi, void* __esi, long long __rbx, signed int __rcx, long long __rdx, intOrPtr* __r8) {
				void* __rsi;
				void* __rbp;
				void* __r14;
				void* _t89;
				signed char _t110;
				void* _t115;
				signed long long _t146;
				intOrPtr _t149;
				long long _t163;
				intOrPtr _t183;
				intOrPtr _t217;
				intOrPtr _t220;
				void* _t229;
				void* _t233;
				int _t236;
				long long _t238;
				int _t240;
				void* _t241;
				void* _t243;
				signed long long _t244;
				intOrPtr _t249;
				void* _t251;
				void* _t257;
				void* _t258;
				char* _t259;
				int _t261;
				intOrPtr _t262;
				int _t265;
				void* _t267;
				intOrPtr _t268;
				long long _t269;

				 *((long long*)(_t243 + 8)) = __rbx;
				_t241 = _t243 - 0xb0;
				_t244 = _t243 - 0x1b0;
				_t146 =  *0x1272ec78; // 0xf623ed34940b
				 *(_t241 + 0xa0) = _t146 ^ _t244;
				_t179 = __r8;
				_t259 = __rdx;
				 *((long long*)(_t244 + 0x30)) = __rdx;
				r15d = 0;
				 *(_t244 + 0x20) = r15d;
				_t149 =  *((intOrPtr*)( *[gs:0x58] + __rcx * 8));
				_t115 =  *0x12731ac4 -  *((intOrPtr*)(__rdx + _t149)); // 0x0
				if (_t115 > 0) goto 0x126efabc;
				if ( *((long long*)(__r8 + 0x18)) - 0x10 < 0) goto 0x126ef72b;
				if ( *((intOrPtr*)(__r8 + 0x10)) == 0) goto 0x126ef763;
				_t89 = memchr(_t267, _t265, _t261);
				if (_t149 == 0) goto 0x126ef763;
				_t150 = _t149 -  *__r8;
				if (_t149 -  *__r8 == 0xffffffff) goto 0x126ef763;
				E00007FFA7FFA126F3170(_t89, __r8, _t241 + 0x80, __r8, _t236, _t258);
				r14d = 1;
				goto 0x126ef776;
				E00007FFA7FFA126ED4C0(_t149 -  *__r8, __r8, _t241 + 0x40, __r8, _t236);
				r14d = 2;
				 *(_t244 + 0x20) = r14d;
				E00007FFA7FFA126ED4C0(_t150, _t179, _t241 + 0x60, _t150, _t236);
				if ((r14b & 0x00000002) == 0) goto 0x126ef7e0;
				r14d = r14d & 0xfffffffd;
				_t217 =  *((intOrPtr*)(_t241 + 0x58));
				if (_t217 - 0x10 < 0) goto 0x126ef7d0;
				if (_t217 + 1 - 0x1000 < 0) goto 0x126ef7cb;
				if ( *((intOrPtr*)(_t241 + 0x40)) -  *((intOrPtr*)( *((intOrPtr*)(_t241 + 0x40)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ef7cb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				 *(_t241 + 0x50) = _t267;
				 *((long long*)(_t241 + 0x58)) = 0xf;
				 *((char*)(_t241 + 0x40)) = 0;
				if ((r14b & 0x00000001) == 0) goto 0x126ef847;
				r14d = r14d & 0xfffffffe;
				_t220 =  *((intOrPtr*)(_t241 + 0x98));
				if (_t220 - 0x10 < 0) goto 0x126ef82e;
				if (_t220 + 1 - 0x1000 < 0) goto 0x126ef829;
				if ( *((intOrPtr*)(_t241 + 0x80)) -  *((intOrPtr*)( *((intOrPtr*)(_t241 + 0x80)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ef829;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				 *(_t241 + 0x90) = _t267;
				 *((long long*)(_t241 + 0x98)) = 0xf;
				 *((char*)(_t241 + 0x80)) = 0;
				 *((long long*)(_t244 + 0x40)) = 0x1271c490;
				 *((long long*)(_t244 + 0x50)) = 0x1271c498;
				__imp__??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ();
				r14d = r14d | 0x00000008;
				 *(_t244 + 0x20) = r14d;
				r8d = 0;
				__imp__??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z();
				 *((long long*)(_t244 +  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) + 0x40)) = 0x1271c488;
				 *((intOrPtr*)(_t244 +  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) + 0x3c)) =  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) - 0x98;
				__imp__??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ();
				 *((long long*)(_t244 + 0x58)) = 0x1271c408;
				 *(_t241 - 0x40) = _t267;
				 *(_t241 - 0x38) = r15d;
				_t262 =  *((intOrPtr*)(_t241 + 0x60));
				_t233 =  >=  ? _t262 : _t241 + 0x60;
				_t200 =  >=  ? _t262 : _t241 + 0x60;
				_t238 =  *((intOrPtr*)(_t241 + 0x70)) + ( >=  ? _t262 : _t241 + 0x60);
				 *((long long*)(_t244 + 0x28)) = _t238;
				if (_t233 == _t238) goto 0x126ef980;
				_t268 =  *0x1272e010; // 0x9
				_t163 = _t238;
				if (sil - 0x20 < 0) goto 0x126ef96a;
				_t182 =  >=  ?  *0x1272e000 : 0x1272e000;
				if (_t268 == 0) goto 0x126ef950;
				memchr(_t229, _t236, _t240);
				if (_t163 == 0) goto 0x126ef950;
				if (_t163 - 0x1272e000 != 0xffffffff) goto 0x126ef965;
				E00007FFA7FFA126EC670(sil & 0xffffffff,  >=  ?  *0x1272e000 : 0x1272e000, _t244 + 0x50);
				_t269 =  *0x1272e010; // 0x9
				if (_t233 + 1 !=  *((intOrPtr*)(_t244 + 0x28))) goto 0x126ef910;
				_t110 =  *(_t241 - 0x38);
				_t257 =  *(_t241 - 0x40);
				_t183 =  *((intOrPtr*)(_t241 + 0x78));
				r15d = 0;
				 *_t259 = _t269;
				 *((long long*)(_t259 + 0x10)) = _t269;
				 *((long long*)(_t259 + 0x18)) = 0xf;
				 *_t259 = 0;
				r14d = r14d | 0x00000020;
				 *(_t244 + 0x20) = r14d;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp+0x40], xmm0");
				if ((_t110 & 0x00000022) == 2) goto 0x126ef9cf;
				_t249 =  *((intOrPtr*)( *((intOrPtr*)(_t241 - 0x68))));
				if (_t249 == 0) goto 0x126ef9cf;
				_t250 =  <  ? _t257 : _t249;
				_t251 = ( <  ? _t257 : _t249) -  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x78))));
				goto 0x126ef9ff;
				if ((_t110 & 0x00000004) != 0) goto 0x126ef9f7;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t241 - 0x70)))) == 0) goto 0x126ef9f7;
				goto 0x126ef9ff;
				if ( *((intOrPtr*)(_t241 + 0x40)) == 0) goto 0x126efa0d;
				E00007FFA7FFA126E9100(_t183, _t259,  *((intOrPtr*)(_t241 + 0x40)),  *((intOrPtr*)(_t241 + 0x48)), _t265);
				 *((long long*)(_t244 +  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) + 0x40)) = 0x1271c488;
				 *((intOrPtr*)(_t244 +  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) + 0x3c)) =  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) - 0x98;
				E00007FFA7FFA126ED8F0();
				__imp__??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ();
				__imp__??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ();
				if (_t183 - 0x10 < 0) goto 0x126efa8f;
				if (_t183 + 1 - 0x1000 < 0) goto 0x126efa87;
				if (_t262 -  *((intOrPtr*)(_t262 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126efa87;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFA7FFA12705E20(E00007FFA7FFA127056E4(), _t103,  *(_t241 + 0xa0) ^ _t244);
			}


































                                                                                                                0x7ffa126ef6b0
                                                                                                                0x7ffa126ef6c0
                                                                                                                0x7ffa126ef6c8
                                                                                                                0x7ffa126ef6cf
                                                                                                                0x7ffa126ef6d9
                                                                                                                0x7ffa126ef6e0
                                                                                                                0x7ffa126ef6e3
                                                                                                                0x7ffa126ef6e6
                                                                                                                0x7ffa126ef6eb
                                                                                                                0x7ffa126ef6ee
                                                                                                                0x7ffa126ef707
                                                                                                                0x7ffa126ef70e
                                                                                                                0x7ffa126ef714
                                                                                                                0x7ffa126ef726
                                                                                                                0x7ffa126ef72e
                                                                                                                0x7ffa126ef738
                                                                                                                0x7ffa126ef740
                                                                                                                0x7ffa126ef742
                                                                                                                0x7ffa126ef749
                                                                                                                0x7ffa126ef755
                                                                                                                0x7ffa126ef75b
                                                                                                                0x7ffa126ef761
                                                                                                                0x7ffa126ef76a
                                                                                                                0x7ffa126ef770
                                                                                                                0x7ffa126ef776
                                                                                                                0x7ffa126ef782
                                                                                                                0x7ffa126ef78c
                                                                                                                0x7ffa126ef78e
                                                                                                                0x7ffa126ef792
                                                                                                                0x7ffa126ef79a
                                                                                                                0x7ffa126ef7ad
                                                                                                                0x7ffa126ef7c2
                                                                                                                0x7ffa126ef7c4
                                                                                                                0x7ffa126ef7ca
                                                                                                                0x7ffa126ef7cb
                                                                                                                0x7ffa126ef7d0
                                                                                                                0x7ffa126ef7d4
                                                                                                                0x7ffa126ef7dc
                                                                                                                0x7ffa126ef7e4
                                                                                                                0x7ffa126ef7e6
                                                                                                                0x7ffa126ef7ea
                                                                                                                0x7ffa126ef7f5
                                                                                                                0x7ffa126ef80b
                                                                                                                0x7ffa126ef820
                                                                                                                0x7ffa126ef822
                                                                                                                0x7ffa126ef828
                                                                                                                0x7ffa126ef829
                                                                                                                0x7ffa126ef82e
                                                                                                                0x7ffa126ef835
                                                                                                                0x7ffa126ef840
                                                                                                                0x7ffa126ef84e
                                                                                                                0x7ffa126ef85a
                                                                                                                0x7ffa126ef863
                                                                                                                0x7ffa126ef86a
                                                                                                                0x7ffa126ef86e
                                                                                                                0x7ffa126ef873
                                                                                                                0x7ffa126ef880
                                                                                                                0x7ffa126ef897
                                                                                                                0x7ffa126ef8ab
                                                                                                                0x7ffa126ef8b4
                                                                                                                0x7ffa126ef8c1
                                                                                                                0x7ffa126ef8c9
                                                                                                                0x7ffa126ef8d0
                                                                                                                0x7ffa126ef8d7
                                                                                                                0x7ffa126ef8e3
                                                                                                                0x7ffa126ef8eb
                                                                                                                0x7ffa126ef8f3
                                                                                                                0x7ffa126ef8f6
                                                                                                                0x7ffa126ef8fe
                                                                                                                0x7ffa126ef904
                                                                                                                0x7ffa126ef90b
                                                                                                                0x7ffa126ef917
                                                                                                                0x7ffa126ef928
                                                                                                                0x7ffa126ef933
                                                                                                                0x7ffa126ef93d
                                                                                                                0x7ffa126ef945
                                                                                                                0x7ffa126ef94e
                                                                                                                0x7ffa126ef959
                                                                                                                0x7ffa126ef95e
                                                                                                                0x7ffa126ef970
                                                                                                                0x7ffa126ef972
                                                                                                                0x7ffa126ef975
                                                                                                                0x7ffa126ef979
                                                                                                                0x7ffa126ef97d
                                                                                                                0x7ffa126ef980
                                                                                                                0x7ffa126ef984
                                                                                                                0x7ffa126ef989
                                                                                                                0x7ffa126ef992
                                                                                                                0x7ffa126ef997
                                                                                                                0x7ffa126ef99b
                                                                                                                0x7ffa126ef9a0
                                                                                                                0x7ffa126ef9a3
                                                                                                                0x7ffa126ef9ad
                                                                                                                0x7ffa126ef9b3
                                                                                                                0x7ffa126ef9b9
                                                                                                                0x7ffa126ef9c6
                                                                                                                0x7ffa126ef9ca
                                                                                                                0x7ffa126ef9cd
                                                                                                                0x7ffa126ef9d2
                                                                                                                0x7ffa126ef9de
                                                                                                                0x7ffa126ef9f5
                                                                                                                0x7ffa126efa02
                                                                                                                0x7ffa126efa07
                                                                                                                0x7ffa126efa1d
                                                                                                                0x7ffa126efa31
                                                                                                                0x7ffa126efa3a
                                                                                                                0x7ffa126efa44
                                                                                                                0x7ffa126efa4e
                                                                                                                0x7ffa126efa59
                                                                                                                0x7ffa126efa69
                                                                                                                0x7ffa126efa7e
                                                                                                                0x7ffa126efa80
                                                                                                                0x7ffa126efa86
                                                                                                                0x7ffa126efabb

                                                                                                                APIs
                                                                                                                • memchr.VCRUNTIME140 ref: 00007FFA126EF738
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EF7C4
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EF822
                                                                                                                • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FFA126EF863
                                                                                                                • ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140 ref: 00007FFA126EF880
                                                                                                                • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FFA126EF8B4
                                                                                                                • memchr.VCRUNTIME140 ref: 00007FFA126EF93D
                                                                                                                • ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FFA126EFA44
                                                                                                                • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FFA126EFA4E
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EFA80
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: U?$char_traits@$D@std@@@std@@$_invalid_parameter_noinfo_noreturn$memchr$??0?$basic_ios@??0?$basic_iostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_iostream@D@std@@@1@@V?$basic_streambuf@
                                                                                                                • String ID: monitor_closeport {:#x}
                                                                                                                • API String ID: 4289661960-2839211239
                                                                                                                • Opcode ID: c82c8cd502e6721fab7b8271672f7f60528b4d1c490a7fec126fe6135d168e8b
                                                                                                                • Instruction ID: 1d565f921001163612ed6053449f4afc78e4773e02d1c7f06aa6d24fca6e7405
                                                                                                                • Opcode Fuzzy Hash: c82c8cd502e6721fab7b8271672f7f60528b4d1c490a7fec126fe6135d168e8b
                                                                                                                • Instruction Fuzzy Hash: 7CC16062A08E8186FB10CB25E4443AA27A1FB477B4F518635EA6D177EDDFBCD449CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E3FD0 Relevance: 18.4, APIs: 5, Strings: 7, Instructions: 418COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 21%
                                                                                                                			E00007FFA7FFA126E3FD0() {
				void* _t109;
				signed int _t119;
				void* _t120;
				signed int _t123;
				void* _t127;
				signed int _t129;
				signed int _t138;
				void* _t172;
				signed long long _t186;
				signed long long _t187;
				long long _t188;
				intOrPtr* _t189;
				long long _t190;
				long long _t192;
				intOrPtr* _t195;
				intOrPtr* _t196;
				long long _t200;
				intOrPtr* _t203;
				long long _t204;
				long long _t206;
				signed long long _t208;
				signed long long _t209;
				long long* _t211;
				signed long long _t212;
				signed char* _t216;
				signed char* _t217;
				void* _t218;
				long long* _t219;
				intOrPtr* _t221;
				void* _t235;
				intOrPtr _t239;
				void* _t252;
				long long _t254;
				long long _t275;
				char* _t277;
				void* _t280;
				signed char* _t281;
				signed char* _t282;
				signed char* _t283;
				int _t285;
				long long* _t286;
				void* _t287;
				void* _t289;
				signed long long _t290;
				void* _t300;
				void* _t303;
				long long _t304;
				long long _t306;
				long long _t307;
				intOrPtr _t309;
				long long _t310;
				signed long long _t312;
				int _t313;
				char* _t314;
				long long _t316;
				void* _t317;
				long long _t319;
				void* _t321;
				intOrPtr _t323;

				_t303 = _t289;
				_t290 = _t289 - 0x118;
				_t186 =  *0x1272ec78; // 0xf623ed34940b
				_t187 = _t186 ^ _t290;
				 *(_t303 - 0x30) = _t187;
				_t314 =  *_t221;
				_t286 = _t254;
				_t319 =  *((intOrPtr*)(_t221 + 8)) + _t314;
				 *((long long*)(_t290 + 0x58)) = _t254;
				 *((long long*)(_t290 + 0x50)) = _t319;
				if (_t314 == _t319) goto 0x126e4608;
				 *((long long*)(_t303 + 0x18)) = _t206;
				 *((long long*)(_t303 - 0x28)) = _t275;
				 *((long long*)(_t303 - 0x30)) = _t304;
				 *((long long*)(_t303 - 0x38)) = _t310;
				if ( *_t314 == 0x7b) goto 0x126e405c;
				memchr(_t317, _t313, _t285);
				_t312 = _t187;
				if (_t187 == 0) goto 0x126e45be;
				if (_t314 == _t312) goto 0x126e4160;
				memchr(_t287, ??);
				if (_t187 == 0) goto 0x126e4106;
				_t277 = _t187 + 1;
				if (_t277 == _t312) goto 0x126e418b;
				if ( *_t277 != 0x7d) goto 0x126e418b;
				_t208 =  *(_t286 + 0x18);
				_t321 = _t277 - _t314;
				_t188 =  *((intOrPtr*)(_t208 + 0x10));
				 *((long long*)(_t290 + 0x20)) = _t188;
				_t306 = _t188 + _t321;
				if (_t306 -  *((intOrPtr*)(_t208 + 0x18)) <= 0) goto 0x126e40c1;
				_t189 =  *_t208;
				 *_t189();
				 *((long long*)(_t208 + 0x10)) = _t306;
				if (_t321 == 0) goto 0x126e40de;
				memmove(??, ??, ??);
				_t20 = _t277 + 1; // 0x2
				 *(_t286 + 0x18) = _t208;
				memchr(??, ??, ??);
				if (_t189 != 0) goto 0x126e4084;
				_t209 =  *(_t286 + 0x18);
				_t280 = _t312 - _t20;
				_t190 =  *((intOrPtr*)(_t209 + 0x10));
				 *((long long*)(_t290 + 0x20)) = _t190;
				_t307 = _t190 + _t280;
				if (_t307 -  *((intOrPtr*)(_t209 + 0x18)) <= 0) goto 0x126e412e;
				 *((intOrPtr*)( *_t209))();
				 *((long long*)(_t209 + 0x10)) = _t307;
				if (_t280 == 0) goto 0x126e414b;
				memmove(??, ??, ??);
				 *(_t286 + 0x18) = _t209;
				_t33 = _t312 + 1; // 0x1
				_t281 = _t33;
				if (_t281 ==  *((intOrPtr*)(_t290 + 0x50))) goto 0x126e45d9;
				_t138 =  *_t281 & 0x000000ff;
				if (_t138 != 0x7d) goto 0x126e422a;
				r8d =  *((intOrPtr*)(_t286 + 0x10));
				if (r8d < 0) goto 0x126e41a1;
				 *((intOrPtr*)(_t286 + 0x10)) = _t280 + 1;
				goto 0x126e41b3;
				E00007FFA7FFA127050C0(0x43ffffff, "unmatched \'}\' in format string");
				_t323 =  *((intOrPtr*)(_t290 + 0x50));
				goto 0x126e414f;
				_t109 = E00007FFA7FFA127050C0(0x43ffffff, "cannot switch from manual to automatic argument indexing");
				r8d = 0;
				_t211 = _t286 + 0x18;
				E00007FFA7FFA126E2960(_t109, _t290 + 0x28, _t211, _t280);
				asm("movups xmm0, [eax]");
				asm("inc ecx");
				asm("movsd xmm1, [eax+0x10]");
				asm("repne inc ecx");
				_t192 =  *_t286;
				_t235 = _t281 - _t192;
				 *((long long*)(_t290 + 0x38)) = 0;
				 *((long long*)(_t290 + 0x40)) = _t211;
				 *_t286 = _t192 + _t235;
				 *((intOrPtr*)(_t286 + 8)) =  *((intOrPtr*)(_t286 + 8)) - _t235;
				 *((long long*)(_t290 + 0x28)) =  *_t211;
				_t195 =  *((intOrPtr*)(_t211 + 0x28));
				 *((long long*)(_t290 + 0x30)) = _t195;
				 *((long long*)(_t290 + 0x48)) = _t286;
				E00007FFA7FFA126E4AF0();
				 *_t211 =  *_t195;
				goto 0x126e45b0;
				if (_t138 != 0x7b) goto 0x126e4265;
				_t212 =  *(_t286 + 0x18);
				_t309 =  *((intOrPtr*)(_t212 + 0x10));
				_t316 = _t309 + 1;
				if (_t316 -  *((intOrPtr*)(_t212 + 0x18)) <= 0) goto 0x126e424d;
				_t196 =  *_t212;
				 *_t196();
				_t239 =  *((intOrPtr*)(_t212 + 8));
				 *((long long*)(_t212 + 0x10)) = _t316;
				 *((char*)(_t309 + _t239)) =  *_t281 & 0x000000ff;
				 *(_t286 + 0x18) = _t212;
				goto 0x126e45b0;
				if (_t138 == 0x3a) goto 0x126e43e0;
				if (_t239 - 0x30 - 9 > 0) goto 0x126e4342;
				if (_t138 == 0x30) goto 0x126e42d4;
				if (0 - 0xccccccc > 0) goto 0x126e42be;
				_t282 =  &(_t281[1]);
				if (_t282 == _t323) goto 0x126e42a5;
				if (( *_t282 & 0x000000ff) - 0x30 - 9 <= 0) goto 0x126e4280;
				if (_t196 + _t212 * 2 - 0x7fffffff <= 0) goto 0x126e42d7;
				E00007FFA7FFA127050C0(_t212, "number is too big");
				goto 0x126e42d7;
				E00007FFA7FFA127050C0(_t212, "number is too big");
				goto 0x126e42d7;
				_t283 =  &(_t282[1]);
				if (_t283 == _t323) goto 0x126e432e;
				_t119 =  *_t283 & 0x000000ff;
				if (_t119 == 0x7d) goto 0x126e42e7;
				if (_t119 != 0x3a) goto 0x126e432e;
				if ( *((intOrPtr*)(_t286 + 0x10)) <= 0) goto 0x126e42fe;
				_t120 = E00007FFA7FFA127050C0(_t212, "cannot switch from automatic to manual argument indexing");
				goto 0x126e4305;
				 *((intOrPtr*)(_t286 + 0x10)) = 0xffffffff;
				r8d = 0x80000000;
				E00007FFA7FFA126E2960(_t120, _t303 - 0xffffffffffffffe8, _t286 + 0x18, _t286 + 0x48);
				asm("movups xmm0, [eax]");
				asm("movups [esi+0x48], xmm0");
				asm("movsd xmm1, [eax+0x10]");
				asm("movsd [esi+0x58], xmm1");
				goto 0x126e43bb;
				E00007FFA7FFA127050C0(_t283, "invalid format string");
				goto 0x126e43bb;
				_t172 = _t138 - 0x41 - 0x39;
				if (_t172 > 0) goto 0x126e43cf;
				asm("dec eax");
				if (_t172 >= 0) goto 0x126e43cf;
				_t216 =  &(_t283[1]);
				if (_t216 == _t323) goto 0x126e4387;
				_t123 =  *_t216 & 0x000000ff;
				if (_t123 - 0x61 < 0) goto 0x126e4373;
				if (_t123 - 0x7a <= 0) goto 0x126e4360;
				if (_t123 - 0x41 < 0) goto 0x126e437b;
				if (_t123 - 0x5a <= 0) goto 0x126e4360;
				if (_t123 == 0x5f) goto 0x126e4360;
				if (_t123 - 0x30 < 0) goto 0x126e4387;
				if (_t123 - 0x39 <= 0) goto 0x126e4360;
				 *(_t290 + 0x60) = _t283;
				_t300 = _t290 + 0x60;
				 *((long long*)(_t290 + 0x68)) = _t216 - _t283;
				E00007FFA7FFA126E8EE0(_t216, _t286 + 0x18, _t290 + 0x28, _t303 - 0x38, _t300);
				asm("movups xmm0, [eax]");
				asm("movups [esi+0x48], xmm0");
				asm("movsd xmm1, [eax+0x10]");
				asm("movsd [esi+0x58], xmm1");
				if (_t216 != _t323) goto 0x126e4425;
				goto 0x126e45e0;
				E00007FFA7FFA127050C0(_t216, "invalid format string");
				goto 0x126e4422;
				r8d =  *((intOrPtr*)(_t286 + 0x10));
				if (r8d < 0) goto 0x126e43f2;
				 *((intOrPtr*)(_t286 + 0x10)) = _t300 + 1;
				goto 0x126e4404;
				_t127 = E00007FFA7FFA127050C0(_t216, "cannot switch from manual to automatic argument indexing");
				r8d = 0;
				E00007FFA7FFA126E2960(_t127, _t303, _t286 + 0x18, _t300);
				asm("movups xmm0, [eax]");
				asm("movups [esi+0x48], xmm0");
				asm("movsd xmm1, [eax+0x10]");
				asm("movsd [esi+0x58], xmm1");
				_t217 = _t216;
				_t129 =  *_t217 & 0x000000ff;
				if (_t129 != 0x7d) goto 0x126e4482;
				_t200 =  *_t286;
				_t218 = _t217 - _t200;
				 *((long long*)(_t290 + 0x38)) = 0;
				 *((long long*)(_t290 + 0x48)) = _t286;
				 *_t286 = _t200 + _t218;
				 *((intOrPtr*)(_t286 + 8)) =  *((intOrPtr*)(_t286 + 8)) - _t218;
				_t219 = _t286 + 0x18;
				 *((long long*)(_t290 + 0x28)) =  *(_t286 + 0x18);
				_t203 =  *((intOrPtr*)(_t219 + 0x28));
				 *((long long*)(_t290 + 0x30)) = _t203;
				 *((long long*)(_t290 + 0x40)) = _t219;
				E00007FFA7FFA126E4AF0();
				 *_t219 =  *_t203;
				goto 0x126e45b0;
				if (_t129 != 0x3a) goto 0x126e43c3;
				_t204 =  *_t286;
				_t252 = _t219 + 1 - _t204;
				 *_t286 = _t204 + _t252;
				 *((intOrPtr*)(_t286 + 8)) =  *((intOrPtr*)(_t286 + 8)) - _t252;
				if ( *((intOrPtr*)(_t286 + 0x58)) + 0xfffffffe - 0xe > 0) goto 0x126e44e2;
				goto __rcx;
			}






























































                                                                                                                0x7ffa126e3fd0
                                                                                                                0x7ffa126e3fdd
                                                                                                                0x7ffa126e3fe4
                                                                                                                0x7ffa126e3feb
                                                                                                                0x7ffa126e3fee
                                                                                                                0x7ffa126e3ff2
                                                                                                                0x7ffa126e3ff5
                                                                                                                0x7ffa126e3ffc
                                                                                                                0x7ffa126e3fff
                                                                                                                0x7ffa126e4004
                                                                                                                0x7ffa126e400c
                                                                                                                0x7ffa126e4012
                                                                                                                0x7ffa126e4016
                                                                                                                0x7ffa126e401a
                                                                                                                0x7ffa126e401e
                                                                                                                0x7ffa126e403a
                                                                                                                0x7ffa126e404b
                                                                                                                0x7ffa126e4050
                                                                                                                0x7ffa126e4056
                                                                                                                0x7ffa126e405f
                                                                                                                0x7ffa126e4073
                                                                                                                0x7ffa126e407e
                                                                                                                0x7ffa126e4084
                                                                                                                0x7ffa126e408a
                                                                                                                0x7ffa126e4093
                                                                                                                0x7ffa126e4099
                                                                                                                0x7ffa126e40a0
                                                                                                                0x7ffa126e40a3
                                                                                                                0x7ffa126e40a7
                                                                                                                0x7ffa126e40ac
                                                                                                                0x7ffa126e40b4
                                                                                                                0x7ffa126e40b6
                                                                                                                0x7ffa126e40bf
                                                                                                                0x7ffa126e40ca
                                                                                                                0x7ffa126e40d1
                                                                                                                0x7ffa126e40d9
                                                                                                                0x7ffa126e40de
                                                                                                                0x7ffa126e40e2
                                                                                                                0x7ffa126e40f4
                                                                                                                0x7ffa126e40ff
                                                                                                                0x7ffa126e4106
                                                                                                                0x7ffa126e410d
                                                                                                                0x7ffa126e4110
                                                                                                                0x7ffa126e4114
                                                                                                                0x7ffa126e4119
                                                                                                                0x7ffa126e4121
                                                                                                                0x7ffa126e412c
                                                                                                                0x7ffa126e4137
                                                                                                                0x7ffa126e413e
                                                                                                                0x7ffa126e4146
                                                                                                                0x7ffa126e414b
                                                                                                                0x7ffa126e4160
                                                                                                                0x7ffa126e4160
                                                                                                                0x7ffa126e4167
                                                                                                                0x7ffa126e416d
                                                                                                                0x7ffa126e4173
                                                                                                                0x7ffa126e4179
                                                                                                                0x7ffa126e4180
                                                                                                                0x7ffa126e4186
                                                                                                                0x7ffa126e4189
                                                                                                                0x7ffa126e4195
                                                                                                                0x7ffa126e419a
                                                                                                                0x7ffa126e419f
                                                                                                                0x7ffa126e41ab
                                                                                                                0x7ffa126e41b0
                                                                                                                0x7ffa126e41b3
                                                                                                                0x7ffa126e41bf
                                                                                                                0x7ffa126e41d0
                                                                                                                0x7ffa126e41d3
                                                                                                                0x7ffa126e41d7
                                                                                                                0x7ffa126e41dc
                                                                                                                0x7ffa126e41e2
                                                                                                                0x7ffa126e41e5
                                                                                                                0x7ffa126e41e8
                                                                                                                0x7ffa126e41f4
                                                                                                                0x7ffa126e41f9
                                                                                                                0x7ffa126e41fc
                                                                                                                0x7ffa126e4207
                                                                                                                0x7ffa126e420c
                                                                                                                0x7ffa126e4210
                                                                                                                0x7ffa126e4215
                                                                                                                0x7ffa126e421a
                                                                                                                0x7ffa126e4222
                                                                                                                0x7ffa126e4225
                                                                                                                0x7ffa126e422d
                                                                                                                0x7ffa126e422f
                                                                                                                0x7ffa126e4233
                                                                                                                0x7ffa126e4237
                                                                                                                0x7ffa126e4240
                                                                                                                0x7ffa126e4242
                                                                                                                0x7ffa126e424b
                                                                                                                0x7ffa126e424d
                                                                                                                0x7ffa126e4251
                                                                                                                0x7ffa126e4258
                                                                                                                0x7ffa126e425c
                                                                                                                0x7ffa126e4260
                                                                                                                0x7ffa126e4268
                                                                                                                0x7ffa126e4273
                                                                                                                0x7ffa126e427e
                                                                                                                0x7ffa126e4286
                                                                                                                0x7ffa126e428e
                                                                                                                0x7ffa126e429a
                                                                                                                0x7ffa126e42a3
                                                                                                                0x7ffa126e42ab
                                                                                                                0x7ffa126e42b7
                                                                                                                0x7ffa126e42bc
                                                                                                                0x7ffa126e42cd
                                                                                                                0x7ffa126e42d2
                                                                                                                0x7ffa126e42d4
                                                                                                                0x7ffa126e42da
                                                                                                                0x7ffa126e42dc
                                                                                                                0x7ffa126e42e1
                                                                                                                0x7ffa126e42e5
                                                                                                                0x7ffa126e42eb
                                                                                                                0x7ffa126e42f7
                                                                                                                0x7ffa126e42fc
                                                                                                                0x7ffa126e42fe
                                                                                                                0x7ffa126e4309
                                                                                                                0x7ffa126e4310
                                                                                                                0x7ffa126e4318
                                                                                                                0x7ffa126e431b
                                                                                                                0x7ffa126e431f
                                                                                                                0x7ffa126e4324
                                                                                                                0x7ffa126e4329
                                                                                                                0x7ffa126e4338
                                                                                                                0x7ffa126e4340
                                                                                                                0x7ffa126e4345
                                                                                                                0x7ffa126e4348
                                                                                                                0x7ffa126e4352
                                                                                                                0x7ffa126e4356
                                                                                                                0x7ffa126e4360
                                                                                                                0x7ffa126e4366
                                                                                                                0x7ffa126e4368
                                                                                                                0x7ffa126e436d
                                                                                                                0x7ffa126e4371
                                                                                                                0x7ffa126e4375
                                                                                                                0x7ffa126e4379
                                                                                                                0x7ffa126e437d
                                                                                                                0x7ffa126e4381
                                                                                                                0x7ffa126e4385
                                                                                                                0x7ffa126e438a
                                                                                                                0x7ffa126e4396
                                                                                                                0x7ffa126e439b
                                                                                                                0x7ffa126e43a5
                                                                                                                0x7ffa126e43aa
                                                                                                                0x7ffa126e43ad
                                                                                                                0x7ffa126e43b1
                                                                                                                0x7ffa126e43b6
                                                                                                                0x7ffa126e43c1
                                                                                                                0x7ffa126e43ca
                                                                                                                0x7ffa126e43d9
                                                                                                                0x7ffa126e43de
                                                                                                                0x7ffa126e43e0
                                                                                                                0x7ffa126e43e7
                                                                                                                0x7ffa126e43ed
                                                                                                                0x7ffa126e43f0
                                                                                                                0x7ffa126e43fc
                                                                                                                0x7ffa126e4401
                                                                                                                0x7ffa126e440c
                                                                                                                0x7ffa126e4411
                                                                                                                0x7ffa126e4414
                                                                                                                0x7ffa126e4418
                                                                                                                0x7ffa126e441d
                                                                                                                0x7ffa126e4422
                                                                                                                0x7ffa126e4425
                                                                                                                0x7ffa126e442a
                                                                                                                0x7ffa126e442c
                                                                                                                0x7ffa126e4433
                                                                                                                0x7ffa126e4436
                                                                                                                0x7ffa126e4442
                                                                                                                0x7ffa126e4447
                                                                                                                0x7ffa126e444f
                                                                                                                0x7ffa126e445b
                                                                                                                0x7ffa126e445f
                                                                                                                0x7ffa126e4464
                                                                                                                0x7ffa126e4468
                                                                                                                0x7ffa126e446d
                                                                                                                0x7ffa126e4472
                                                                                                                0x7ffa126e447a
                                                                                                                0x7ffa126e447d
                                                                                                                0x7ffa126e4484
                                                                                                                0x7ffa126e448a
                                                                                                                0x7ffa126e4498
                                                                                                                0x7ffa126e449e
                                                                                                                0x7ffa126e44a1
                                                                                                                0x7ffa126e44ae
                                                                                                                0x7ffa126e44bd

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memchr$memmove$ExceptionThrow
                                                                                                                • String ID: cannot switch from automatic to manual argument indexing$cannot switch from manual to automatic argument indexing$invalid format string$missing '}' in format string$number is too big$unknown format specifier$unmatched '}' in format string
                                                                                                                • API String ID: 2627924257-2192562433
                                                                                                                • Opcode ID: b96c33d5ff3ea411e7be1b182a251db825c6e0ec77769b07ecf12c77f270e386
                                                                                                                • Instruction ID: b3db5f180620e7179bab39e2a3b743e5593050e9258675df6c4de53a7cf68fbb
                                                                                                                • Opcode Fuzzy Hash: b96c33d5ff3ea411e7be1b182a251db825c6e0ec77769b07ecf12c77f270e386
                                                                                                                • Instruction Fuzzy Hash: CB129F22A08F4586EB20CF25E4402AE77E1FB46BA4F558136EB9D47799DFBCE145CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA127077F0 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 311COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 31%
                                                                                                                			E00007FFA7FFA127077F0(void* __esi, void* __eflags, intOrPtr* __rax, void* __rbx, signed char* __rcx, void* __rdx, void* __r8, void* __r9) {
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t102;
				void* _t106;
				void* _t111;
				void* _t112;
				signed int _t118;
				signed int _t119;
				signed int _t123;
				void* _t128;
				void* _t129;
				void* _t134;
				signed int _t136;
				void* _t137;
				intOrPtr* _t163;
				signed long long _t164;
				intOrPtr* _t166;
				signed char* _t167;
				signed char* _t169;
				intOrPtr* _t171;
				signed char* _t172;
				signed long long _t179;
				signed char* _t191;
				long long _t192;
				long long _t194;
				long long* _t214;
				signed long long _t224;
				signed int _t237;
				intOrPtr _t239;
				signed long long _t243;
				void* _t245;
				signed long long _t248;
				void* _t250;
				signed int* _t251;
				void* _t253;
				void* _t254;
				void* _t256;
				void* _t258;
				signed long long _t259;
				intOrPtr _t264;
				long long _t268;
				intOrPtr* _t276;
				intOrPtr _t283;
				void* _t284;
				void* _t287;
				signed int* _t288;
				void* _t290;
				signed char* _t291;
				signed int _t292;
				long long _t294;

				_t163 = __rax;
				_t128 = __eflags;
				_push(__rbx);
				_t191 = __rcx;
				_t102 = E00007FFA7FFA127075D0(__rcx, __rdx, __r8, __r9);
				_t258 = _t256 - 0x20 + 0x20;
				_pop(_t192);
				goto 0x12707810;
				asm("int3");
				asm("int3");
				 *((long long*)(_t258 + 0x18)) = _t192;
				_t254 = _t258 - 0x27;
				_t259 = _t258 - 0xe0;
				_t164 =  *0x1272ec78; // 0xf623ed34940b
				 *(_t254 + 0x17) = _t164 ^ _t259;
				_t291 = _t191;
				_t288 =  *_t163;
				__imp__AcquireSRWLockShared(_t250, _t253);
				_t251 =  &(_t288[0xc]);
				_t263 =  *_t251 & 0xfffffffe;
				if (_t128 == 0) goto 0x127078ed;
				asm("o16 nop [eax+eax]");
				_t5 = _t263 + 0x20; // 0x20
				_t166 = _t5;
				_t129 =  *((long long*)(_t166 + 0x18)) - 0x10;
				if (_t129 < 0) goto 0x1270786e;
				_t167 =  *_t166;
				_t118 = _t167[_t291 - _t167] & 0x000000ff;
				if (_t129 != 0) goto 0x12707887;
				if (_t118 != 0) goto 0x12707874;
				if (( *_t167 & 0x000000ff) - _t118 >= 0) goto 0x12707891;
				_t264 =  *((intOrPtr*)(( *_t251 & 0xfffffffe) + 0x10));
				goto 0x12707898;
				_t283 = _t264;
				if ( *((intOrPtr*)(_t264 + 8)) != 0) goto 0x12707860;
				if (_t283 == _t251) goto 0x127078ed;
				_t10 = _t283 + 0x20; // 0x20
				_t276 = _t10;
				_t134 =  *((long long*)(_t276 + 0x18)) - 0x10;
				if (_t134 < 0) goto 0x127078b0;
				_t169 = _t291;
				asm("o16 nop [eax+eax]");
				r8d =  *_t169 & 0x000000ff;
				_t123 = _t169[ *_t276 - _t291] & 0x000000ff;
				r8d = r8d - _t123;
				if (_t134 != 0) goto 0x127078d5;
				if (_t123 != 0) goto 0x127078c0;
				_t136 = r8d;
				if (_t136 < 0) goto 0x127078ed;
				__imp__ReleaseSRWLockShared();
				goto 0x12707bd5;
				__imp__ReleaseSRWLockShared();
				 *(_t254 - 0x79) = _t288;
				__imp__AcquireSRWLockExclusive();
				_t267 =  *_t251 & 0xfffffffe;
				if (_t136 == 0) goto 0x12707959;
				_t15 = _t267 + 0x20; // 0x20
				_t171 = _t15;
				_t137 =  *((long long*)(_t171 + 0x18)) - 0x10;
				if (_t137 < 0) goto 0x1270791f;
				_t172 =  *_t171;
				asm("o16 nop [eax+eax]");
				_t119 = _t172[_t291 - _t172] & 0x000000ff;
				if (_t137 != 0) goto 0x12707943;
				if (_t119 != 0) goto 0x12707930;
				if (( *_t172 & 0x000000ff) - _t119 >= 0) goto 0x1270794d;
				_t268 =  *((intOrPtr*)(( *_t251 & 0xfffffffe) + 0x10));
				goto 0x12707954;
				_t194 = _t268;
				if ( *((intOrPtr*)(_t268 + 8)) != 0) goto 0x12707911;
				if (_t194 == _t251) goto 0x127079a2;
				if (_t291[0xffffffffffffffff] != 0) goto 0x12707970;
				if ( *((long long*)(_t194 + 0x38)) - 0x10 < 0) goto 0x12707989;
				if ( *((intOrPtr*)(_t194 + 0x30)) != 0xffffffff) goto 0x127079a2;
				0x12717101();
				if (_t102 == 0) goto 0x12707bc8;
				if (_t288[0xa] >= 0) goto 0x12707bfe;
				r15d = 0;
				 *((long long*)(_t254 - 0x39)) = _t294;
				 *((long long*)(_t254 - 0x31)) = 0xf;
				 *((intOrPtr*)(_t254 - 0x49)) = r15b;
				if (_t291[0xffffffffffffffff] != r15b) goto 0x127079c7;
				E00007FFA7FFA126E9100(_t194, _t254 - 0x49, _t291, 0xffffffff, _t291);
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp-0x29], xmm0");
				 *((long long*)(_t254 - 0x19)) = _t294;
				 *((intOrPtr*)(_t254 - 0x11)) = r12d;
				E00007FFA7FFA126ED4C0(0, _t194, _t254 - 9, _t254 - 0x49, _t251);
				if (_t288[6] - _t288[0xa] + 1 > 0) goto 0x12707a25;
				_t106 = E00007FFA7FFA127072E0(_t288[0xa] + 1, _t194,  &(_t288[2]), _t288[6], 0, _t251, _t254, _t294, _t290);
				_t237 = _t288[6];
				_t288[8] = _t288[8] & _t237 - 0x00000001;
				_t179 = _t237 - 0x00000001 & _t288[0xa] + _t288[8];
				_t292 = _t179 * 8;
				if ( *((long long*)(_t288[4] + _t292)) != 0) goto 0x12707a61;
				E00007FFA7FFA127056A8(_t106, _t179, _t288[4]);
				 *(_t292 + _t288[4]) = _t179;
				_t214 =  *((intOrPtr*)(_t288[4] + _t292));
				 *_t214 = _t294;
				 *((long long*)(_t214 + 8)) = _t294;
				 *((long long*)(_t214 + 0x10)) = _t294;
				 *((intOrPtr*)(_t214 + 0x18)) =  *((intOrPtr*)(_t254 - 0x11));
				E00007FFA7FFA126ED4C0(_t179, _t194, _t214 + 0x20, _t254 - 9, _t251);
				_t288[0xa] = _t288[0xa] + 1;
				E00007FFA7FFA126E8A60(_t254 - 9);
				_t239 =  *((intOrPtr*)(_t254 - 0x31));
				if (_t239 - 0x10 < 0) goto 0x12707ad0;
				if (_t239 + 1 - 0x1000 < 0) goto 0x12707aca;
				if ( *((intOrPtr*)(_t254 - 0x49)) -  *((intOrPtr*)( *((intOrPtr*)(_t254 - 0x49)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x12707aca;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t111 = E00007FFA7FFA127056E4();
				_t248 =  *((intOrPtr*)(_t288[4] + (_t288[6] - 0x00000001 & _t288[0xa] - 0x00000001 + _t288[8]) * 8));
				 *(_t254 - 0x61) = 0;
				 *((long long*)(_t254 - 0x59)) = _t294;
				 *((long long*)(_t254 - 0x69)) = _t194;
				 *(_t254 - 0x79) = _t251;
				 *(_t254 - 0x71) = _t251;
				 *((long long*)(_t259 + 0x30)) = _t294;
				 *((long long*)(_t259 + 0x28)) = _t254 - 0x61;
				 *((long long*)(_t259 + 0x20)) = _t254 - 0x71;
				_t112 = E00007FFA7FFA12706B00(_t111, _t194, _t254 - 0x49, _t254 - 0x79, _t248, _t251, _t254, _t254 - 0x69, _t248, _t287, _t284, _t245);
				if ( *((char*)(_t254 - 0x41)) == 0) goto 0x12707bc4;
				_t243 =  *((intOrPtr*)(_t254 - 0x59));
				r8d =  *(_t254 - 0x61) & 0x000000ff;
				if (r8b != 0) goto 0x12707b70;
				if ( *(_t243 + 0x10) != 0) goto 0x12707b70;
				_t224 =  *_t243 & 0xfffffffe;
				if (_t243 !=  *((intOrPtr*)(_t224 + 0x10))) goto 0x12707b70;
				if (_t224 ==  *((intOrPtr*)(( *_t224 & 0xfffffffe) + 0x10))) goto 0x12707b60;
				if (_t243 != _t251) goto 0x12707b82;
				 *_t251 =  *_t251 & 0x00000001;
				 *_t251 =  *_t251 | _t248;
				_t251[2] = _t248;
				goto 0x12707ba1;
				if (r8b == 0) goto 0x12707b97;
				 *(_t243 + 8) = _t248;
				if (_t243 != _t251[2]) goto 0x12707ba5;
				_t251[2] = _t248;
				goto 0x12707ba5;
				 *(_t243 + 0x10) = _t248;
				if (_t243 != _t251[4]) goto 0x12707ba5;
				_t251[4] = _t248;
				 *_t248 =  *_t248 & 0x00000001;
				 *_t248 =  *_t248 | _t243;
				 *((long long*)(_t248 + 0x10)) = _t294;
				 *((long long*)(_t248 + 8)) = _t294;
				E00007FFA7FFA12707CF0(_t112, 0x40, _t251, _t248);
				goto 0x12707bc8;
				__imp__ReleaseSRWLockExclusive();
				return E00007FFA7FFA12705E20( *((intOrPtr*)( *((intOrPtr*)(_t254 - 0x49)) + 0x18)), 0x40,  *(_t254 + 0x17) ^ _t259);
			}






















































                                                                                                                0x7ffa127077f0
                                                                                                                0x7ffa127077f0
                                                                                                                0x7ffa127077f0
                                                                                                                0x7ffa127077f6
                                                                                                                0x7ffa127077f9
                                                                                                                0x7ffa12707804
                                                                                                                0x7ffa12707808
                                                                                                                0x7ffa12707809
                                                                                                                0x7ffa1270780e
                                                                                                                0x7ffa1270780f
                                                                                                                0x7ffa12707810
                                                                                                                0x7ffa12707820
                                                                                                                0x7ffa12707825
                                                                                                                0x7ffa1270782c
                                                                                                                0x7ffa12707836
                                                                                                                0x7ffa1270783a
                                                                                                                0x7ffa1270783d
                                                                                                                0x7ffa12707840
                                                                                                                0x7ffa12707846
                                                                                                                0x7ffa12707850
                                                                                                                0x7ffa12707854
                                                                                                                0x7ffa1270785a
                                                                                                                0x7ffa12707860
                                                                                                                0x7ffa12707860
                                                                                                                0x7ffa12707864
                                                                                                                0x7ffa12707869
                                                                                                                0x7ffa1270786b
                                                                                                                0x7ffa12707877
                                                                                                                0x7ffa1270787e
                                                                                                                0x7ffa12707885
                                                                                                                0x7ffa12707889
                                                                                                                0x7ffa1270788b
                                                                                                                0x7ffa1270788f
                                                                                                                0x7ffa12707891
                                                                                                                0x7ffa1270789b
                                                                                                                0x7ffa127078a0
                                                                                                                0x7ffa127078a2
                                                                                                                0x7ffa127078a2
                                                                                                                0x7ffa127078a6
                                                                                                                0x7ffa127078ab
                                                                                                                0x7ffa127078b0
                                                                                                                0x7ffa127078b6
                                                                                                                0x7ffa127078c0
                                                                                                                0x7ffa127078c4
                                                                                                                0x7ffa127078c9
                                                                                                                0x7ffa127078cc
                                                                                                                0x7ffa127078d3
                                                                                                                0x7ffa127078d5
                                                                                                                0x7ffa127078d8
                                                                                                                0x7ffa127078e1
                                                                                                                0x7ffa127078e8
                                                                                                                0x7ffa127078f0
                                                                                                                0x7ffa127078f7
                                                                                                                0x7ffa127078fe
                                                                                                                0x7ffa1270790b
                                                                                                                0x7ffa1270790f
                                                                                                                0x7ffa12707911
                                                                                                                0x7ffa12707911
                                                                                                                0x7ffa12707915
                                                                                                                0x7ffa1270791a
                                                                                                                0x7ffa1270791c
                                                                                                                0x7ffa12707925
                                                                                                                0x7ffa12707933
                                                                                                                0x7ffa1270793a
                                                                                                                0x7ffa12707941
                                                                                                                0x7ffa12707945
                                                                                                                0x7ffa12707947
                                                                                                                0x7ffa1270794b
                                                                                                                0x7ffa1270794d
                                                                                                                0x7ffa12707957
                                                                                                                0x7ffa12707963
                                                                                                                0x7ffa12707978
                                                                                                                0x7ffa12707983
                                                                                                                0x7ffa12707990
                                                                                                                0x7ffa12707995
                                                                                                                0x7ffa1270799c
                                                                                                                0x7ffa127079ae
                                                                                                                0x7ffa127079b4
                                                                                                                0x7ffa127079b7
                                                                                                                0x7ffa127079bb
                                                                                                                0x7ffa127079c3
                                                                                                                0x7ffa127079ce
                                                                                                                0x7ffa127079da
                                                                                                                0x7ffa127079e0
                                                                                                                0x7ffa127079e3
                                                                                                                0x7ffa127079e8
                                                                                                                0x7ffa127079ec
                                                                                                                0x7ffa127079f8
                                                                                                                0x7ffa12707a0d
                                                                                                                0x7ffa12707a18
                                                                                                                0x7ffa12707a1d
                                                                                                                0x7ffa12707a29
                                                                                                                0x7ffa12707a35
                                                                                                                0x7ffa12707a38
                                                                                                                0x7ffa12707a49
                                                                                                                0x7ffa12707a50
                                                                                                                0x7ffa12707a59
                                                                                                                0x7ffa12707a61
                                                                                                                0x7ffa12707a65
                                                                                                                0x7ffa12707a68
                                                                                                                0x7ffa12707a6c
                                                                                                                0x7ffa12707a73
                                                                                                                0x7ffa12707a7e
                                                                                                                0x7ffa12707a83
                                                                                                                0x7ffa12707a8b
                                                                                                                0x7ffa12707a91
                                                                                                                0x7ffa12707a99
                                                                                                                0x7ffa12707aac
                                                                                                                0x7ffa12707ac1
                                                                                                                0x7ffa12707ac3
                                                                                                                0x7ffa12707ac9
                                                                                                                0x7ffa12707aca
                                                                                                                0x7ffa12707ae9
                                                                                                                0x7ffa12707aed
                                                                                                                0x7ffa12707af1
                                                                                                                0x7ffa12707af5
                                                                                                                0x7ffa12707af9
                                                                                                                0x7ffa12707afd
                                                                                                                0x7ffa12707b01
                                                                                                                0x7ffa12707b0a
                                                                                                                0x7ffa12707b13
                                                                                                                0x7ffa12707b27
                                                                                                                0x7ffa12707b30
                                                                                                                0x7ffa12707b36
                                                                                                                0x7ffa12707b3a
                                                                                                                0x7ffa12707b42
                                                                                                                0x7ffa12707b49
                                                                                                                0x7ffa12707b4e
                                                                                                                0x7ffa12707b56
                                                                                                                0x7ffa12707b6e
                                                                                                                0x7ffa12707b73
                                                                                                                0x7ffa12707b75
                                                                                                                0x7ffa12707b79
                                                                                                                0x7ffa12707b7c
                                                                                                                0x7ffa12707b80
                                                                                                                0x7ffa12707b85
                                                                                                                0x7ffa12707b87
                                                                                                                0x7ffa12707b8f
                                                                                                                0x7ffa12707b91
                                                                                                                0x7ffa12707b95
                                                                                                                0x7ffa12707b97
                                                                                                                0x7ffa12707b9f
                                                                                                                0x7ffa12707ba1
                                                                                                                0x7ffa12707ba5
                                                                                                                0x7ffa12707ba9
                                                                                                                0x7ffa12707bac
                                                                                                                0x7ffa12707bb0
                                                                                                                0x7ffa12707bba
                                                                                                                0x7ffa12707bc2
                                                                                                                0x7ffa12707bce
                                                                                                                0x7ffa12707bfd

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Lock$ReleaseShared$AcquireExclusive$Initialize_invalid_parameter_noinfo_noreturnmemcmp
                                                                                                                • String ID: Too many log attribute names$libs\log\src\attribute_name.cpp$unsigned int __cdecl boost::log::v2s_mt_nt6::attribute_name::repository::get_id_from_string(const char *)
                                                                                                                • API String ID: 37642638-4205034697
                                                                                                                • Opcode ID: 0729d0c2c53f9870ab159970951fa902cfd40a1486185a5cfdfb529ce8f7eedb
                                                                                                                • Instruction ID: b474c537e28f26432ceca0425d0cea466a00effa78960f0e7e906f563e108ea1
                                                                                                                • Opcode Fuzzy Hash: 0729d0c2c53f9870ab159970951fa902cfd40a1486185a5cfdfb529ce8f7eedb
                                                                                                                • Instruction Fuzzy Hash: 99D1FE26B08E4685EB148B25D4406FE63B5FB47BA4F128631DA6D077D8DFB8D05DC708
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA127072E0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 130COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,Severity,?,00007FFA12707A1D), ref: 00007FFA12707395
                                                                                                                • memmove.VCRUNTIME140(00000000,Severity,?,00007FFA12707A1D), ref: 00007FFA127073D3
                                                                                                                • memmove.VCRUNTIME140(00000000,Severity,?,00007FFA12707A1D), ref: 00007FFA127073EA
                                                                                                                • memset.VCRUNTIME140(00000000,Severity,?,00007FFA12707A1D), ref: 00007FFA127073FF
                                                                                                                • memmove.VCRUNTIME140(00000000,Severity,?,00007FFA12707A1D), ref: 00007FFA12707417
                                                                                                                • memmove.VCRUNTIME140(00000000,Severity,?,00007FFA12707A1D), ref: 00007FFA12707431
                                                                                                                • memset.VCRUNTIME140(00000000,Severity,?,00007FFA12707A1D), ref: 00007FFA1270743F
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,Severity,?,00007FFA12707A1D), ref: 00007FFA127074A7
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA127074AE
                                                                                                                  • Part of subcall function 00007FFA127056A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA126E8F4E), ref: 00007FFA127056C2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$_invalid_parameter_noinfo_noreturnmemset$Concurrency::cancel_current_taskmalloc
                                                                                                                • String ID: Severity
                                                                                                                • API String ID: 851562609-253145917
                                                                                                                • Opcode ID: ae6ba3b12ee3e7e74baab94edc8136e3d097ef457efc34059e77763d457b62d1
                                                                                                                • Instruction ID: 6128da1578521cc4973784a492b7fef8029630ff548bce79e38527af48f2b5dd
                                                                                                                • Opcode Fuzzy Hash: ae6ba3b12ee3e7e74baab94edc8136e3d097ef457efc34059e77763d457b62d1
                                                                                                                • Instruction Fuzzy Hash: E341F525A05E8591EA08DB61D4402FEA7B0EB47BF4F518A31EA2D07B9DDEBCD049C744
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E4660 Relevance: 16.8, APIs: 10, Strings: 1, Instructions: 254COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00007FFA126E4709
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$memset
                                                                                                                • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
                                                                                                                • API String ID: 3790616698-2272463933
                                                                                                                • Opcode ID: f36bc143f15673d315ac6e1c9e8f7b0d8dcee6bff705679f7278a1f50bf911cb
                                                                                                                • Instruction ID: d3b566e3383bfb5d19eaa1758d7ad9d8ca25ce2beeb14ba60d609f0ad91e5ea8
                                                                                                                • Opcode Fuzzy Hash: f36bc143f15673d315ac6e1c9e8f7b0d8dcee6bff705679f7278a1f50bf911cb
                                                                                                                • Instruction Fuzzy Hash: 1CA13A627086C646EB35CF26954037DBBE1EB277D0F09C035DB9E47ADADA6CE4018B00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F6680 Relevance: 16.7, APIs: 11, Instructions: 204COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 23%
                                                                                                                			E00007FFA7FFA126F6680(void* __rcx, signed int __rdx, void* __r10) {
				signed int _t46;
				void* _t58;
				intOrPtr _t71;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr _t76;
				intOrPtr _t77;

				r9b = 0x20;
				_t71 =  *((intOrPtr*)(__rcx + 8));
				r8d = 2;
				goto 0x1270e730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x30;
				_t72 =  *((intOrPtr*)(_t71 + 8));
				r8d = 2;
				goto 0x1270e730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x20;
				_t73 =  *((intOrPtr*)(_t72 + 8));
				r8d = 2;
				r10d =  *((intOrPtr*)( *((intOrPtr*)(_t72 + 0x10)) + 0xc));
				r10d = r10d - (__rdx + __rdx * 2 << 2);
				goto 0x1270e730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x30;
				_t74 =  *((intOrPtr*)(_t73 + 8));
				r8d = 2;
				r10d =  *((intOrPtr*)( *((intOrPtr*)(_t73 + 0x10)) + 0xc));
				_t46 = __rdx + __rdx * 2 << 2;
				r10d = r10d - _t46;
				goto 0x1270e730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x20;
				_t75 =  *((intOrPtr*)(_t74 + 8));
				r8d = 2;
				goto 0x1270e730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x30;
				_t76 =  *((intOrPtr*)(_t75 + 8));
				r8d = 2;
				goto 0x1270e730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t77 =  *((intOrPtr*)(_t76 + 8));
				r8d = 0x2b;
				_t58 =  ==  ? r8d : 0x2d;
				if ( *((char*)( *((intOrPtr*)(_t77 + 0x10)) + 0x1c)) == 0) goto 0x126f67b5;
				goto E00007FFA7FFA127003C0;
				return _t46;
			}












                                                                                                                0x7ffa126f6684
                                                                                                                0x7ffa126f6687
                                                                                                                0x7ffa126f668b
                                                                                                                0x7ffa126f6694
                                                                                                                0x7ffa126f6699
                                                                                                                0x7ffa126f669a
                                                                                                                0x7ffa126f669b
                                                                                                                0x7ffa126f669c
                                                                                                                0x7ffa126f669d
                                                                                                                0x7ffa126f669e
                                                                                                                0x7ffa126f669f
                                                                                                                0x7ffa126f66a4
                                                                                                                0x7ffa126f66a7
                                                                                                                0x7ffa126f66ab
                                                                                                                0x7ffa126f66b4
                                                                                                                0x7ffa126f66b9
                                                                                                                0x7ffa126f66ba
                                                                                                                0x7ffa126f66bb
                                                                                                                0x7ffa126f66bc
                                                                                                                0x7ffa126f66bd
                                                                                                                0x7ffa126f66be
                                                                                                                0x7ffa126f66bf
                                                                                                                0x7ffa126f66c4
                                                                                                                0x7ffa126f66c7
                                                                                                                0x7ffa126f66cb
                                                                                                                0x7ffa126f66d1
                                                                                                                0x7ffa126f66e6
                                                                                                                0x7ffa126f66ed
                                                                                                                0x7ffa126f66f2
                                                                                                                0x7ffa126f66f3
                                                                                                                0x7ffa126f66f4
                                                                                                                0x7ffa126f66f5
                                                                                                                0x7ffa126f66f6
                                                                                                                0x7ffa126f66f7
                                                                                                                0x7ffa126f66f8
                                                                                                                0x7ffa126f66f9
                                                                                                                0x7ffa126f66fa
                                                                                                                0x7ffa126f66fb
                                                                                                                0x7ffa126f66fc
                                                                                                                0x7ffa126f66fd
                                                                                                                0x7ffa126f66fe
                                                                                                                0x7ffa126f66ff
                                                                                                                0x7ffa126f6704
                                                                                                                0x7ffa126f6707
                                                                                                                0x7ffa126f670b
                                                                                                                0x7ffa126f6711
                                                                                                                0x7ffa126f6723
                                                                                                                0x7ffa126f6726
                                                                                                                0x7ffa126f672d
                                                                                                                0x7ffa126f6732
                                                                                                                0x7ffa126f6733
                                                                                                                0x7ffa126f6734
                                                                                                                0x7ffa126f6735
                                                                                                                0x7ffa126f6736
                                                                                                                0x7ffa126f6737
                                                                                                                0x7ffa126f6738
                                                                                                                0x7ffa126f6739
                                                                                                                0x7ffa126f673a
                                                                                                                0x7ffa126f673b
                                                                                                                0x7ffa126f673c
                                                                                                                0x7ffa126f673d
                                                                                                                0x7ffa126f673e
                                                                                                                0x7ffa126f673f
                                                                                                                0x7ffa126f6744
                                                                                                                0x7ffa126f6747
                                                                                                                0x7ffa126f674b
                                                                                                                0x7ffa126f6754
                                                                                                                0x7ffa126f6759
                                                                                                                0x7ffa126f675a
                                                                                                                0x7ffa126f675b
                                                                                                                0x7ffa126f675c
                                                                                                                0x7ffa126f675d
                                                                                                                0x7ffa126f675e
                                                                                                                0x7ffa126f675f
                                                                                                                0x7ffa126f6764
                                                                                                                0x7ffa126f6767
                                                                                                                0x7ffa126f676b
                                                                                                                0x7ffa126f6774
                                                                                                                0x7ffa126f6779
                                                                                                                0x7ffa126f677a
                                                                                                                0x7ffa126f677b
                                                                                                                0x7ffa126f677c
                                                                                                                0x7ffa126f677d
                                                                                                                0x7ffa126f677e
                                                                                                                0x7ffa126f677f
                                                                                                                0x7ffa126f6789
                                                                                                                0x7ffa126f678d
                                                                                                                0x7ffa126f6797
                                                                                                                0x7ffa126f67a8
                                                                                                                0x7ffa126f67b0
                                                                                                                0x7ffa126f67b5

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Lockit@std@@Mbstatet@@@std@@memmove$??0_??1_?getloc@?$basic_streambuf@?length@?$codecvt@_Bid@locale@std@@Concurrency::cancel_current_taskD@std@@@std@@Facet_Getcat@?$codecvt@_Getgloballocale@locale@std@@Locimp@12@Mbstatet@@RegisterU?$char_traits@V42@@Vfacet@locale@2@Vlocale@2@memsetstd::_
                                                                                                                • String ID:
                                                                                                                • API String ID: 3249132129-0
                                                                                                                • Opcode ID: a689512fd0de5063ab9b5e905ad6ac7c447a73a5c18569776a42001a620bdc49
                                                                                                                • Instruction ID: 515df634ea0ef36ac4d096df985568e309e3c78794061f153d7714db12775463
                                                                                                                • Opcode Fuzzy Hash: a689512fd0de5063ab9b5e905ad6ac7c447a73a5c18569776a42001a620bdc49
                                                                                                                • Instruction Fuzzy Hash: 7181BE26B18E4186EB14CF65E4401EE73B1FB47BA8B458932DB5E07B98EEB8D14DC704
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E6C60 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 243COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 31%
                                                                                                                			E00007FFA7FFA126E6C60(signed int __eax, void* __rcx, intOrPtr* __r8) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				signed int _t53;
				intOrPtr _t57;
				void* _t64;
				signed int _t66;
				signed int _t68;
				signed int _t69;
				signed int _t77;
				void* _t79;
				signed long long _t97;
				char* _t100;
				void* _t108;
				intOrPtr _t117;
				intOrPtr* _t126;
				signed int _t127;
				void* _t129;
				void* _t130;
				signed long long _t131;
				void* _t139;
				void* _t141;
				void* _t142;

				_t129 = _t130 - 0x1d0;
				_t131 = _t130 - 0x2d0;
				asm("movaps [esp+0x2c0], xmm6");
				_t97 =  *0x1272ec78; // 0xf623ed34940b
				 *(_t129 + 0x1b0) = _t97 ^ _t131;
				_t126 = __r8;
				asm("movaps xmm6, xmm1");
				_t141 = __rcx;
				 *((char*)(_t131 + 0x30)) = 0;
				E00007FFA7FFA126E3B30();
				asm("movups xmm0, [eax]");
				asm("movaps [esp+0x40], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				_t66 = ( *(__r8 + 0xc) << 0x00000019 >> 0x0000001d ^ __eax) & 0x000000ff ^ __eax;
				 *(_t131 + 0x48) = _t66;
				asm("movaps xmm0, xmm6");
				__imp___ldsign();
				if (__eax == 0) goto 0x126e6cf7;
				_t68 = _t66 & 0xffffff01 | 0x00000001;
				asm("xorps xmm6, [0x356bb]");
				goto 0x126e6d02;
				if (_t68 != 1) goto 0x126e6d06;
				_t69 = _t68 & 0xffffff00;
				 *(_t131 + 0x48) = _t69;
				asm("movaps xmm0, xmm6");
				0x1271713d();
				if (__eax <= 0) goto 0x126e6d63;
				if (__eax != 1) goto 0x126e6d29;
				goto 0x126e6d37;
				_t100 = "NAN";
				_t113 =  !=  ? _t100 : "nan";
				 *((intOrPtr*)(_t131 + 0x40)) =  *(_t131 + 0x48);
				 *(_t131 + 0x48) =  !=  ? _t100 : "nan";
				_t122 = __r8;
				E00007FFA7FFA126E71A0(_t79, _t100, _t108, __rcx, __r8, _t131 + 0x40, _t142);
				goto 0x126e6e8e;
				_t53 =  *(_t126 + 0xc);
				_t77 = _t53 << 0x1c >> 0x1c;
				if (_t77 != 0) goto 0x126e6d84;
				 *(_t126 + 0xc) = _t53 & 0xfffffff2 | 0x00000002;
				goto 0x126e6dc2;
				if (_t77 != 4) goto 0x126e6dc2;
				_t127 =  *(_t131 + 0x48);
				if (sil == 0) goto 0x126e6dba;
				E00007FFA7FFA126EBAB0(_t108, _t141, _t122, _t127);
				 *_t100 =  *(_t127 + 0x1271e0f4) & 0x000000ff;
				 *(_t131 + 0x48) = _t69 & 0xffffff00;
				_t57 =  *_t126;
				if (_t57 == 0) goto 0x126e6dba;
				 *_t126 = _t57 - 1;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) & 0xfffffff2;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) | 0x00000002;
				 *((long long*)(_t129 - 0x60)) = 0;
				 *((long long*)(_t129 - 0x70)) = 0x1271baa8;
				 *((long long*)(_t129 - 0x68)) = _t129 - 0x50;
				 *((long long*)(_t129 - 0x58)) = 0x1f4;
				if (( *(_t131 + 0x44) & 0x000000ff) != 3) goto 0x126e6eb7;
				if (sil == 0) goto 0x126e6e0d;
				 *((char*)(_t129 - 0x50)) =  *( *(_t131 + 0x48) + 0x1271e0f4) & 0x000000ff;
				 *((long long*)(_t129 - 0x60)) = 1;
				asm("movaps xmm1, [esp+0x40]");
				asm("movdqa [esp+0x50], xmm1");
				asm("movaps xmm0, xmm6");
				E00007FFA7FFA12704470( *((intOrPtr*)(_t126 + 4)), _t108, _t131 + 0x50, _t129 - 0x70, _t139);
				 *((long long*)(_t131 + 0x40)) =  *((intOrPtr*)(_t129 - 0x68));
				 *(_t131 + 0x48) =  *((intOrPtr*)(_t129 - 0x60));
				E00007FFA7FFA126E8330(_t108, _t141, _t126, _t126, _t131 + 0x40, _t129 - 0x70, _t139, 0x1271e0f4);
				 *((long long*)(_t129 - 0x70)) = 0x1271baa8;
				_t117 =  *((intOrPtr*)(_t129 - 0x68));
				if (_t117 == _t129 - 0x50) goto 0x126e6e8e;
				if ( *((intOrPtr*)(_t129 - 0x58)) - 0x1000 < 0) goto 0x126e6e89;
				if (_t117 -  *((intOrPtr*)(_t117 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x126e6ff0;
				_t64 = E00007FFA7FFA12705E20(E00007FFA7FFA127056E4(),  *(_t127 + 0x1271e0f4) & 0x000000ff,  *(_t129 + 0x1b0) ^ _t131);
				asm("movaps xmm6, [esp+0x2c0]");
				return _t64;
			}




























                                                                                                                0x7ffa126e6c6b
                                                                                                                0x7ffa126e6c73
                                                                                                                0x7ffa126e6c7a
                                                                                                                0x7ffa126e6c82
                                                                                                                0x7ffa126e6c8c
                                                                                                                0x7ffa126e6c93
                                                                                                                0x7ffa126e6c96
                                                                                                                0x7ffa126e6c99
                                                                                                                0x7ffa126e6c9c
                                                                                                                0x7ffa126e6cae
                                                                                                                0x7ffa126e6cb3
                                                                                                                0x7ffa126e6cb6
                                                                                                                0x7ffa126e6cc4
                                                                                                                0x7ffa126e6cc9
                                                                                                                0x7ffa126e6cd2
                                                                                                                0x7ffa126e6cd4
                                                                                                                0x7ffa126e6cd8
                                                                                                                0x7ffa126e6cdb
                                                                                                                0x7ffa126e6ce3
                                                                                                                0x7ffa126e6ceb
                                                                                                                0x7ffa126e6cee
                                                                                                                0x7ffa126e6cf5
                                                                                                                0x7ffa126e6cfa
                                                                                                                0x7ffa126e6cfc
                                                                                                                0x7ffa126e6d02
                                                                                                                0x7ffa126e6d06
                                                                                                                0x7ffa126e6d09
                                                                                                                0x7ffa126e6d11
                                                                                                                0x7ffa126e6d17
                                                                                                                0x7ffa126e6d27
                                                                                                                0x7ffa126e6d29
                                                                                                                0x7ffa126e6d3c
                                                                                                                0x7ffa126e6d45
                                                                                                                0x7ffa126e6d49
                                                                                                                0x7ffa126e6d53
                                                                                                                0x7ffa126e6d59
                                                                                                                0x7ffa126e6d5e
                                                                                                                0x7ffa126e6d63
                                                                                                                0x7ffa126e6d6b
                                                                                                                0x7ffa126e6d77
                                                                                                                0x7ffa126e6d7f
                                                                                                                0x7ffa126e6d82
                                                                                                                0x7ffa126e6d87
                                                                                                                0x7ffa126e6d89
                                                                                                                0x7ffa126e6d92
                                                                                                                0x7ffa126e6d9a
                                                                                                                0x7ffa126e6da4
                                                                                                                0x7ffa126e6dac
                                                                                                                0x7ffa126e6db0
                                                                                                                0x7ffa126e6db4
                                                                                                                0x7ffa126e6db8
                                                                                                                0x7ffa126e6dba
                                                                                                                0x7ffa126e6dbe
                                                                                                                0x7ffa126e6dc2
                                                                                                                0x7ffa126e6dd1
                                                                                                                0x7ffa126e6dd9
                                                                                                                0x7ffa126e6ddd
                                                                                                                0x7ffa126e6dec
                                                                                                                0x7ffa126e6dfb
                                                                                                                0x7ffa126e6e02
                                                                                                                0x7ffa126e6e05
                                                                                                                0x7ffa126e6e0d
                                                                                                                0x7ffa126e6e12
                                                                                                                0x7ffa126e6e24
                                                                                                                0x7ffa126e6e27
                                                                                                                0x7ffa126e6e30
                                                                                                                0x7ffa126e6e39
                                                                                                                0x7ffa126e6e49
                                                                                                                0x7ffa126e6e4f
                                                                                                                0x7ffa126e6e57
                                                                                                                0x7ffa126e6e5e
                                                                                                                0x7ffa126e6e6e
                                                                                                                0x7ffa126e6e83
                                                                                                                0x7ffa126e6e98
                                                                                                                0x7ffa126e6e9d
                                                                                                                0x7ffa126e6eb6

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy_dclass_dsign_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: INF$NAN$inf$nan$number is too big
                                                                                                                • API String ID: 3571884167-1812383209
                                                                                                                • Opcode ID: f2f2c58afb716792f9d554f9ea32b44e44f801315a51af01c5a7918ef27e5954
                                                                                                                • Instruction ID: 6ac8c5d5f5f8dd7712b23e20305d00f75f55674c58bc2177be29bc93159efd0f
                                                                                                                • Opcode Fuzzy Hash: f2f2c58afb716792f9d554f9ea32b44e44f801315a51af01c5a7918ef27e5954
                                                                                                                • Instruction Fuzzy Hash: 93B18322A08B8149F710CB65D4403AEB7B1FF56364F558235EAAC16ADDDFBCE484CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E68C0 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 243COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 31%
                                                                                                                			E00007FFA7FFA126E68C0(signed int __eax, void* __rcx, intOrPtr* __r8) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				signed int _t53;
				intOrPtr _t57;
				void* _t64;
				signed int _t66;
				signed int _t68;
				signed int _t69;
				signed int _t77;
				void* _t79;
				signed long long _t97;
				char* _t100;
				void* _t108;
				intOrPtr _t117;
				intOrPtr* _t126;
				signed int _t127;
				void* _t129;
				void* _t130;
				signed long long _t131;
				void* _t139;
				void* _t141;
				void* _t142;

				_t129 = _t130 - 0x1d0;
				_t131 = _t130 - 0x2d0;
				asm("movaps [esp+0x2c0], xmm6");
				_t97 =  *0x1272ec78; // 0xf623ed34940b
				 *(_t129 + 0x1b0) = _t97 ^ _t131;
				_t126 = __r8;
				asm("movaps xmm6, xmm1");
				_t141 = __rcx;
				 *((char*)(_t131 + 0x30)) = 0;
				E00007FFA7FFA126E3B30();
				asm("movups xmm0, [eax]");
				asm("movaps [esp+0x40], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				_t66 = ( *(__r8 + 0xc) << 0x00000019 >> 0x0000001d ^ __eax) & 0x000000ff ^ __eax;
				 *(_t131 + 0x48) = _t66;
				asm("movaps xmm0, xmm6");
				__imp___dsign();
				if (__eax == 0) goto 0x126e6957;
				_t68 = _t66 & 0xffffff01 | 0x00000001;
				asm("xorps xmm6, [0x35a5b]");
				goto 0x126e6962;
				if (_t68 != 1) goto 0x126e6966;
				_t69 = _t68 & 0xffffff00;
				 *(_t131 + 0x48) = _t69;
				asm("movaps xmm0, xmm6");
				0x12717131();
				if (__eax <= 0) goto 0x126e69c3;
				if (__eax != 1) goto 0x126e6989;
				goto 0x126e6997;
				_t100 = "NAN";
				_t113 =  !=  ? _t100 : "nan";
				 *((intOrPtr*)(_t131 + 0x40)) =  *(_t131 + 0x48);
				 *(_t131 + 0x48) =  !=  ? _t100 : "nan";
				_t122 = __r8;
				E00007FFA7FFA126E71A0(_t79, _t100, _t108, __rcx, __r8, _t131 + 0x40, _t142);
				goto 0x126e6aee;
				_t53 =  *(_t126 + 0xc);
				_t77 = _t53 << 0x1c >> 0x1c;
				if (_t77 != 0) goto 0x126e69e4;
				 *(_t126 + 0xc) = _t53 & 0xfffffff2 | 0x00000002;
				goto 0x126e6a22;
				if (_t77 != 4) goto 0x126e6a22;
				_t127 =  *(_t131 + 0x48);
				if (sil == 0) goto 0x126e6a1a;
				E00007FFA7FFA126EBAB0(_t108, _t141, _t122, _t127);
				 *_t100 =  *(_t127 + 0x1271e0f4) & 0x000000ff;
				 *(_t131 + 0x48) = _t69 & 0xffffff00;
				_t57 =  *_t126;
				if (_t57 == 0) goto 0x126e6a1a;
				 *_t126 = _t57 - 1;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) & 0xfffffff2;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) | 0x00000002;
				 *((long long*)(_t129 - 0x60)) = 0;
				 *((long long*)(_t129 - 0x70)) = 0x1271baa8;
				 *((long long*)(_t129 - 0x68)) = _t129 - 0x50;
				 *((long long*)(_t129 - 0x58)) = 0x1f4;
				if (( *(_t131 + 0x44) & 0x000000ff) != 3) goto 0x126e6b17;
				if (sil == 0) goto 0x126e6a6d;
				 *((char*)(_t129 - 0x50)) =  *( *(_t131 + 0x48) + 0x1271e0f4) & 0x000000ff;
				 *((long long*)(_t129 - 0x60)) = 1;
				asm("movaps xmm1, [esp+0x40]");
				asm("movdqa [esp+0x50], xmm1");
				asm("movaps xmm0, xmm6");
				E00007FFA7FFA12704200( *(_t127 + 0x1271e0f4) & 0x000000ff,  *((intOrPtr*)(_t126 + 4)), _t108, _t131 + 0x50, _t129 - 0x70, _t139);
				 *((long long*)(_t131 + 0x40)) =  *((intOrPtr*)(_t129 - 0x68));
				 *(_t131 + 0x48) =  *((intOrPtr*)(_t129 - 0x60));
				E00007FFA7FFA126E8330(_t108, _t141, _t126, _t126, _t131 + 0x40, _t129 - 0x70, _t139, 0x1271e0f4);
				 *((long long*)(_t129 - 0x70)) = 0x1271baa8;
				_t117 =  *((intOrPtr*)(_t129 - 0x68));
				if (_t117 == _t129 - 0x50) goto 0x126e6aee;
				if ( *((intOrPtr*)(_t129 - 0x58)) - 0x1000 < 0) goto 0x126e6ae9;
				if (_t117 -  *((intOrPtr*)(_t117 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x126e6c50;
				_t64 = E00007FFA7FFA12705E20(E00007FFA7FFA127056E4(),  *(_t127 + 0x1271e0f4) & 0x000000ff,  *(_t129 + 0x1b0) ^ _t131);
				asm("movaps xmm6, [esp+0x2c0]");
				return _t64;
			}




























                                                                                                                0x7ffa126e68cb
                                                                                                                0x7ffa126e68d3
                                                                                                                0x7ffa126e68da
                                                                                                                0x7ffa126e68e2
                                                                                                                0x7ffa126e68ec
                                                                                                                0x7ffa126e68f3
                                                                                                                0x7ffa126e68f6
                                                                                                                0x7ffa126e68f9
                                                                                                                0x7ffa126e68fc
                                                                                                                0x7ffa126e690e
                                                                                                                0x7ffa126e6913
                                                                                                                0x7ffa126e6916
                                                                                                                0x7ffa126e6924
                                                                                                                0x7ffa126e6929
                                                                                                                0x7ffa126e6932
                                                                                                                0x7ffa126e6934
                                                                                                                0x7ffa126e6938
                                                                                                                0x7ffa126e693b
                                                                                                                0x7ffa126e6943
                                                                                                                0x7ffa126e694b
                                                                                                                0x7ffa126e694e
                                                                                                                0x7ffa126e6955
                                                                                                                0x7ffa126e695a
                                                                                                                0x7ffa126e695c
                                                                                                                0x7ffa126e6962
                                                                                                                0x7ffa126e6966
                                                                                                                0x7ffa126e6969
                                                                                                                0x7ffa126e6971
                                                                                                                0x7ffa126e6977
                                                                                                                0x7ffa126e6987
                                                                                                                0x7ffa126e6989
                                                                                                                0x7ffa126e699c
                                                                                                                0x7ffa126e69a5
                                                                                                                0x7ffa126e69a9
                                                                                                                0x7ffa126e69b3
                                                                                                                0x7ffa126e69b9
                                                                                                                0x7ffa126e69be
                                                                                                                0x7ffa126e69c3
                                                                                                                0x7ffa126e69cb
                                                                                                                0x7ffa126e69d7
                                                                                                                0x7ffa126e69df
                                                                                                                0x7ffa126e69e2
                                                                                                                0x7ffa126e69e7
                                                                                                                0x7ffa126e69e9
                                                                                                                0x7ffa126e69f2
                                                                                                                0x7ffa126e69fa
                                                                                                                0x7ffa126e6a04
                                                                                                                0x7ffa126e6a0c
                                                                                                                0x7ffa126e6a10
                                                                                                                0x7ffa126e6a14
                                                                                                                0x7ffa126e6a18
                                                                                                                0x7ffa126e6a1a
                                                                                                                0x7ffa126e6a1e
                                                                                                                0x7ffa126e6a22
                                                                                                                0x7ffa126e6a31
                                                                                                                0x7ffa126e6a39
                                                                                                                0x7ffa126e6a3d
                                                                                                                0x7ffa126e6a4c
                                                                                                                0x7ffa126e6a5b
                                                                                                                0x7ffa126e6a62
                                                                                                                0x7ffa126e6a65
                                                                                                                0x7ffa126e6a6d
                                                                                                                0x7ffa126e6a72
                                                                                                                0x7ffa126e6a84
                                                                                                                0x7ffa126e6a87
                                                                                                                0x7ffa126e6a90
                                                                                                                0x7ffa126e6a99
                                                                                                                0x7ffa126e6aa9
                                                                                                                0x7ffa126e6aaf
                                                                                                                0x7ffa126e6ab7
                                                                                                                0x7ffa126e6abe
                                                                                                                0x7ffa126e6ace
                                                                                                                0x7ffa126e6ae3
                                                                                                                0x7ffa126e6af8
                                                                                                                0x7ffa126e6afd
                                                                                                                0x7ffa126e6b16

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy_dclass_dsign_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: INF$NAN$inf$nan$number is too big
                                                                                                                • API String ID: 3571884167-1812383209
                                                                                                                • Opcode ID: d2ffcc1f7acc66e5680cc698eb662bdc870e0a07f394ea14812c9b714894dfa7
                                                                                                                • Instruction ID: 540f17c1c23ba0d99b1b5ff6e0d50e443061ffb105bbcbd941caed60b7a05a6f
                                                                                                                • Opcode Fuzzy Hash: d2ffcc1f7acc66e5680cc698eb662bdc870e0a07f394ea14812c9b714894dfa7
                                                                                                                • Instruction Fuzzy Hash: CFB19522A08B8149F710CB65E4413AEA7F0FF56374F518235EAAC56AD9DFBCE584CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E6520 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 237COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 30%
                                                                                                                			E00007FFA7FFA126E6520(signed int __eax, void* __rcx, intOrPtr* __r8) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				signed int _t53;
				intOrPtr _t57;
				void* _t64;
				signed int _t66;
				signed int _t68;
				signed int _t69;
				signed int _t77;
				void* _t79;
				signed long long _t97;
				char* _t100;
				void* _t108;
				intOrPtr _t117;
				intOrPtr* _t126;
				signed int _t127;
				void* _t129;
				void* _t130;
				signed long long _t131;
				void* _t139;
				void* _t141;
				void* _t142;

				_t129 = _t130 - 0x1d0;
				_t131 = _t130 - 0x2d0;
				asm("movaps [esp+0x2c0], xmm6");
				_t97 =  *0x1272ec78; // 0xf623ed34940b
				 *(_t129 + 0x1b0) = _t97 ^ _t131;
				_t126 = __r8;
				asm("movaps xmm6, xmm1");
				_t141 = __rcx;
				 *((char*)(_t131 + 0x30)) = 0;
				E00007FFA7FFA126E3B30();
				asm("movups xmm0, [eax]");
				asm("movaps [esp+0x40], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				_t66 = ( *(__r8 + 0xc) << 0x00000019 >> 0x0000001d ^ __eax) & 0x000000ff ^ __eax;
				 *(_t131 + 0x48) = _t66;
				asm("movaps xmm0, xmm6");
				__imp___fdsign();
				if (__eax == 0) goto 0x126e65b7;
				_t68 = _t66 & 0xffffff01 | 0x00000001;
				asm("xorps xmm6, [0x35e0b]");
				goto 0x126e65c2;
				if (_t68 != 1) goto 0x126e65c6;
				_t69 = _t68 & 0xffffff00;
				 *(_t131 + 0x48) = _t69;
				asm("movaps xmm0, xmm6");
				0x12717137();
				if (__eax <= 0) goto 0x126e6623;
				if (__eax != 1) goto 0x126e65e9;
				goto 0x126e65f7;
				_t100 = "NAN";
				_t113 =  !=  ? _t100 : "nan";
				 *((intOrPtr*)(_t131 + 0x40)) =  *(_t131 + 0x48);
				 *(_t131 + 0x48) =  !=  ? _t100 : "nan";
				_t122 = __r8;
				E00007FFA7FFA126E71A0(_t79, _t100, _t108, __rcx, __r8, _t131 + 0x40, _t142);
				goto 0x126e6752;
				_t53 =  *(_t126 + 0xc);
				_t77 = _t53 << 0x1c >> 0x1c;
				if (_t77 != 0) goto 0x126e6644;
				 *(_t126 + 0xc) = _t53 & 0xfffffff2 | 0x00000002;
				goto 0x126e6682;
				if (_t77 != 4) goto 0x126e6682;
				_t127 =  *(_t131 + 0x48);
				if (sil == 0) goto 0x126e667a;
				E00007FFA7FFA126EBAB0(_t108, _t141, _t122, _t127);
				 *_t100 =  *(_t127 + 0x1271e0f4) & 0x000000ff;
				 *(_t131 + 0x48) = _t69 & 0xffffff00;
				_t57 =  *_t126;
				if (_t57 == 0) goto 0x126e667a;
				 *_t126 = _t57 - 1;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) & 0xfffffff2;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) | 0x00000002;
				 *((long long*)(_t129 - 0x60)) = 0;
				 *((long long*)(_t129 - 0x70)) = 0x1271baa8;
				 *((long long*)(_t129 - 0x68)) = _t129 - 0x50;
				 *((long long*)(_t129 - 0x58)) = 0x1f4;
				if (( *(_t131 + 0x44) & 0x000000ff) != 3) goto 0x126e677b;
				if (sil == 0) goto 0x126e66cd;
				 *((char*)(_t129 - 0x50)) =  *( *(_t131 + 0x48) + 0x1271e0f4) & 0x000000ff;
				 *((long long*)(_t129 - 0x60)) = 1;
				asm("xorps xmm0, xmm0");
				asm("cvtss2sd xmm0, xmm6");
				asm("movaps xmm1, [esp+0x40]");
				asm("movdqa [esp+0x50], xmm1");
				E00007FFA7FFA12704200( *(_t127 + 0x1271e0f4) & 0x000000ff,  *((intOrPtr*)(_t126 + 4)), _t108, _t131 + 0x50, _t129 - 0x70, _t139);
				 *((long long*)(_t131 + 0x40)) =  *((intOrPtr*)(_t129 - 0x68));
				 *(_t131 + 0x48) =  *((intOrPtr*)(_t129 - 0x60));
				E00007FFA7FFA126E8330(_t108, _t141, _t126, _t126, _t131 + 0x40, _t129 - 0x70, _t139, 0x1271e0f4);
				 *((long long*)(_t129 - 0x70)) = 0x1271baa8;
				_t117 =  *((intOrPtr*)(_t129 - 0x68));
				if (_t117 == _t129 - 0x50) goto 0x126e6752;
				if ( *((intOrPtr*)(_t129 - 0x58)) - 0x1000 < 0) goto 0x126e674d;
				if (_t117 -  *((intOrPtr*)(_t117 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x126e68b8;
				_t64 = E00007FFA7FFA12705E20(E00007FFA7FFA127056E4(),  *(_t127 + 0x1271e0f4) & 0x000000ff,  *(_t129 + 0x1b0) ^ _t131);
				asm("movaps xmm6, [esp+0x2c0]");
				return _t64;
			}




























                                                                                                                0x7ffa126e652b
                                                                                                                0x7ffa126e6533
                                                                                                                0x7ffa126e653a
                                                                                                                0x7ffa126e6542
                                                                                                                0x7ffa126e654c
                                                                                                                0x7ffa126e6553
                                                                                                                0x7ffa126e6556
                                                                                                                0x7ffa126e6559
                                                                                                                0x7ffa126e655c
                                                                                                                0x7ffa126e656e
                                                                                                                0x7ffa126e6573
                                                                                                                0x7ffa126e6576
                                                                                                                0x7ffa126e6584
                                                                                                                0x7ffa126e6589
                                                                                                                0x7ffa126e6592
                                                                                                                0x7ffa126e6594
                                                                                                                0x7ffa126e6598
                                                                                                                0x7ffa126e659b
                                                                                                                0x7ffa126e65a3
                                                                                                                0x7ffa126e65ab
                                                                                                                0x7ffa126e65ae
                                                                                                                0x7ffa126e65b5
                                                                                                                0x7ffa126e65ba
                                                                                                                0x7ffa126e65bc
                                                                                                                0x7ffa126e65c2
                                                                                                                0x7ffa126e65c6
                                                                                                                0x7ffa126e65c9
                                                                                                                0x7ffa126e65d1
                                                                                                                0x7ffa126e65d7
                                                                                                                0x7ffa126e65e7
                                                                                                                0x7ffa126e65e9
                                                                                                                0x7ffa126e65fc
                                                                                                                0x7ffa126e6605
                                                                                                                0x7ffa126e6609
                                                                                                                0x7ffa126e6613
                                                                                                                0x7ffa126e6619
                                                                                                                0x7ffa126e661e
                                                                                                                0x7ffa126e6623
                                                                                                                0x7ffa126e662b
                                                                                                                0x7ffa126e6637
                                                                                                                0x7ffa126e663f
                                                                                                                0x7ffa126e6642
                                                                                                                0x7ffa126e6647
                                                                                                                0x7ffa126e6649
                                                                                                                0x7ffa126e6652
                                                                                                                0x7ffa126e665a
                                                                                                                0x7ffa126e6664
                                                                                                                0x7ffa126e666c
                                                                                                                0x7ffa126e6670
                                                                                                                0x7ffa126e6674
                                                                                                                0x7ffa126e6678
                                                                                                                0x7ffa126e667a
                                                                                                                0x7ffa126e667e
                                                                                                                0x7ffa126e6682
                                                                                                                0x7ffa126e6691
                                                                                                                0x7ffa126e6699
                                                                                                                0x7ffa126e669d
                                                                                                                0x7ffa126e66ac
                                                                                                                0x7ffa126e66bb
                                                                                                                0x7ffa126e66c2
                                                                                                                0x7ffa126e66c5
                                                                                                                0x7ffa126e66cd
                                                                                                                0x7ffa126e66d0
                                                                                                                0x7ffa126e66d4
                                                                                                                0x7ffa126e66d9
                                                                                                                0x7ffa126e66eb
                                                                                                                0x7ffa126e66f4
                                                                                                                0x7ffa126e66fd
                                                                                                                0x7ffa126e670d
                                                                                                                0x7ffa126e6713
                                                                                                                0x7ffa126e671b
                                                                                                                0x7ffa126e6722
                                                                                                                0x7ffa126e6732
                                                                                                                0x7ffa126e6747
                                                                                                                0x7ffa126e675c
                                                                                                                0x7ffa126e6761
                                                                                                                0x7ffa126e677a

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy_fdclass_fdsign_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: INF$NAN$inf$nan$number is too big
                                                                                                                • API String ID: 3310147705-1812383209
                                                                                                                • Opcode ID: 73660f08df6deb0b9dcce34680602e4ee8f44f6ef112e4e5a8bdfcda8c94b42d
                                                                                                                • Instruction ID: c319dabf69cff05c6a32a887ba1e307cba81989a628824d93e6ec8ef84e7ad25
                                                                                                                • Opcode Fuzzy Hash: 73660f08df6deb0b9dcce34680602e4ee8f44f6ef112e4e5a8bdfcda8c94b42d
                                                                                                                • Instruction Fuzzy Hash: 16B1B622A08B8189FB10CB64D4413AEA7B0FF57364F518235EAAD12AD9DFBCE445CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E9C50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 200COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 28%
                                                                                                                			E00007FFA7FFA126E9C50(void* __rcx, long long __rdx, void* __rbp, void* __r8) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				intOrPtr _v96;
				char _v120;
				long long _v128;
				long long _v136;
				char _v152;
				long long _v160;
				long long _v168;
				intOrPtr _v178;
				short _v180;
				char _v184;
				char _v200;
				long long _v216;
				long long _v224;
				long long _v232;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				char _t58;
				void* _t71;
				void* _t83;
				void* _t84;
				void* _t85;
				signed long long _t110;
				signed long long _t111;
				long long _t115;
				void* _t121;
				void* _t134;
				long long _t135;
				char _t158;
				long long _t167;
				long long _t173;
				intOrPtr _t176;
				long long _t182;
				intOrPtr _t185;
				intOrPtr _t188;
				intOrPtr _t191;
				long long _t194;
				void* _t196;
				void* _t197;
				void* _t198;
				intOrPtr _t202;
				void* _t205;
				void* _t206;
				long long _t207;

				_t197 = __rbp;
				_t205 = _t198;
				_t199 = _t198 - 0xe0;
				_t110 =  *0x1272ec78; // 0xf623ed34940b
				_t111 = _t110 ^ _t198 - 0x000000e0;
				_v56 = _t111;
				_t196 = __r8;
				_t194 = __rdx;
				_t206 = __rcx;
				r15d = 0;
				_v184 = _t207;
				_v160 = 0xf;
				_v168 = 6;
				_t58 = "system"; // 0x74737973
				_v184 = _t58;
				_v180 =  *0x1271ba84 & 0x0000ffff;
				_v178 = r15b;
				 *((long long*)(_t205 - 0x78)) = _t207;
				asm("movdqa xmm0, [0x326e3]");
				asm("repe inc ecx");
				 *((intOrPtr*)(_t205 - 0x78)) = r15b;
				E00007FFA7FFA126FD640(_t134, __rcx, __r8);
				if ( &_v120 == _t111) goto 0x126e9cf7;
				_t202 =  *((intOrPtr*)(_t111 + 0x10));
				if ( *((long long*)(_t111 + 0x18)) - 0x10 < 0) goto 0x126e9ce7;
				E00007FFA7FFA126E9100(_t134,  &_v120,  *_t111, _t202, _t206);
				E00007FFA7FFA127006F0( *((long long*)(_t111 + 0x18)) - 0x10,  *_t111,  &_v184, _t202);
				_t167 = _v160;
				if (_t167 - 0x10 < 0) goto 0x126e9d42;
				if (_t167 + 1 - 0x1000 < 0) goto 0x126e9d3d;
				_t115 = _v184 -  *((intOrPtr*)(_v184 - 8)) + 0xfffffff8;
				if (_t115 - 0x1f <= 0) goto 0x126e9d3d;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v168 = _t207;
				_v160 = 0xf;
				_v184 = 0;
				E00007FFA7FFA126F4280(_t84, _t134,  &_v88, _t196, _t196, _t197);
				_t135 = _t115;
				_v200 = _t194;
				E00007FFA7FFA126F4280(_t84, _t135,  &_v152, _t206, _t196, _t197);
				_v216 = _t135;
				_v224 =  &_v200;
				_v232 = _t115;
				r8d = 0x5f;
				_t82 = _t202 - 0x5e;
				E00007FFA7FFA126E5BB0(_t202 - 0x5e, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_deleteport \'{}\', {:#x}, \'{}\'");
				_t173 = _v128;
				if (_t173 - 0x10 < 0) goto 0x126e9df0;
				if (_t173 + 1 - 0x1000 < 0) goto 0x126e9deb;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e9deb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v136 = _t207;
				_v128 = 0xf;
				_v152 = 0;
				_t176 = _v64;
				if (_t176 - 0x10 < 0) goto 0x126e9e4f;
				if (_t176 + 1 - 0x1000 < 0) goto 0x126e9e4a;
				_t121 = _v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8;
				if (_t121 - 0x1f <= 0) goto 0x126e9e4a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA126EE0D0( *((intOrPtr*)(_v88 - 8)), _t176 + 0x28);
				E00007FFA7FFA126F4280(_t84, _t121,  &_v88, _t196, _t196, _t197);
				_t71 = E00007FFA7FFA126F4280(_t84, _t121,  &_v152, _t206, _t196, _t197);
				_t203 = _t121;
				E00007FFA7FFA126EE6C0(_t71, _t83, _t84, _t85, _t121, _t121, _t121, _t121, _t196, _t197, _t121);
				_t182 = _v128;
				if (_t182 - 0x10 < 0) goto 0x126e9eca;
				if (_t182 + 1 - 0x1000 < 0) goto 0x126e9ec5;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e9ec5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v136 = _t207;
				_v128 = 0xf;
				_v152 = 0;
				_t185 = _v64;
				if (_t185 - 0x10 < 0) goto 0x126e9f2a;
				if (_t185 + 1 - 0x1000 < 0) goto 0x126e9f24;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e9f24;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA127006F0(_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f, _v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8,  &_v120, _t121);
				_t188 = _v96;
				if (_t188 - 0x10 < 0) goto 0x126e9f7e;
				_t158 = _v120;
				if (_t188 + 1 - 0x1000 < 0) goto 0x126e9f78;
				_t130 = _t158 -  *((intOrPtr*)(_t158 - 8)) + 0xfffffff8;
				_t105 = _t158 -  *((intOrPtr*)(_t158 - 8)) + 0xfffffff8 - 0x1f;
				if (_t158 -  *((intOrPtr*)(_t158 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e9f78;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA127006F0(_t105, _t130,  &_v120, _t203);
				_t191 = _v96;
				if (_t191 - 0x10 < 0) goto 0x126e9fd9;
				if (_t191 + 1 - 0x1000 < 0) goto 0x126e9fd3;
				if (_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e9fd3;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				return E00007FFA7FFA12705E20(0, _t82, _v56 ^ _t199);
			}



















































                                                                                                                0x7ffa126e9c50
                                                                                                                0x7ffa126e9c50
                                                                                                                0x7ffa126e9c5a
                                                                                                                0x7ffa126e9c61
                                                                                                                0x7ffa126e9c68
                                                                                                                0x7ffa126e9c6b
                                                                                                                0x7ffa126e9c73
                                                                                                                0x7ffa126e9c76
                                                                                                                0x7ffa126e9c79
                                                                                                                0x7ffa126e9c7c
                                                                                                                0x7ffa126e9c7f
                                                                                                                0x7ffa126e9c84
                                                                                                                0x7ffa126e9c8d
                                                                                                                0x7ffa126e9c96
                                                                                                                0x7ffa126e9c9c
                                                                                                                0x7ffa126e9ca7
                                                                                                                0x7ffa126e9cac
                                                                                                                0x7ffa126e9cb1
                                                                                                                0x7ffa126e9cb5
                                                                                                                0x7ffa126e9cbd
                                                                                                                0x7ffa126e9cc3
                                                                                                                0x7ffa126e9cc7
                                                                                                                0x7ffa126e9cd7
                                                                                                                0x7ffa126e9cd9
                                                                                                                0x7ffa126e9ce2
                                                                                                                0x7ffa126e9cf2
                                                                                                                0x7ffa126e9cfc
                                                                                                                0x7ffa126e9d02
                                                                                                                0x7ffa126e9d0b
                                                                                                                0x7ffa126e9d1f
                                                                                                                0x7ffa126e9d2c
                                                                                                                0x7ffa126e9d34
                                                                                                                0x7ffa126e9d36
                                                                                                                0x7ffa126e9d3c
                                                                                                                0x7ffa126e9d3d
                                                                                                                0x7ffa126e9d42
                                                                                                                0x7ffa126e9d47
                                                                                                                0x7ffa126e9d50
                                                                                                                0x7ffa126e9d60
                                                                                                                0x7ffa126e9d65
                                                                                                                0x7ffa126e9d68
                                                                                                                0x7ffa126e9d75
                                                                                                                0x7ffa126e9d7b
                                                                                                                0x7ffa126e9d85
                                                                                                                0x7ffa126e9d8a
                                                                                                                0x7ffa126e9d96
                                                                                                                0x7ffa126e9da3
                                                                                                                0x7ffa126e9da7
                                                                                                                0x7ffa126e9dad
                                                                                                                0x7ffa126e9db9
                                                                                                                0x7ffa126e9dcd
                                                                                                                0x7ffa126e9de2
                                                                                                                0x7ffa126e9de4
                                                                                                                0x7ffa126e9dea
                                                                                                                0x7ffa126e9deb
                                                                                                                0x7ffa126e9df0
                                                                                                                0x7ffa126e9df8
                                                                                                                0x7ffa126e9e04
                                                                                                                0x7ffa126e9e09
                                                                                                                0x7ffa126e9e15
                                                                                                                0x7ffa126e9e2c
                                                                                                                0x7ffa126e9e39
                                                                                                                0x7ffa126e9e41
                                                                                                                0x7ffa126e9e43
                                                                                                                0x7ffa126e9e49
                                                                                                                0x7ffa126e9e4a
                                                                                                                0x7ffa126e9e4f
                                                                                                                0x7ffa126e9e62
                                                                                                                0x7ffa126e9e72
                                                                                                                0x7ffa126e9e78
                                                                                                                0x7ffa126e9e81
                                                                                                                0x7ffa126e9e87
                                                                                                                0x7ffa126e9e93
                                                                                                                0x7ffa126e9ea7
                                                                                                                0x7ffa126e9ebc
                                                                                                                0x7ffa126e9ebe
                                                                                                                0x7ffa126e9ec4
                                                                                                                0x7ffa126e9ec5
                                                                                                                0x7ffa126e9eca
                                                                                                                0x7ffa126e9ed2
                                                                                                                0x7ffa126e9ede
                                                                                                                0x7ffa126e9ee3
                                                                                                                0x7ffa126e9eef
                                                                                                                0x7ffa126e9f06
                                                                                                                0x7ffa126e9f1b
                                                                                                                0x7ffa126e9f1d
                                                                                                                0x7ffa126e9f23
                                                                                                                0x7ffa126e9f24
                                                                                                                0x7ffa126e9f32
                                                                                                                0x7ffa126e9f37
                                                                                                                0x7ffa126e9f43
                                                                                                                0x7ffa126e9f48
                                                                                                                0x7ffa126e9f5a
                                                                                                                0x7ffa126e9f67
                                                                                                                0x7ffa126e9f6b
                                                                                                                0x7ffa126e9f6f
                                                                                                                0x7ffa126e9f71
                                                                                                                0x7ffa126e9f77
                                                                                                                0x7ffa126e9f78
                                                                                                                0x7ffa126e9f8d
                                                                                                                0x7ffa126e9f92
                                                                                                                0x7ffa126e9f9e
                                                                                                                0x7ffa126e9fb5
                                                                                                                0x7ffa126e9fca
                                                                                                                0x7ffa126e9fcc
                                                                                                                0x7ffa126e9fd2
                                                                                                                0x7ffa126e9fd3
                                                                                                                0x7ffa126e9ff9

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA126FD640: __tlregdtor.LIBCMT ref: 00007FFA126FD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E9D36
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E9DE4
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E9E43
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E9EBE
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E9F1D
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E9F71
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_deleteport '{}', {:#x}, '{}'$system
                                                                                                                • API String ID: 333172304-3252672930
                                                                                                                • Opcode ID: 226080c0ce44445658238c64672bb0263095b08184b26bd6105cc1f14d8ca101
                                                                                                                • Instruction ID: 5ac7472ac603ca11ce7d79f2afba2472473ed8e3331f1040470be2094f34b245
                                                                                                                • Opcode Fuzzy Hash: 226080c0ce44445658238c64672bb0263095b08184b26bd6105cc1f14d8ca101
                                                                                                                • Instruction Fuzzy Hash: C5818362A19EC141FE10DB65E4443AE62A1FF877B0F018635E6AD46ADDEEBCD084CB04
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12717570 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 185COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 30%
                                                                                                                			E00007FFA7FFA12717570(void* __edi, long long __rax, void* __rcx, long long __rdx, void* __rsi, void* __r13, void* __r14, void* __r15) {
				void* __rbx;
				void* __rdi;
				void* __rbp;
				void* _t71;
				signed int _t84;
				signed int _t86;
				intOrPtr _t90;
				intOrPtr _t116;
				int _t126;
				intOrPtr _t139;
				intOrPtr _t143;
				intOrPtr _t147;
				intOrPtr _t169;
				intOrPtr _t172;
				void* _t175;
				void* _t182;
				long long _t183;
				void* _t185;
				void* _t186;
				intOrPtr _t190;

				_t204 = __r15;
				_t202 = __r13;
				 *((long long*)(_t185 + 0x10)) = __rdx;
				_t186 = _t185 - 0x30;
				_t183 = __rdx;
				 *((long long*)(__rdx + 0x60)) = 0;
				 *((long long*)(__rdx + 0x70)) = 0;
				 *((long long*)(__rdx + 0x78)) = 0xf;
				 *((char*)(__rdx + 0x60)) = 0;
				E00007FFA7FFA127056A8(_t71, __rax, __rcx);
				 *((long long*)(__rdx + 0x70)) = 0x25;
				 *((long long*)(__rdx + 0x78)) = 0x2f;
				asm("movups xmm0, [0x4a8c]");
				asm("movups [eax], xmm0");
				asm("movups xmm1, [0x4a92]");
				asm("movups [eax+0x10], xmm1");
				_t90 =  *0x1271c068; // 0x3a6e6f69
				 *((intOrPtr*)(__rax + 0x20)) = _t90;
				 *((char*)(__rax + 0x24)) =  *0x1271c06c & 0x000000ff;
				 *((char*)(__rax + 0x25)) = 0;
				 *((long long*)(__rdx + 0x60)) = __rax;
				_t116 =  *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x50))));
				 *((intOrPtr*)(_t116 + 8))();
				if ( *((char*)(_t116 + 0xffffffff)) != 0) goto 0x12717600;
				_t139 =  *((intOrPtr*)(__rdx + 0x70));
				if (0xffffffff -  *((intOrPtr*)(__rdx + 0x78)) - _t139 > 0) goto 0x1271764f;
				 *((long long*)(__rdx + 0x70)) = _t139 + 0xffffffff;
				_t128 =  !=  ?  *((void*)(__rdx + 0x60)) : __rdx + 0x60;
				_t129 = ( !=  ?  *((void*)(__rdx + 0x60)) : __rdx + 0x60) + _t139;
				memmove(_t175, _t182, _t126);
				 *((char*)(( !=  ?  *((void*)(__rdx + 0x60)) : __rdx + 0x60) + _t139 + 0xffffffff)) = 0;
				goto 0x12717663;
				 *((long long*)(_t186 + 0x20)) = 0xffffffff;
				r8d = 0;
				E00007FFA7FFA126E2190(__rdx + 0x60, 0xffffffff, 0, __rdx, _t116, __r13, __r15);
				_t143 =  *((intOrPtr*)(_t183 + 0x70));
				_t190 = _t143;
				if ( *((intOrPtr*)(_t183 + 0x78)) - _t143 - 0xa < 0) goto 0x127176b2;
				 *((long long*)(_t183 + 0x70)) = _t143 + 0xa;
				_t131 =  !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60;
				_t132 = ( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t190;
				r8d = 0xa;
				memmove(??, ??, ??);
				 *((char*)(( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t190 + 0xa)) = 0;
				goto 0x127176d2;
				 *((long long*)(_t186 + 0x20)) = 0xa;
				r8d = 0;
				_t34 = _t190 + 0xa; // 0xa
				E00007FFA7FFA126E2190(_t183 + 0x60, ", format: ", 0, _t183, ", format: ", _t202, _t204);
				if ( *((char*)( *((intOrPtr*)(_t183 + 0x40)) + 0xffffffff)) != 0) goto 0x127176e0;
				_t147 =  *((intOrPtr*)(_t183 + 0x70));
				if (0xffffffff -  *((intOrPtr*)(_t183 + 0x78)) - _t147 > 0) goto 0x12717730;
				 *((long long*)(_t183 + 0x70)) = _t147 + 0xffffffff;
				_t134 =  !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60;
				_t135 = ( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t147;
				memmove(??, ??, ??);
				 *((char*)(( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t147 + 0xffffffff)) = 0;
				goto 0x12717744;
				 *((long long*)(_t186 + 0x20)) = 0xffffffff;
				r8d = 0;
				E00007FFA7FFA126E2190(_t183 + 0x60, 0xffffffff, 0, _t183,  *((intOrPtr*)(_t183 + 0x40)), _t202, _t204);
				 *((long long*)(_t183 + 0x80)) = 0;
				 *((long long*)(_t183 + 0x90)) = 0;
				 *((long long*)(_t183 + 0x98)) = 0xf;
				 *((char*)(_t183 + 0x80)) = 0;
				asm("o16 nop [eax+eax]");
				if ( *((char*)( *((intOrPtr*)(_t183 + 0x48)) + 0xffffffff)) != 0) goto 0x12717780;
				E00007FFA7FFA126E9100(( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t147, _t183 + 0x80,  *((intOrPtr*)(_t183 + 0x48)), 0, __r14);
				_t84 = E00007FFA7FFA126FE5B0( *((intOrPtr*)(_t183 + 0x38)), _t34,  *((intOrPtr*)(_t183 + 0x78)) - _t147, ( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t147, _t183 + 0x80, _t183 + 0x80, __rsi, _t183,  *((intOrPtr*)(_t183 + 0x30)), _t183 + 0x60);
				_t169 =  *((intOrPtr*)(_t183 + 0x98));
				if ((_t84 & 0xffffff00 | _t169 - 0x00000010 >= 0x00000000) == 0) goto 0x127177fb;
				if (_t169 + 1 - 0x1000 < 0) goto 0x127177f5;
				_t64 =  *((intOrPtr*)(_t183 + 0x80)) -  *((intOrPtr*)( *((intOrPtr*)(_t183 + 0x80)) - 8)) - 8; // -8
				if (_t64 - 0x1f > 0) goto 0x127177ee;
				goto 0x127177f5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t86 = E00007FFA7FFA127056E4();
				_t172 =  *((intOrPtr*)(_t183 + 0x78));
				if ((_t86 & 0xffffff00 | _t172 - 0x00000010 >= 0x00000000) == 0) goto 0x12717841;
				if (_t172 + 1 - 0x1000 < 0) goto 0x1271783b;
				_t70 =  *((intOrPtr*)(_t183 + 0x60)) -  *((intOrPtr*)( *((intOrPtr*)(_t183 + 0x60)) - 8)) - 8; // -8
				if (_t70 - 0x1f > 0) goto 0x12717834;
				goto 0x1271783b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFA7FFA127056E4();
			}























                                                                                                                0x7ffa12717570
                                                                                                                0x7ffa12717570
                                                                                                                0x7ffa12717570
                                                                                                                0x7ffa12717578
                                                                                                                0x7ffa1271757c
                                                                                                                0x7ffa1271757f
                                                                                                                0x7ffa12717587
                                                                                                                0x7ffa1271758f
                                                                                                                0x7ffa12717597
                                                                                                                0x7ffa127175a0
                                                                                                                0x7ffa127175a5
                                                                                                                0x7ffa127175ad
                                                                                                                0x7ffa127175b5
                                                                                                                0x7ffa127175bc
                                                                                                                0x7ffa127175bf
                                                                                                                0x7ffa127175c6
                                                                                                                0x7ffa127175ca
                                                                                                                0x7ffa127175d0
                                                                                                                0x7ffa127175da
                                                                                                                0x7ffa127175dd
                                                                                                                0x7ffa127175e1
                                                                                                                0x7ffa127175e9
                                                                                                                0x7ffa127175ec
                                                                                                                0x7ffa12717607
                                                                                                                0x7ffa12717609
                                                                                                                0x7ffa1271761d
                                                                                                                0x7ffa12717622
                                                                                                                0x7ffa12717633
                                                                                                                0x7ffa12717638
                                                                                                                0x7ffa12717644
                                                                                                                0x7ffa12717649
                                                                                                                0x7ffa1271764d
                                                                                                                0x7ffa1271764f
                                                                                                                0x7ffa12717654
                                                                                                                0x7ffa1271765e
                                                                                                                0x7ffa12717663
                                                                                                                0x7ffa12717667
                                                                                                                0x7ffa12717678
                                                                                                                0x7ffa1271767e
                                                                                                                0x7ffa1271768f
                                                                                                                0x7ffa12717694
                                                                                                                0x7ffa12717697
                                                                                                                0x7ffa127176a7
                                                                                                                0x7ffa127176ac
                                                                                                                0x7ffa127176b0
                                                                                                                0x7ffa127176b2
                                                                                                                0x7ffa127176c2
                                                                                                                0x7ffa127176c5
                                                                                                                0x7ffa127176cd
                                                                                                                0x7ffa127176e8
                                                                                                                0x7ffa127176ea
                                                                                                                0x7ffa127176fe
                                                                                                                0x7ffa12717703
                                                                                                                0x7ffa12717714
                                                                                                                0x7ffa12717719
                                                                                                                0x7ffa12717725
                                                                                                                0x7ffa1271772a
                                                                                                                0x7ffa1271772e
                                                                                                                0x7ffa12717730
                                                                                                                0x7ffa12717735
                                                                                                                0x7ffa1271773f
                                                                                                                0x7ffa12717744
                                                                                                                0x7ffa1271774f
                                                                                                                0x7ffa1271775a
                                                                                                                0x7ffa12717765
                                                                                                                0x7ffa12717777
                                                                                                                0x7ffa12717788
                                                                                                                0x7ffa12717791
                                                                                                                0x7ffa127177a9
                                                                                                                0x7ffa127177af
                                                                                                                0x7ffa127177bf
                                                                                                                0x7ffa127177d2
                                                                                                                0x7ffa127177df
                                                                                                                0x7ffa127177e7
                                                                                                                0x7ffa127177ec
                                                                                                                0x7ffa127177ee
                                                                                                                0x7ffa127177f4
                                                                                                                0x7ffa127177f5
                                                                                                                0x7ffa127177fb
                                                                                                                0x7ffa12717808
                                                                                                                0x7ffa12717818
                                                                                                                0x7ffa12717825
                                                                                                                0x7ffa1271782d
                                                                                                                0x7ffa12717832
                                                                                                                0x7ffa12717834
                                                                                                                0x7ffa1271783a
                                                                                                                0x7ffa12717852

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA127056A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA126E8F4E), ref: 00007FFA127056C2
                                                                                                                • memmove.VCRUNTIME140 ref: 00007FFA12717644
                                                                                                                • memmove.VCRUNTIME140 ref: 00007FFA127176A7
                                                                                                                • memmove.VCRUNTIME140 ref: 00007FFA12717725
                                                                                                                  • Part of subcall function 00007FFA126E2190: memmove.VCRUNTIME140 ref: 00007FFA126E227D
                                                                                                                  • Part of subcall function 00007FFA126E2190: memmove.VCRUNTIME140 ref: 00007FFA126E228B
                                                                                                                  • Part of subcall function 00007FFA126E2190: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E22C4
                                                                                                                  • Part of subcall function 00007FFA126E2190: memmove.VCRUNTIME140 ref: 00007FFA126E22CE
                                                                                                                  • Part of subcall function 00007FFA126E2190: memmove.VCRUNTIME140 ref: 00007FFA126E22DC
                                                                                                                  • Part of subcall function 00007FFA126E2190: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA126E2311
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA127177EE
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA12717834
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$_invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmalloc
                                                                                                                • String ID: %$, format: $/$ion:
                                                                                                                • API String ID: 1572157692-3554288949
                                                                                                                • Opcode ID: 764f7d54c2aedc5919306d86eb10726ca7ba4efa90576696c1bcf53d7cfcd671
                                                                                                                • Instruction ID: 5a56dbcf35b3fc230f49cd459729022e0c13cb22786a11d1ca7affb504efbf01
                                                                                                                • Opcode Fuzzy Hash: 764f7d54c2aedc5919306d86eb10726ca7ba4efa90576696c1bcf53d7cfcd671
                                                                                                                • Instruction Fuzzy Hash: E2818262A04B8589EB148F38D8403ED67A1FF437E8F558235EA5D07AD9EFB8D548C740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12717250 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 182COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 31%
                                                                                                                			E00007FFA7FFA12717250(void* __edi, long long __rax, void* __rcx, long long __rdx, void* __rsi, void* __r13, void* __r14, void* __r15) {
				void* __rbx;
				void* __rdi;
				void* __rbp;
				void* _t71;
				signed int _t84;
				signed int _t86;
				intOrPtr _t90;
				intOrPtr _t116;
				int _t126;
				intOrPtr _t139;
				intOrPtr _t143;
				intOrPtr _t147;
				intOrPtr _t169;
				intOrPtr _t172;
				void* _t175;
				void* _t182;
				long long _t183;
				void* _t185;
				void* _t186;
				intOrPtr _t190;

				_t204 = __r15;
				_t202 = __r13;
				 *((long long*)(_t185 + 0x10)) = __rdx;
				_t186 = _t185 - 0x30;
				_t183 = __rdx;
				 *((long long*)(__rdx + 0x70)) = 0;
				 *((long long*)(__rdx + 0x80)) = 0;
				 *((long long*)(__rdx + 0x88)) = 0xf;
				 *((char*)(__rdx + 0x70)) = 0;
				E00007FFA7FFA127056A8(_t71, __rax, __rcx);
				 *((long long*)(__rdx + 0x80)) = 0x25;
				 *((long long*)(__rdx + 0x88)) = 0x2f;
				asm("movups xmm0, [0x4da0]");
				asm("movups [eax], xmm0");
				asm("movups xmm1, [0x4da6]");
				asm("movups [eax+0x10], xmm1");
				_t90 =  *0x1271c068; // 0x3a6e6f69
				 *((intOrPtr*)(__rax + 0x20)) = _t90;
				 *((char*)(__rax + 0x24)) =  *0x1271c06c & 0x000000ff;
				 *((char*)(__rax + 0x25)) = 0;
				 *((long long*)(__rdx + 0x70)) = __rax;
				_t116 =  *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x60))));
				 *((intOrPtr*)(_t116 + 8))();
				if ( *((char*)(_t116 + 0xffffffff)) != 0) goto 0x127172e5;
				_t139 =  *((intOrPtr*)(__rdx + 0x80));
				if (0xffffffff -  *((intOrPtr*)(__rdx + 0x88)) - _t139 > 0) goto 0x1271733d;
				 *((long long*)(__rdx + 0x80)) = _t139 + 0xffffffff;
				_t128 =  !=  ?  *((void*)(__rdx + 0x70)) : __rdx + 0x70;
				_t129 = ( !=  ?  *((void*)(__rdx + 0x70)) : __rdx + 0x70) + _t139;
				memmove(_t175, _t182, _t126);
				 *((char*)(( !=  ?  *((void*)(__rdx + 0x70)) : __rdx + 0x70) + _t139 + 0xffffffff)) = 0;
				goto 0x12717351;
				 *((long long*)(_t186 + 0x20)) = 0xffffffff;
				r8d = 0;
				E00007FFA7FFA126E2190(__rdx + 0x70, 0xffffffff, 0, __rdx, _t116, __r13, __r15);
				_t143 =  *((intOrPtr*)(_t183 + 0x80));
				_t190 = _t143;
				if ( *((intOrPtr*)(_t183 + 0x88)) - _t143 - 0xa < 0) goto 0x127173a9;
				 *((long long*)(_t183 + 0x80)) = _t143 + 0xa;
				_t131 =  !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70;
				_t132 = ( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t190;
				r8d = 0xa;
				memmove(??, ??, ??);
				 *((char*)(( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t190 + 0xa)) = 0;
				goto 0x127173c9;
				 *((long long*)(_t186 + 0x20)) = 0xa;
				r8d = 0;
				_t34 = _t190 + 0xa; // 0xa
				E00007FFA7FFA126E2190(_t183 + 0x70, ", format: ", 0, _t183, ", format: ", _t202, _t204);
				if ( *((char*)( *((intOrPtr*)(_t183 + 0x50)) + 0xffffffff)) != 0) goto 0x127173d4;
				_t147 =  *((intOrPtr*)(_t183 + 0x80));
				if (0xffffffff -  *((intOrPtr*)(_t183 + 0x88)) - _t147 > 0) goto 0x1271742d;
				 *((long long*)(_t183 + 0x80)) = _t147 + 0xffffffff;
				_t134 =  !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70;
				_t135 = ( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t147;
				memmove(??, ??, ??);
				 *((char*)(( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t147 + 0xffffffff)) = 0;
				goto 0x12717441;
				 *((long long*)(_t186 + 0x20)) = 0xffffffff;
				r8d = 0;
				E00007FFA7FFA126E2190(_t183 + 0x70, 0xffffffff, 0, _t183,  *((intOrPtr*)(_t183 + 0x50)), _t202, _t204);
				 *((long long*)(_t183 + 0x90)) = 0;
				 *((long long*)(_t183 + 0xa0)) = 0;
				 *((long long*)(_t183 + 0xa8)) = 0xf;
				 *((char*)(_t183 + 0x90)) = 0;
				if ( *((char*)( *((intOrPtr*)(_t183 + 0x58)) + 0xffffffff)) != 0) goto 0x12717474;
				E00007FFA7FFA126E9100(( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t147, _t183 + 0x90,  *((intOrPtr*)(_t183 + 0x58)), 0, __r14);
				_t84 = E00007FFA7FFA126FE5B0( *((intOrPtr*)(_t183 + 0x38)), _t34,  *((intOrPtr*)(_t183 + 0x88)) - _t147, ( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t147, _t183 + 0x90, _t183 + 0x90, __rsi, _t183,  *((intOrPtr*)(_t183 + 0x30)), _t183 + 0x70);
				_t169 =  *((intOrPtr*)(_t183 + 0xa8));
				if ((_t84 & 0xffffff00 | _t169 - 0x00000010 >= 0x00000000) == 0) goto 0x127174ef;
				if (_t169 + 1 - 0x1000 < 0) goto 0x127174e9;
				_t64 =  *((intOrPtr*)(_t183 + 0x90)) -  *((intOrPtr*)( *((intOrPtr*)(_t183 + 0x90)) - 8)) - 8; // -8
				if (_t64 - 0x1f > 0) goto 0x127174e2;
				goto 0x127174e9;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t86 = E00007FFA7FFA127056E4();
				_t172 =  *((intOrPtr*)(_t183 + 0x88));
				if ((_t86 & 0xffffff00 | _t172 - 0x00000010 >= 0x00000000) == 0) goto 0x12717538;
				if (_t172 + 1 - 0x1000 < 0) goto 0x12717532;
				_t70 =  *((intOrPtr*)(_t183 + 0x70)) -  *((intOrPtr*)( *((intOrPtr*)(_t183 + 0x70)) - 8)) - 8; // -8
				if (_t70 - 0x1f > 0) goto 0x1271752b;
				goto 0x12717532;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFA7FFA127056E4();
			}























                                                                                                                0x7ffa12717250
                                                                                                                0x7ffa12717250
                                                                                                                0x7ffa12717250
                                                                                                                0x7ffa12717258
                                                                                                                0x7ffa1271725c
                                                                                                                0x7ffa1271725f
                                                                                                                0x7ffa12717267
                                                                                                                0x7ffa12717272
                                                                                                                0x7ffa1271727d
                                                                                                                0x7ffa12717286
                                                                                                                0x7ffa1271728b
                                                                                                                0x7ffa12717296
                                                                                                                0x7ffa127172a1
                                                                                                                0x7ffa127172a8
                                                                                                                0x7ffa127172ab
                                                                                                                0x7ffa127172b2
                                                                                                                0x7ffa127172b6
                                                                                                                0x7ffa127172bc
                                                                                                                0x7ffa127172c6
                                                                                                                0x7ffa127172c9
                                                                                                                0x7ffa127172cd
                                                                                                                0x7ffa127172d5
                                                                                                                0x7ffa127172d8
                                                                                                                0x7ffa127172ec
                                                                                                                0x7ffa127172ee
                                                                                                                0x7ffa12717308
                                                                                                                0x7ffa1271730d
                                                                                                                0x7ffa12717321
                                                                                                                0x7ffa12717326
                                                                                                                0x7ffa12717332
                                                                                                                0x7ffa12717337
                                                                                                                0x7ffa1271733b
                                                                                                                0x7ffa1271733d
                                                                                                                0x7ffa12717342
                                                                                                                0x7ffa1271734c
                                                                                                                0x7ffa12717351
                                                                                                                0x7ffa12717358
                                                                                                                0x7ffa1271736c
                                                                                                                0x7ffa12717372
                                                                                                                0x7ffa12717386
                                                                                                                0x7ffa1271738b
                                                                                                                0x7ffa1271738e
                                                                                                                0x7ffa1271739e
                                                                                                                0x7ffa127173a3
                                                                                                                0x7ffa127173a7
                                                                                                                0x7ffa127173a9
                                                                                                                0x7ffa127173b9
                                                                                                                0x7ffa127173bc
                                                                                                                0x7ffa127173c4
                                                                                                                0x7ffa127173dc
                                                                                                                0x7ffa127173de
                                                                                                                0x7ffa127173f8
                                                                                                                0x7ffa127173fd
                                                                                                                0x7ffa12717411
                                                                                                                0x7ffa12717416
                                                                                                                0x7ffa12717422
                                                                                                                0x7ffa12717427
                                                                                                                0x7ffa1271742b
                                                                                                                0x7ffa1271742d
                                                                                                                0x7ffa12717432
                                                                                                                0x7ffa1271743c
                                                                                                                0x7ffa12717441
                                                                                                                0x7ffa1271744c
                                                                                                                0x7ffa12717457
                                                                                                                0x7ffa12717462
                                                                                                                0x7ffa1271747c
                                                                                                                0x7ffa12717485
                                                                                                                0x7ffa1271749d
                                                                                                                0x7ffa127174a3
                                                                                                                0x7ffa127174b3
                                                                                                                0x7ffa127174c6
                                                                                                                0x7ffa127174d3
                                                                                                                0x7ffa127174db
                                                                                                                0x7ffa127174e0
                                                                                                                0x7ffa127174e2
                                                                                                                0x7ffa127174e8
                                                                                                                0x7ffa127174e9
                                                                                                                0x7ffa127174ef
                                                                                                                0x7ffa127174ff
                                                                                                                0x7ffa1271750f
                                                                                                                0x7ffa1271751c
                                                                                                                0x7ffa12717524
                                                                                                                0x7ffa12717529
                                                                                                                0x7ffa1271752b
                                                                                                                0x7ffa12717531
                                                                                                                0x7ffa12717549

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA127056A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA126E8F4E), ref: 00007FFA127056C2
                                                                                                                • memmove.VCRUNTIME140 ref: 00007FFA12717332
                                                                                                                • memmove.VCRUNTIME140 ref: 00007FFA1271739E
                                                                                                                • memmove.VCRUNTIME140 ref: 00007FFA12717422
                                                                                                                  • Part of subcall function 00007FFA126E2190: memmove.VCRUNTIME140 ref: 00007FFA126E227D
                                                                                                                  • Part of subcall function 00007FFA126E2190: memmove.VCRUNTIME140 ref: 00007FFA126E228B
                                                                                                                  • Part of subcall function 00007FFA126E2190: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E22C4
                                                                                                                  • Part of subcall function 00007FFA126E2190: memmove.VCRUNTIME140 ref: 00007FFA126E22CE
                                                                                                                  • Part of subcall function 00007FFA126E2190: memmove.VCRUNTIME140 ref: 00007FFA126E22DC
                                                                                                                  • Part of subcall function 00007FFA126E2190: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA126E2311
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA127174E2
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA1271752B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$_invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmalloc
                                                                                                                • String ID: %$, format: $/$ion:
                                                                                                                • API String ID: 1572157692-3554288949
                                                                                                                • Opcode ID: 2e86a5524188332671f7c357afa538eb368835725a40ef4b1bd461567a191280
                                                                                                                • Instruction ID: 641f04fa97411ab0ad918be6e995008bc53d107eb51f51a7116b48f12a446d76
                                                                                                                • Opcode Fuzzy Hash: 2e86a5524188332671f7c357afa538eb368835725a40ef4b1bd461567a191280
                                                                                                                • Instruction Fuzzy Hash: CE817262A04AC589EB248F74D8403ED67A1FB437E8F559235DA9D07AD9EFB8D148C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12715FA0 Relevance: 15.1, APIs: 10, Instructions: 139COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Event$CloseHandle$Create$ObjectOpenResetSingleWait
                                                                                                                • String ID:
                                                                                                                • API String ID: 3951656645-0
                                                                                                                • Opcode ID: e70b6efb45fd57b730ffd615a8e7d69745b853a7db37e14f4ef59c49c9d22bbf
                                                                                                                • Instruction ID: 770d83852417273b39609a5264538ecde146bdbb51067d223385f9f0b28e99de
                                                                                                                • Opcode Fuzzy Hash: e70b6efb45fd57b730ffd615a8e7d69745b853a7db37e14f4ef59c49c9d22bbf
                                                                                                                • Instruction Fuzzy Hash: 9751613260CA8186EB518B14E54073B67F1EF47BB0F559235EA9D07A9DEF6DD4488F00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA1270AAD0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 218COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 29%
                                                                                                                			E00007FFA7FFA1270AAD0(long long __rbx, long long* __rcx, void* __rdx, long long __rsi) {
				void* _t21;
				void* _t22;
				void* _t26;
				long long _t44;
				long long _t50;
				unsigned long long _t57;
				signed long long _t66;
				int _t71;
				long long* _t72;
				long long _t79;
				unsigned long long _t80;
				void* _t82;
				void* _t86;
				intOrPtr _t87;
				void* _t89;
				signed long long _t90;

				 *((long long*)(_t82 + 8)) = __rbx;
				 *((long long*)(_t82 + 0x10)) = _t79;
				 *((long long*)(_t82 + 0x18)) = __rsi;
				_t72 = __rcx;
				_t87 =  *((intOrPtr*)(__rcx + 0x10));
				if (0xffffffff - _t87 - __rdx < 0) goto 0x1270ac11;
				_t90 = _t87 + __rdx;
				_t80 =  *((intOrPtr*)(__rcx + 0x18));
				_t66 = _t90 | 0x0000000f;
				if (_t66 - 0xffffffff > 0) goto 0x1270ab56;
				_t57 = _t80 >> 1;
				if (_t80 - 0xffffffff - _t57 > 0) goto 0x1270ab56;
				_t50 =  <  ? _t57 + _t80 : _t66;
				_t44 = _t50 + 1;
				if (_t44 - 0x1000 < 0) goto 0x1270ab7f;
				if (_t44 + 0x27 - _t44 <= 0) goto 0x1270ac17;
				goto 0x1270ab60;
				_t22 = E00007FFA7FFA127056A8(_t21, _t44, 0x27);
				if (_t44 == 0) goto 0x1270ab78;
				_t10 = _t44 + 0x27; // 0x27
				 *((long long*)((_t10 & 0xffffffe0) - 8)) = _t44;
				goto 0x1270ab93;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				if (_t44 == 0) goto 0x1270ab91;
				E00007FFA7FFA127056A8(_t22, _t44, _t44);
				goto 0x1270ab93;
				 *(_t72 + 0x10) = _t90;
				 *((long long*)(_t72 + 0x18)) = _t50;
				if (_t80 - 0x10 < 0) goto 0x1270abea;
				memmove(_t89, _t86, _t71);
				_t15 = _t80 + 1; // 0x7ffa1270aee2
				if (_t15 - 0x1000 < 0) goto 0x1270abd8;
				_t17 =  *_t72 -  *((intOrPtr*)( *_t72 - 8)) - 8; // 0x7ffffffffffffff7
				if (_t17 - 0x1f > 0) goto 0x1270abe3;
				E00007FFA7FFA127056E4();
				goto 0x1270abf2;
				__imp___invalid_parameter_noinfo_noreturn();
				_t26 = memmove(??, ??, ??);
				 *_t72 = _t44;
				return _t26;
			}



















                                                                                                                0x7ffa1270aad0
                                                                                                                0x7ffa1270aad5
                                                                                                                0x7ffa1270aada
                                                                                                                0x7ffa1270aae8
                                                                                                                0x7ffa1270aaeb
                                                                                                                0x7ffa1270ab02
                                                                                                                0x7ffa1270ab08
                                                                                                                0x7ffa1270ab0c
                                                                                                                0x7ffa1270ab13
                                                                                                                0x7ffa1270ab1a
                                                                                                                0x7ffa1270ab1f
                                                                                                                0x7ffa1270ab2b
                                                                                                                0x7ffa1270ab37
                                                                                                                0x7ffa1270ab3b
                                                                                                                0x7ffa1270ab45
                                                                                                                0x7ffa1270ab4e
                                                                                                                0x7ffa1270ab54
                                                                                                                0x7ffa1270ab60
                                                                                                                0x7ffa1270ab68
                                                                                                                0x7ffa1270ab6a
                                                                                                                0x7ffa1270ab72
                                                                                                                0x7ffa1270ab76
                                                                                                                0x7ffa1270ab78
                                                                                                                0x7ffa1270ab7e
                                                                                                                0x7ffa1270ab82
                                                                                                                0x7ffa1270ab87
                                                                                                                0x7ffa1270ab8f
                                                                                                                0x7ffa1270ab93
                                                                                                                0x7ffa1270ab97
                                                                                                                0x7ffa1270aba6
                                                                                                                0x7ffa1270abae
                                                                                                                0x7ffa1270abb3
                                                                                                                0x7ffa1270abbe
                                                                                                                0x7ffa1270abcb
                                                                                                                0x7ffa1270abd3
                                                                                                                0x7ffa1270abdb
                                                                                                                0x7ffa1270abe1
                                                                                                                0x7ffa1270abe3
                                                                                                                0x7ffa1270abed
                                                                                                                0x7ffa1270abf2
                                                                                                                0x7ffa1270ac10

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFA1270AD8C), ref: 00007FFA1270AB78
                                                                                                                • memmove.VCRUNTIME140(?,?,00007FFA1270AD8C), ref: 00007FFA1270ABAE
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00007FFA1270AD8C), ref: 00007FFA1270ABE3
                                                                                                                • memmove.VCRUNTIME140(?,?,00007FFA1270AD8C), ref: 00007FFA1270ABED
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA1270AC17
                                                                                                                • ?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z.MSVCP140 ref: 00007FFA1270ACCE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturnmemmove$?out@?$codecvt@_Concurrency::cancel_current_taskMbstatet@@Mbstatet@@@std@@
                                                                                                                • String ID: Could not convert character encoding$libs\log\src\code_conversion.cpp
                                                                                                                • API String ID: 3477520665-1764552477
                                                                                                                • Opcode ID: 56764df3a3984372a2aa7afd52aef336f6e9c66760b295be2c42a92fce1fa63b
                                                                                                                • Instruction ID: e0f0a4868ba19516c52e6efec918f6077bb920819b860822e7371de6af23480f
                                                                                                                • Opcode Fuzzy Hash: 56764df3a3984372a2aa7afd52aef336f6e9c66760b295be2c42a92fce1fa63b
                                                                                                                • Instruction Fuzzy Hash: 5E81C226B09F8185EB109B55E4002EA63B5FB4BBE4F558631EF5C07B89DFBCD5488B04
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126EFB10 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 201COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 17%
                                                                                                                			E00007FFA7FFA126EFB10(void* __eflags, long long __rcx, intOrPtr* __rdx) {
				void* __rbx;
				void* __rbp;
				void* _t80;
				void* _t83;
				signed long long _t114;
				long long _t134;
				signed long long _t163;
				signed long long _t166;
				signed long long _t169;
				intOrPtr _t172;
				signed long long _t178;
				intOrPtr _t181;
				void* _t184;
				void* _t185;
				void* _t186;

				_t185 = _t186 - 0x47;
				_t114 =  *0x1272ec78; // 0xf623ed34940b
				 *(_t185 + 0x3f) = _t114 ^ _t186 - 0x000000b0;
				_t134 = __rcx;
				 *((intOrPtr*)(_t185 - 0x49)) = r8d;
				r8d = r8d - 1;
				if (__eflags == 0) goto 0x126efced;
				if (r8d != 1) goto 0x126efdc3;
				E00007FFA7FFA126ED4C0(_t114 ^ _t186 - 0x000000b0, __rcx, _t185 - 0x21,  *__rdx, _t184);
				_t158 =  >=  ?  *((void*)(_t185 - 0x21)) : _t185 - 0x21;
				E00007FFA7FFA126F3FF0(_t80, _t134, _t185 - 0x41,  >=  ?  *((void*)(_t185 - 0x21)) : _t185 - 0x21, _t184, _t185);
				if ( *((long long*)(_t134 + 0x38)) - 0x10 < 0) goto 0x126efb7c;
				E00007FFA7FFA126F3FF0(_t80, _t134, _t185 + 0x1f,  *((intOrPtr*)(_t134 + 0x20)), _t184, _t185);
				if ( *((long long*)(_t134 + 0x58)) - 0x10 < 0) goto 0x126efb94;
				E00007FFA7FFA126F3FF0(_t80, _t134, _t185 - 1,  *((intOrPtr*)(_t134 + 0x40)), _t184, _t185);
				_t163 =  *((intOrPtr*)(_t185 + 0x17));
				if (_t163 - 8 < 0) goto 0x126efbf0;
				if (2 + _t163 * 2 - 0x1000 < 0) goto 0x126efbeb;
				if ( *((intOrPtr*)(_t185 - 1)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 - 1)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126efbeb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				 *((long long*)(_t185 + 0xf)) = _t134;
				 *((long long*)(_t185 + 0x17)) = 7;
				 *((short*)(_t185 - 1)) = 0;
				_t166 =  *((intOrPtr*)(_t185 + 0x37));
				if (_t166 - 8 < 0) goto 0x126efc45;
				if (2 + _t166 * 2 - 0x1000 < 0) goto 0x126efc40;
				if ( *((intOrPtr*)(_t185 + 0x1f)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 + 0x1f)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126efc40;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				 *((long long*)(_t185 + 0x2f)) = _t134;
				 *((long long*)(_t185 + 0x37)) = 7;
				 *((short*)(_t185 + 0x1f)) = 0;
				_t169 =  *((intOrPtr*)(_t185 - 0x29));
				if (_t169 - 8 < 0) goto 0x126efc98;
				if (2 + _t169 * 2 - 0x1000 < 0) goto 0x126efc93;
				if ( *((intOrPtr*)(_t185 - 0x41)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 - 0x41)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126efc93;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				 *((long long*)(_t185 - 0x31)) = _t134;
				 *((long long*)(_t185 - 0x29)) = 7;
				 *((short*)(_t185 - 0x41)) = 0;
				_t172 =  *((intOrPtr*)(_t185 - 9));
				if (_t172 - 0x10 < 0) goto 0x126efdaa;
				_t146 =  *((intOrPtr*)(_t185 - 0x21));
				if (_t172 + 1 - 0x1000 < 0) goto 0x126efda5;
				if ( *((intOrPtr*)(_t185 - 0x21)) -  *((intOrPtr*)(_t146 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126efda5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA126ED4C0( *((intOrPtr*)(_t185 - 0x21)) -  *((intOrPtr*)(_t146 - 8)) + 0xfffffff8, _t134,  *((intOrPtr*)(_t146 - 8)),  *((intOrPtr*)(_t172 + 0x28)), _t184);
				_t177 =  >=  ?  *((void*)(_t185 - 0x21)) : _t185 - 0x21;
				E00007FFA7FFA126F3FF0(0, _t134, _t185 - 0x41,  >=  ?  *((void*)(_t185 - 0x21)) : _t185 - 0x21, _t184, _t185);
				_t178 =  *((intOrPtr*)(_t185 - 0x29));
				if (_t178 - 8 < 0) goto 0x126efd5a;
				if (2 + _t178 * 2 - 0x1000 < 0) goto 0x126efd55;
				if ( *((intOrPtr*)(_t185 - 0x41)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 - 0x41)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126efd55;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				 *((long long*)(_t185 - 0x31)) = _t134;
				 *((long long*)(_t185 - 0x29)) = 7;
				 *((short*)(_t185 - 0x41)) = 0;
				_t181 =  *((intOrPtr*)(_t185 - 9));
				if (_t181 - 0x10 < 0) goto 0x126efdaa;
				if (_t181 + 1 - 0x1000 < 0) goto 0x126efda5;
				if ( *((intOrPtr*)(_t185 - 0x21)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 - 0x21)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126efda5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				return E00007FFA7FFA12705E20(0xa + ( *((intOrPtr*)(_t185 - 0x21)) -  *((intOrPtr*)(_t146 - 8)) + 0xfffffff8) * 2, _t83,  *(_t185 + 0x3f) ^ _t186 - 0x000000b0);
			}


















                                                                                                                0x7ffa126efb14
                                                                                                                0x7ffa126efb20
                                                                                                                0x7ffa126efb2a
                                                                                                                0x7ffa126efb2e
                                                                                                                0x7ffa126efb31
                                                                                                                0x7ffa126efb35
                                                                                                                0x7ffa126efb3d
                                                                                                                0x7ffa126efb47
                                                                                                                0x7ffa126efb50
                                                                                                                0x7ffa126efb5f
                                                                                                                0x7ffa126efb68
                                                                                                                0x7ffa126efb77
                                                                                                                0x7ffa126efb80
                                                                                                                0x7ffa126efb8f
                                                                                                                0x7ffa126efb98
                                                                                                                0x7ffa126efbad
                                                                                                                0x7ffa126efbb5
                                                                                                                0x7ffa126efbcd
                                                                                                                0x7ffa126efbe2
                                                                                                                0x7ffa126efbe4
                                                                                                                0x7ffa126efbea
                                                                                                                0x7ffa126efbeb
                                                                                                                0x7ffa126efbf2
                                                                                                                0x7ffa126efbf6
                                                                                                                0x7ffa126efbfe
                                                                                                                0x7ffa126efc02
                                                                                                                0x7ffa126efc0a
                                                                                                                0x7ffa126efc22
                                                                                                                0x7ffa126efc37
                                                                                                                0x7ffa126efc39
                                                                                                                0x7ffa126efc3f
                                                                                                                0x7ffa126efc40
                                                                                                                0x7ffa126efc45
                                                                                                                0x7ffa126efc49
                                                                                                                0x7ffa126efc51
                                                                                                                0x7ffa126efc55
                                                                                                                0x7ffa126efc5d
                                                                                                                0x7ffa126efc75
                                                                                                                0x7ffa126efc8a
                                                                                                                0x7ffa126efc8c
                                                                                                                0x7ffa126efc92
                                                                                                                0x7ffa126efc93
                                                                                                                0x7ffa126efc98
                                                                                                                0x7ffa126efc9c
                                                                                                                0x7ffa126efca4
                                                                                                                0x7ffa126efca8
                                                                                                                0x7ffa126efcb0
                                                                                                                0x7ffa126efcb9
                                                                                                                0x7ffa126efcc7
                                                                                                                0x7ffa126efce0
                                                                                                                0x7ffa126efce6
                                                                                                                0x7ffa126efcec
                                                                                                                0x7ffa126efcf0
                                                                                                                0x7ffa126efcff
                                                                                                                0x7ffa126efd08
                                                                                                                0x7ffa126efd17
                                                                                                                0x7ffa126efd1f
                                                                                                                0x7ffa126efd37
                                                                                                                0x7ffa126efd4c
                                                                                                                0x7ffa126efd4e
                                                                                                                0x7ffa126efd54
                                                                                                                0x7ffa126efd55
                                                                                                                0x7ffa126efd5c
                                                                                                                0x7ffa126efd60
                                                                                                                0x7ffa126efd68
                                                                                                                0x7ffa126efd6c
                                                                                                                0x7ffa126efd74
                                                                                                                0x7ffa126efd87
                                                                                                                0x7ffa126efd9c
                                                                                                                0x7ffa126efd9e
                                                                                                                0x7ffa126efda4
                                                                                                                0x7ffa126efda5
                                                                                                                0x7ffa126efdc2

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EFBE4
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EFC39
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EFC8C
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EFCE6
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EFD4E
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EFD9E
                                                                                                                • _CxxThrowException.VCRUNTIME140 ref: 00007FFA126EFDEB
                                                                                                                  • Part of subcall function 00007FFA126F3FF0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FFA126F3B6C), ref: 00007FFA126F404F
                                                                                                                  • Part of subcall function 00007FFA126F3FF0: memset.VCRUNTIME140(?,?,?,?,00000000,?,?,?,00000000,00007FFA126F3B6C), ref: 00007FFA126F40AC
                                                                                                                  • Part of subcall function 00007FFA126F3FF0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FFA126F3B6C), ref: 00007FFA126F40EA
                                                                                                                  • Part of subcall function 00007FFA126F3FF0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FFA126F3B6C), ref: 00007FFA126F4117
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ByteCharMultiWide$ExceptionThrowmemset
                                                                                                                • String ID: port level {} is invalid
                                                                                                                • API String ID: 2707084545-1214850675
                                                                                                                • Opcode ID: 619c08593106b327eb2595e6a48e8dd13a6d924617f3e977b70527240bc78195
                                                                                                                • Instruction ID: 43989f197db147096b124b3adbcc8627194a88049589d99ac259af58dc16048b
                                                                                                                • Opcode Fuzzy Hash: 619c08593106b327eb2595e6a48e8dd13a6d924617f3e977b70527240bc78195
                                                                                                                • Instruction Fuzzy Hash: 39819562F15E4286FF00DBB8D4443AD23B2EB467B8F419235EA2C466DDDEB8D445C704
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F4690 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 134COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(-00000068,?,?,[uninitialized],?,00007FFA12706ADE), ref: 00007FFA126F472B
                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(-00000068,?,?,[uninitialized],?,00007FFA12706ADE), ref: 00007FFA126F4786
                                                                                                                • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140(-00000068,?,?,[uninitialized],?,00007FFA12706ADE), ref: 00007FFA126F47A8
                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FFA126F47C9
                                                                                                                • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(-00000068,?,?,[uninitialized],?,00007FFA12706ADE), ref: 00007FFA126F4811
                                                                                                                • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FFA126F4818
                                                                                                                • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FFA126F4824
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                                                                                                                • String ID: [uninitialized]
                                                                                                                • API String ID: 1492985063-2099769388
                                                                                                                • Opcode ID: 289b43a0fd393f7efa8b98694c0fc63bfc4486ac80d57e856cfae009353a8c5f
                                                                                                                • Instruction ID: a97e0aa94c82d115e8ac99d9f865f5ce7f413e1ad31ea1e6efe310d21c6a4ba6
                                                                                                                • Opcode Fuzzy Hash: 289b43a0fd393f7efa8b98694c0fc63bfc4486ac80d57e856cfae009353a8c5f
                                                                                                                • Instruction Fuzzy Hash: E1513026609A4181EF208B19E594239A7F0FB86FA5F16C631CF6E47BE8DF79D4468700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA1270B790 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 88COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FFA1270B7DF
                                                                                                                • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FFA1270B7FE
                                                                                                                • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FFA1270B832
                                                                                                                  • Part of subcall function 00007FFA12706A70: AcquireSRWLockShared.KERNEL32 ref: 00007FFA12706A94
                                                                                                                  • Part of subcall function 00007FFA12706A70: ReleaseSRWLockShared.KERNEL32 ref: 00007FFA12706AB9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: U?$char_traits@$D@std@@@std@@$LockShared$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@AcquireD@std@@@1@_ReleaseV?$basic_streambuf@
                                                                                                                • String ID: $libs\log\src\thread_specific.cpp
                                                                                                                • API String ID: 804302166-328183245
                                                                                                                • Opcode ID: 05b077278ba9fbdf1c35c9293cc9b565f7c57c0c50682e50e734c736bbfc4936
                                                                                                                • Instruction ID: db10833e401d44bc7af01fec3ca4cc61f6961d7a40ad66ef44addcf8d440067f
                                                                                                                • Opcode Fuzzy Hash: 05b077278ba9fbdf1c35c9293cc9b565f7c57c0c50682e50e734c736bbfc4936
                                                                                                                • Instruction Fuzzy Hash: 39414332608F4586E710CF24E8803AA77B0FB87764F519135E68D57AA8EFB9D549CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA1270CD30 Relevance: 13.9, APIs: 9, Instructions: 430COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 51%
                                                                                                                			E00007FFA7FFA1270CD30(void* __eflags, long long __rax, void* __rcx, long long __rdx, void* __r9, void* __r11) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* _t80;
				void* _t93;
				void* _t102;
				intOrPtr* _t133;
				long long* _t135;
				long long _t138;
				intOrPtr _t146;
				intOrPtr* _t147;
				intOrPtr* _t148;
				void* _t151;
				intOrPtr _t153;
				intOrPtr* _t161;
				void* _t189;
				intOrPtr* _t190;
				intOrPtr* _t191;
				long long _t193;
				intOrPtr* _t195;
				void* _t197;
				void* _t198;
				intOrPtr* _t199;
				void* _t201;
				void* _t202;
				void* _t204;
				void* _t211;
				intOrPtr* _t212;
				long long _t214;
				long long _t216;
				long long _t218;
				void* _t220;
				long long _t222;
				intOrPtr* _t223;
				long long _t225;
				void* _t227;
				long long _t228;
				long long _t229;

				_t133 = __rax;
				 *((long long*)(_t204 + 0x10)) = __rdx;
				_t202 = _t204 - 0x1f;
				_t198 = __rcx;
				r13d = 0;
				 *((intOrPtr*)(_t202 - 0x59)) = r13d;
				 *((long long*)(__rdx)) = _t216;
				 *((intOrPtr*)(_t202 - 0x59)) = 1;
				E00007FFA7FFA127056A8(_t80, __rax, __rcx);
				 *((long long*)(_t202 + 0x67)) = __rax;
				E00007FFA7FFA1270C0C0(__rdx, __rax, _t198, _t227, _t220);
				_t190 = _t133;
				_t161 =  *((intOrPtr*)(__rdx));
				if (_t161 == 0) goto 0x1270cd91;
				if ( *((intOrPtr*)( *_t161 + 0x20))(_t151, _t201) == 0) goto 0x1270cd91;
				 *((long long*)(__rdx)) = _t216;
				 *((long long*)(__rdx)) = _t190;
				if (_t190 == 0) goto 0x1270cda2;
				 *((intOrPtr*)( *_t190 + 0x18))();
				_t199 =  *((intOrPtr*)(_t198 + 8));
				_t153 =  *_t199;
				if (_t153 == _t199) goto 0x1270d039;
				_t10 = _t190 + 8; // 0x8
				_t212 = _t10;
				 *((long long*)(_t202 + 0x7f)) = _t212;
				asm("o16 nop [eax+eax]");
				_t135 =  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x28))));
				 *((intOrPtr*)(_t135 + 8))();
				 *((long long*)(_t202 - 0x51)) = _t135;
				 *((long long*)(_t202 - 0x49)) = _t216;
				E00007FFA7FFA1270AF60(_t135, _t153, _t202 + 0x77, _t135, _t216);
				 *((long long*)(_t202 - 0x49)) =  *_t135;
				 *_t135 =  *((intOrPtr*)(_t202 - 0x49));
				_t191 =  *((intOrPtr*)(_t202 + 0x77));
				if (_t191 == 0) goto 0x1270ce28;
				asm("lock xadd [edi+0x8], eax");
				if (0xffffffff != 1) goto 0x1270ce28;
				 *((intOrPtr*)( *_t191 + 8))();
				asm("lock xadd [edi+0xc], eax");
				if (0xffffffff != 1) goto 0x1270ce28;
				E00007FFA7FFA12700730( *((intOrPtr*)( *_t191 + 0x10))(), _t202 - 0x51, _t135, _t135, __r9, _t211, _t189);
				 *((long long*)(_t202 - 0x19)) =  *((intOrPtr*)(_t153 + 0x20));
				_t138 =  *((intOrPtr*)(_t202 - 0x51));
				 *((long long*)(_t202 + 0x67)) = _t138;
				 *((long long*)(_t202 - 0x11)) = _t138;
				_t228 =  *((intOrPtr*)(_t202 - 0x49));
				 *((long long*)(_t202 - 9)) = _t228;
				if (_t228 == 0) goto 0x1270ce77;
				asm("lock inc ecx");
				_t229 =  *((intOrPtr*)(_t202 - 9));
				 *((long long*)(_t202 + 0x67)) =  *((intOrPtr*)(_t202 - 0x11));
				_t193 =  *((intOrPtr*)(_t202 - 0x19));
				_t222 =  *((intOrPtr*)( *_t212 + 8));
				 *((long long*)(_t202 - 1)) = _t222;
				 *((intOrPtr*)(_t202 + 7)) = 0;
				if ( *((char*)(_t222 + 0x19)) != 0) goto 0x1270cedd;
				asm("o16 nop [eax+eax]");
				 *((long long*)(_t202 - 1)) = _t222;
				0x12717119();
				if (1 >= 0) goto 0x1270cec5;
				 *((intOrPtr*)(_t202 + 7)) = 0;
				_t223 =  *((intOrPtr*)(_t222 + 0x10));
				goto 0x1270ced2;
				 *((intOrPtr*)(_t202 + 7)) = 1;
				_t218 = _t223;
				if ( *((char*)( *_t223 + 0x19)) == 0) goto 0x1270cea0;
				_t214 =  *((intOrPtr*)(_t202 + 0x7f));
				if ( *((char*)(_t218 + 0x19)) != 0) goto 0x1270cef9;
				0x12717119();
				if (1 >= 0) goto 0x1270cf6e;
				if ( *((intOrPtr*)(_t214 + 8)) == 0x92492492) goto 0x1270d051;
				_t225 =  *_t214;
				 *((long long*)(_t202 - 0x41)) = _t214;
				r13d = 0;
				 *((long long*)(_t202 - 0x39)) = _t218;
				_t93 = E00007FFA7FFA127056A8(1, 0x92492492, _t193 + 8);
				 *0x4924924924924B2 = _t193;
				 *0x4924924924924BA =  *((intOrPtr*)(_t202 + 0x67));
				r15d = r13d;
				 *((long long*)(_t202 - 9)) = _t218;
				 *0x4924924924924C2 = _t229;
				 *0x92492492 = _t225;
				 *0x49249249249249A = _t225;
				 *0x4924924924924A2 = _t225;
				 *0x4924924924924AA = r13w;
				 *((long long*)(_t202 - 0x39)) = _t218;
				asm("movups xmm0, [ebp-0x1]");
				asm("movaps [ebp-0x29], xmm0");
				E00007FFA7FFA1270C920(_t93, _t153, _t214, _t202 - 0x29, _t193, 0x92492492, _t197);
				goto 0x1270cf71;
				r13d = 0;
				if (_t229 == 0) goto 0x1270cfad;
				asm("lock inc ecx");
				if (0xffffffff != 1) goto 0x1270cfad;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t202 - 9)))) + 8))();
				asm("lock xadd [edi+0xc], eax");
				if (0xffffffff != 1) goto 0x1270cfad;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t202 - 9)))) + 0x10))();
				_t195 =  *((intOrPtr*)(_t202 - 0x49));
				if (_t195 == 0) goto 0x1270cfe6;
				asm("lock xadd [edi+0x8], eax");
				if (0xffffffff != 1) goto 0x1270cfe6;
				 *((intOrPtr*)( *_t195 + 8))();
				asm("lock xadd [edi+0xc], eax");
				if (0xffffffff != 1) goto 0x1270cfe6;
				_t102 =  *((intOrPtr*)( *_t195 + 0x10))();
				if ( *((char*)( *((intOrPtr*)(_t153 + 0x10)) + 0x19)) == 0) goto 0x1270d018;
				_t146 =  *((intOrPtr*)(_t153 + 8));
				if ( *((char*)(_t146 + 0x19)) != 0) goto 0x1270d013;
				asm("o16 nop [eax+eax]");
				if (_t153 !=  *((intOrPtr*)(_t146 + 0x10))) goto 0x1270d013;
				_t147 =  *((intOrPtr*)(_t146 + 8));
				if ( *((char*)(_t147 + 0x19)) == 0) goto 0x1270d000;
				goto 0x1270d030;
				_t148 =  *_t147;
				if ( *((char*)(_t148 + 0x19)) != 0) goto 0x1270d030;
				if ( *((char*)( *_t148 + 0x19)) == 0) goto 0x1270d024;
				if (_t148 != _t199) goto 0x1270cdc0;
				return _t102;
			}









































                                                                                                                0x7ffa1270cd30
                                                                                                                0x7ffa1270cd30
                                                                                                                0x7ffa1270cd41
                                                                                                                0x7ffa1270cd50
                                                                                                                0x7ffa1270cd53
                                                                                                                0x7ffa1270cd56
                                                                                                                0x7ffa1270cd5a
                                                                                                                0x7ffa1270cd5d
                                                                                                                0x7ffa1270cd68
                                                                                                                0x7ffa1270cd6d
                                                                                                                0x7ffa1270cd74
                                                                                                                0x7ffa1270cd79
                                                                                                                0x7ffa1270cd7c
                                                                                                                0x7ffa1270cd82
                                                                                                                0x7ffa1270cd8c
                                                                                                                0x7ffa1270cd8e
                                                                                                                0x7ffa1270cd91
                                                                                                                0x7ffa1270cd97
                                                                                                                0x7ffa1270cd9f
                                                                                                                0x7ffa1270cda2
                                                                                                                0x7ffa1270cda6
                                                                                                                0x7ffa1270cdac
                                                                                                                0x7ffa1270cdb2
                                                                                                                0x7ffa1270cdb2
                                                                                                                0x7ffa1270cdb6
                                                                                                                0x7ffa1270cdba
                                                                                                                0x7ffa1270cdc4
                                                                                                                0x7ffa1270cdc7
                                                                                                                0x7ffa1270cdcd
                                                                                                                0x7ffa1270cdd1
                                                                                                                0x7ffa1270cddc
                                                                                                                0x7ffa1270cde8
                                                                                                                0x7ffa1270cdec
                                                                                                                0x7ffa1270cdef
                                                                                                                0x7ffa1270cdf6
                                                                                                                0x7ffa1270cdfd
                                                                                                                0x7ffa1270ce05
                                                                                                                0x7ffa1270ce0d
                                                                                                                0x7ffa1270ce15
                                                                                                                0x7ffa1270ce1d
                                                                                                                0x7ffa1270ce32
                                                                                                                0x7ffa1270ce3f
                                                                                                                0x7ffa1270ce43
                                                                                                                0x7ffa1270ce47
                                                                                                                0x7ffa1270ce4b
                                                                                                                0x7ffa1270ce4f
                                                                                                                0x7ffa1270ce53
                                                                                                                0x7ffa1270ce5a
                                                                                                                0x7ffa1270ce61
                                                                                                                0x7ffa1270ce67
                                                                                                                0x7ffa1270ce6f
                                                                                                                0x7ffa1270ce73
                                                                                                                0x7ffa1270ce7b
                                                                                                                0x7ffa1270ce7f
                                                                                                                0x7ffa1270ce83
                                                                                                                0x7ffa1270ce8f
                                                                                                                0x7ffa1270ce95
                                                                                                                0x7ffa1270cea0
                                                                                                                0x7ffa1270ceaf
                                                                                                                0x7ffa1270ceb6
                                                                                                                0x7ffa1270ceb8
                                                                                                                0x7ffa1270cebf
                                                                                                                0x7ffa1270cec3
                                                                                                                0x7ffa1270cec5
                                                                                                                0x7ffa1270cecc
                                                                                                                0x7ffa1270ced7
                                                                                                                0x7ffa1270ced9
                                                                                                                0x7ffa1270cee2
                                                                                                                0x7ffa1270cef0
                                                                                                                0x7ffa1270cef7
                                                                                                                0x7ffa1270cf08
                                                                                                                0x7ffa1270cf0e
                                                                                                                0x7ffa1270cf12
                                                                                                                0x7ffa1270cf16
                                                                                                                0x7ffa1270cf19
                                                                                                                0x7ffa1270cf21
                                                                                                                0x7ffa1270cf27
                                                                                                                0x7ffa1270cf2f
                                                                                                                0x7ffa1270cf36
                                                                                                                0x7ffa1270cf39
                                                                                                                0x7ffa1270cf3d
                                                                                                                0x7ffa1270cf41
                                                                                                                0x7ffa1270cf44
                                                                                                                0x7ffa1270cf48
                                                                                                                0x7ffa1270cf4c
                                                                                                                0x7ffa1270cf51
                                                                                                                0x7ffa1270cf55
                                                                                                                0x7ffa1270cf59
                                                                                                                0x7ffa1270cf67
                                                                                                                0x7ffa1270cf6c
                                                                                                                0x7ffa1270cf6e
                                                                                                                0x7ffa1270cf74
                                                                                                                0x7ffa1270cf7b
                                                                                                                0x7ffa1270cf84
                                                                                                                0x7ffa1270cf90
                                                                                                                0x7ffa1270cf98
                                                                                                                0x7ffa1270cfa0
                                                                                                                0x7ffa1270cfa9
                                                                                                                0x7ffa1270cfad
                                                                                                                0x7ffa1270cfb4
                                                                                                                0x7ffa1270cfbb
                                                                                                                0x7ffa1270cfc3
                                                                                                                0x7ffa1270cfcb
                                                                                                                0x7ffa1270cfd3
                                                                                                                0x7ffa1270cfdb
                                                                                                                0x7ffa1270cfe3
                                                                                                                0x7ffa1270cfee
                                                                                                                0x7ffa1270cff0
                                                                                                                0x7ffa1270cff8
                                                                                                                0x7ffa1270cffa
                                                                                                                0x7ffa1270d004
                                                                                                                0x7ffa1270d009
                                                                                                                0x7ffa1270d011
                                                                                                                0x7ffa1270d016
                                                                                                                0x7ffa1270d01b
                                                                                                                0x7ffa1270d022
                                                                                                                0x7ffa1270d02e
                                                                                                                0x7ffa1270d033
                                                                                                                0x7ffa1270d050

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA127056A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA126E8F4E), ref: 00007FFA127056C2
                                                                                                                • __std_type_info_compare.VCRUNTIME140 ref: 00007FFA1270CEAF
                                                                                                                • __std_type_info_compare.VCRUNTIME140 ref: 00007FFA1270CEF0
                                                                                                                • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FFA1270D0AF
                                                                                                                • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FFA1270D0CE
                                                                                                                • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FFA1270D104
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA1270D204
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA1270D2D7
                                                                                                                • ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FFA1270D314
                                                                                                                • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FFA1270D31E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: U?$char_traits@$D@std@@@std@@$__std_type_info_compare_invalid_parameter_noinfo_noreturn$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_ostream@D@std@@@1@_V?$basic_streambuf@malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 3231916079-0
                                                                                                                • Opcode ID: 74334d35a7765854628bcb62d844fe9f258b10b3418ac5f44097dc010229eab6
                                                                                                                • Instruction ID: 770352d4056c3db9952c9b34591d813e6a5f232165b6601be45560e62f33f5fe
                                                                                                                • Opcode Fuzzy Hash: 74334d35a7765854628bcb62d844fe9f258b10b3418ac5f44097dc010229eab6
                                                                                                                • Instruction Fuzzy Hash: 15128A36A08F8586EB10CB25D4443AE77B1FB8BBA8F068125DE5D43B98DF78D449CB44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F03F0 Relevance: 13.8, APIs: 9, Instructions: 256COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 35%
                                                                                                                			E00007FFA7FFA126F03F0(void* __eax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, long long* __r8, long long _a8, long long _a32) {
				void* _v40;
				signed int _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				char _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				long long _v120;
				char _v136;
				void* __rsi;
				void* _t37;
				void* _t39;
				void* _t41;
				signed long long _t57;
				intOrPtr* _t71;
				intOrPtr _t72;
				void* _t74;
				void* _t79;
				void* _t90;
				long long _t93;
				void* _t97;
				char _t98;
				void* _t102;
				long long* _t108;
				intOrPtr _t109;
				void* _t110;
				intOrPtr* _t111;

				_t74 = __rcx;
				_a8 = __rbx;
				_a32 = __rbp;
				_t57 =  *0x1272ec78; // 0xf623ed34940b
				_v56 = _t57 ^ _t102 - 0x00000080;
				_t108 = __r8;
				_t110 = __rcx;
				 *__r8 = 0;
				_t4 = _t74 + 0x70; // 0x70
				_v96 = _t4;
				0x12705430();
				if (__eax != 0) goto 0x126f05a3;
				E00007FFA7FFA126ED4C0(_t57 ^ _t102 - 0x00000080, __rdx,  &_v136, __rdx, _t97);
				_v104 =  &_v136;
				_t111 =  *((intOrPtr*)(_t110 + 0x60));
				_t71 =  *_t111;
				if (_t71 == _t111) goto 0x126f0508;
				_t37 = E00007FFA7FFA126ED4C0( &_v136, _t71,  &_v88,  *((intOrPtr*)(_t71 + 0x10)), _t97);
				_t90 =  >=  ? _v136 :  &_v136;
				_t98 = _v88;
				_t109 = _v64;
				_t79 =  >=  ? _t98 :  &_v88;
				if (_v72 != _v120) goto 0x126f04b8;
				0x12717101();
				if (_t37 != 0) goto 0x126f04b8;
				bpl = 1;
				goto 0x126f04bb;
				bpl = 0;
				if (_t109 - 0x10 < 0) goto 0x126f04ee;
				if (_t109 + 1 - 0x1000 < 0) goto 0x126f04e6;
				if (_t98 -  *((intOrPtr*)(_t98 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x126f0501;
				E00007FFA7FFA127056E4();
				if (bpl != 0) goto 0x126f0508;
				_t72 =  *_t71;
				goto 0x126f0462;
				__imp___invalid_parameter_noinfo_noreturn();
				_t93 = _v112;
				if (_t93 - 0x10 < 0) goto 0x126f0548;
				if (_t93 + 1 - 0x1000 < 0) goto 0x126f0543;
				if (_v136 -  *((intOrPtr*)(_v136 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126f0543;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t39 = E00007FFA7FFA127056E4();
				_v120 = 0;
				_v112 = 0xf;
				_v136 = 0;
				 *((char*)( *((intOrPtr*)(_t72 + 0x10)) + 0xa0)) = 1;
				 *_t108 =  *((intOrPtr*)(_t72 + 0x10));
				0x12705436();
				return E00007FFA7FFA12705E20(_t39, _t41, _v56 ^ _t102 - 0x00000080);
			}































                                                                                                                0x7ffa126f03f0
                                                                                                                0x7ffa126f03f0
                                                                                                                0x7ffa126f03f5
                                                                                                                0x7ffa126f0409
                                                                                                                0x7ffa126f0413
                                                                                                                0x7ffa126f0418
                                                                                                                0x7ffa126f041e
                                                                                                                0x7ffa126f0421
                                                                                                                0x7ffa126f0428
                                                                                                                0x7ffa126f042c
                                                                                                                0x7ffa126f0434
                                                                                                                0x7ffa126f043b
                                                                                                                0x7ffa126f0449
                                                                                                                0x7ffa126f0453
                                                                                                                0x7ffa126f0458
                                                                                                                0x7ffa126f045c
                                                                                                                0x7ffa126f0462
                                                                                                                0x7ffa126f0471
                                                                                                                0x7ffa126f0481
                                                                                                                0x7ffa126f048c
                                                                                                                0x7ffa126f0491
                                                                                                                0x7ffa126f049a
                                                                                                                0x7ffa126f04a8
                                                                                                                0x7ffa126f04aa
                                                                                                                0x7ffa126f04b1
                                                                                                                0x7ffa126f04b3
                                                                                                                0x7ffa126f04b6
                                                                                                                0x7ffa126f04b8
                                                                                                                0x7ffa126f04bf
                                                                                                                0x7ffa126f04cf
                                                                                                                0x7ffa126f04e4
                                                                                                                0x7ffa126f04e9
                                                                                                                0x7ffa126f04f1
                                                                                                                0x7ffa126f04f6
                                                                                                                0x7ffa126f04fc
                                                                                                                0x7ffa126f0501
                                                                                                                0x7ffa126f0508
                                                                                                                0x7ffa126f0511
                                                                                                                0x7ffa126f0525
                                                                                                                0x7ffa126f053a
                                                                                                                0x7ffa126f053c
                                                                                                                0x7ffa126f0542
                                                                                                                0x7ffa126f0543
                                                                                                                0x7ffa126f0548
                                                                                                                0x7ffa126f0551
                                                                                                                0x7ffa126f055a
                                                                                                                0x7ffa126f0563
                                                                                                                0x7ffa126f056e
                                                                                                                0x7ffa126f0575
                                                                                                                0x7ffa126f05a2

                                                                                                                APIs
                                                                                                                • _Mtx_lock.MSVCP140 ref: 00007FFA126F0434
                                                                                                                • memcmp.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FFA126EA7CC), ref: 00007FFA126F04AA
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFA126EA7CC), ref: 00007FFA126F0501
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFA126EA7CC), ref: 00007FFA126F053C
                                                                                                                • _Mtx_unlock.MSVCP140(?,?,?,?,?,?,?,?,?,?,00007FFA126EA7CC), ref: 00007FFA126F0575
                                                                                                                  • Part of subcall function 00007FFA126ED4C0: memmove.VCRUNTIME140(?,?,?,00007FFA126EE21C,?,?,?,00007FFA126FD6C2), ref: 00007FFA126ED572
                                                                                                                  • Part of subcall function 00007FFA126ED4C0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA126ED597
                                                                                                                  • Part of subcall function 00007FFA126ED4C0: __std_exception_copy.VCRUNTIME140(?,?,?,?,?,?,?,00007FFA126EE21C,?,?,?,00007FFA126FD6C2), ref: 00007FFA126ED5C4
                                                                                                                • ?_Throw_C_error@std@@YAXH@Z.MSVCP140 ref: 00007FFA126F05A5
                                                                                                                • ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ.MSVCP140 ref: 00007FFA126F0602
                                                                                                                • memmove.VCRUNTIME140 ref: 00007FFA126F0685
                                                                                                                • ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ.MSVCP140 ref: 00007FFA126F071E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: D@std@@@std@@Pninc@?$basic_streambuf@U?$char_traits@_invalid_parameter_noinfo_noreturnmemmove$C_error@std@@Concurrency::cancel_current_taskMtx_lockMtx_unlockThrow___std_exception_copymemcmp
                                                                                                                • String ID:
                                                                                                                • API String ID: 746284128-0
                                                                                                                • Opcode ID: 2d97d0e12ee4a3a8b2d37e1ec409398ce534de5f8946287022801530ad55abf0
                                                                                                                • Instruction ID: 31289d90679c2377ade88eb28337fc1b8db783833edb80de8a43412018262835
                                                                                                                • Opcode Fuzzy Hash: 2d97d0e12ee4a3a8b2d37e1ec409398ce534de5f8946287022801530ad55abf0
                                                                                                                • Instruction Fuzzy Hash: EAA19E32A08B4585EF118F29E5502AE63A5FB8ABA8F558531EE5C077DCDFBCD485CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA1270B300 Relevance: 13.6, APIs: 9, Instructions: 122COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$_invalid_parameter_noinfo_noreturnmemset$Concurrency::cancel_current_task
                                                                                                                • String ID:
                                                                                                                • API String ID: 612657275-0
                                                                                                                • Opcode ID: 260e130e23e73ee139cfe25d9eec769ca8819b2fae208c13fa90d5ff73df8b39
                                                                                                                • Instruction ID: 48bd549ddf6139f69ad534f81b648c77caaeb80f2d893d0f455b9c89c947af5f
                                                                                                                • Opcode Fuzzy Hash: 260e130e23e73ee139cfe25d9eec769ca8819b2fae208c13fa90d5ff73df8b39
                                                                                                                • Instruction Fuzzy Hash: E141D225A08E8181EE14DF12A4041FAA3A1FB47BE4F559531EE6D0779EEFBCD149C704
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12714540 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 297COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 57%
                                                                                                                			E00007FFA7FFA12714540(signed long long __rbx, long long __rcx, void* __r8) {
				void* _t112;
				intOrPtr* _t129;
				long long _t140;
				long long _t141;
				signed long long _t152;
				intOrPtr* _t159;
				intOrPtr* _t161;
				intOrPtr* _t164;
				intOrPtr* _t170;
				intOrPtr* _t174;
				void* _t178;
				void* _t181;
				void* _t183;
				void* _t184;
				void* _t186;
				void* _t187;
				signed long long _t190;
				void* _t192;
				void* _t195;
				void* _t198;

				 *((long long*)(_t186 + 0x20)) = __rbx;
				 *((long long*)(_t186 + 8)) = __rcx;
				_t184 = _t186 - 0x27;
				_t187 = _t186 - 0xe0;
				r12d = 0;
				 *((intOrPtr*)(_t187 + 0x20)) = r12d;
				 *(_t184 - 0x11) = _t190;
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp-0x9], xmm0");
				 *((intOrPtr*)(_t184 + 7)) = 0xffffffff;
				asm("movups [ebp+0x17], xmm0");
				 *((long long*)(_t184 + 0x17)) = "bad allocation";
				 *((long long*)(_t184 - 0x19)) = 0x1271ef20;
				 *((long long*)(_t184 + 0xf)) = 0x1271ef30;
				 *((long long*)(_t184 - 0x49)) = 0x1271ed40;
				 *((long long*)(_t184 - 0x39)) = 0x1271cf08;
				 *((intOrPtr*)(_t187 + 0x20)) = 2;
				 *((long long*)(_t187 + 0x30)) = 0x1271cef8;
				 *(_t187 + 0x38) = _t190;
				 *((long long*)(_t184 - 0x79)) =  *((intOrPtr*)(_t184 - 9));
				 *((long long*)(_t184 - 0x71)) =  *((intOrPtr*)(_t184 - 1));
				 *((intOrPtr*)(_t184 - 0x69)) = 0xffffffff;
				 *((long long*)(_t184 - 0x61)) = 0x1271b9e8;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x59], xmm0");
				0x127170e3(_t198, _t195, _t192, _t190, _t178, _t181, _t183);
				 *((long long*)(_t187 + 0x30)) = 0x1271ed00;
				 *((long long*)(_t184 - 0x61)) = 0x1271ed10;
				 *((long long*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x49)) = 0x1271ed28;
				 *((intOrPtr*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x4d)) =  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x10;
				 *(_t184 + 0x6f) = __rbx;
				_t159 =  *(_t184 - 0x11);
				if (_t159 == 0) goto 0x12714691;
				_t129 =  *_t159;
				 *((intOrPtr*)(_t129 + 0x28))();
				_t152 =  *_t129;
				 *(_t184 + 0x6f) = _t152;
				if (_t152 == 0) goto 0x12714674;
				 *((intOrPtr*)( *_t152 + 0x18))();
				_t161 =  *((intOrPtr*)(_t184 + 0x67));
				if (_t161 == 0) goto 0x12714691;
				 *((intOrPtr*)( *_t161 + 0x20))();
				_t163 =  !=  ? _t190 :  *((intOrPtr*)(_t184 + 0x67));
				 *((long long*)(_t184 + 0x67)) =  !=  ? _t190 :  *((intOrPtr*)(_t184 + 0x67));
				 *((long long*)(_t184 - 0x71)) =  *((intOrPtr*)(_t184 - 1));
				 *((intOrPtr*)(_t184 - 0x69)) =  *((intOrPtr*)(_t184 + 7));
				 *((long long*)(_t184 - 0x79)) =  *((intOrPtr*)(_t184 - 9));
				_t164 =  *(_t187 + 0x38);
				if (_t164 == 0) goto 0x127146b7;
				 *((intOrPtr*)( *_t164 + 0x20))();
				 *(_t187 + 0x38) = _t152;
				if (_t152 == 0) goto 0x127146cb;
				 *((intOrPtr*)( *_t152 + 0x18))();
				if (_t152 == 0) goto 0x127146da;
				 *((intOrPtr*)( *_t152 + 0x20))();
				 *((long long*)(_t184 - 0x79)) = "class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void)";
				 *((long long*)(_t184 - 0x71)) = ".\\boost/exception/detail/exception_ptr.hpp";
				 *((intOrPtr*)(_t184 - 0x69)) = 0x87;
				r8d = 0x44;
				r15d = 1;
				_t112 =  *0x12732440 -  *((intOrPtr*)(__r8 +  *((intOrPtr*)( *[gs:0x58] + _t152 * 8)))); // 0x80000001
				if (_t112 > 0) goto 0x12714833;
				_t140 =  *0x12732430; // 0xd236e0
				 *((long long*)(__rcx)) = _t140;
				_t141 =  *0x12732438; // 0xd43e50
				 *((long long*)(__rcx + 8)) = _t141;
				if (_t141 == 0) goto 0x12714746;
				asm("lock inc esp");
				 *((long long*)(_t187 + 0x30)) = 0x1271ed00;
				 *((long long*)(_t184 - 0x61)) = 0x1271ed10;
				 *((long long*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x49)) = 0x1271ed28;
				 *((intOrPtr*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x4d)) =  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x10;
				 *((long long*)(_t187 + 0x30)) = 0x1271ef20;
				 *((long long*)(_t184 - 0x61)) = 0x1271b9e8;
				0x127170e9();
				 *((long long*)(_t187 + 0x30)) = 0x1271cef8;
				_t170 =  *(_t187 + 0x38);
				if (_t170 == 0) goto 0x127147bf;
				 *((intOrPtr*)( *_t170 + 0x20))();
				_t172 =  !=  ? _t190 :  *(_t187 + 0x38);
				 *(_t187 + 0x38) =  !=  ? _t190 :  *(_t187 + 0x38);
				 *((long long*)(_t184 - 0x39)) = 0x1271cf08;
				 *((long long*)(_t184 - 0x19)) = 0x1271ef20;
				 *((long long*)(_t184 + 0xf)) = 0x1271b9e8;
				0x127170e9();
				 *((long long*)(_t184 - 0x19)) = 0x1271cef8;
				_t174 =  *(_t184 - 0x11);
				if (_t174 == 0) goto 0x127147f0;
				return  *((intOrPtr*)( *_t174 + 0x20))();
			}























                                                                                                                0x7ffa12714540
                                                                                                                0x7ffa12714545
                                                                                                                0x7ffa12714555
                                                                                                                0x7ffa1271455a
                                                                                                                0x7ffa12714564
                                                                                                                0x7ffa12714567
                                                                                                                0x7ffa1271456c
                                                                                                                0x7ffa12714570
                                                                                                                0x7ffa12714573
                                                                                                                0x7ffa1271457f
                                                                                                                0x7ffa12714582
                                                                                                                0x7ffa1271458d
                                                                                                                0x7ffa12714598
                                                                                                                0x7ffa127145a3
                                                                                                                0x7ffa127145ae
                                                                                                                0x7ffa127145b9
                                                                                                                0x7ffa127145bd
                                                                                                                0x7ffa127145cc
                                                                                                                0x7ffa127145d1
                                                                                                                0x7ffa127145da
                                                                                                                0x7ffa127145e2
                                                                                                                0x7ffa127145e6
                                                                                                                0x7ffa127145f0
                                                                                                                0x7ffa127145f4
                                                                                                                0x7ffa127145f7
                                                                                                                0x7ffa12714603
                                                                                                                0x7ffa12714610
                                                                                                                0x7ffa1271461c
                                                                                                                0x7ffa1271462f
                                                                                                                0x7ffa1271463f
                                                                                                                0x7ffa12714646
                                                                                                                0x7ffa1271464a
                                                                                                                0x7ffa12714651
                                                                                                                0x7ffa12714653
                                                                                                                0x7ffa1271465a
                                                                                                                0x7ffa1271465e
                                                                                                                0x7ffa12714661
                                                                                                                0x7ffa12714668
                                                                                                                0x7ffa12714670
                                                                                                                0x7ffa12714674
                                                                                                                0x7ffa1271467b
                                                                                                                0x7ffa12714680
                                                                                                                0x7ffa12714689
                                                                                                                0x7ffa1271468d
                                                                                                                0x7ffa12714695
                                                                                                                0x7ffa1271469c
                                                                                                                0x7ffa127146a3
                                                                                                                0x7ffa127146a7
                                                                                                                0x7ffa127146af
                                                                                                                0x7ffa127146b4
                                                                                                                0x7ffa127146b7
                                                                                                                0x7ffa127146bf
                                                                                                                0x7ffa127146c7
                                                                                                                0x7ffa127146ce
                                                                                                                0x7ffa127146d6
                                                                                                                0x7ffa127146e1
                                                                                                                0x7ffa127146ec
                                                                                                                0x7ffa127146f0
                                                                                                                0x7ffa12714706
                                                                                                                0x7ffa12714710
                                                                                                                0x7ffa1271471a
                                                                                                                0x7ffa12714720
                                                                                                                0x7ffa12714726
                                                                                                                0x7ffa1271472d
                                                                                                                0x7ffa12714730
                                                                                                                0x7ffa12714737
                                                                                                                0x7ffa1271473e
                                                                                                                0x7ffa12714740
                                                                                                                0x7ffa1271474d
                                                                                                                0x7ffa12714759
                                                                                                                0x7ffa1271476c
                                                                                                                0x7ffa1271477c
                                                                                                                0x7ffa12714780
                                                                                                                0x7ffa1271478c
                                                                                                                0x7ffa12714794
                                                                                                                0x7ffa1271479a
                                                                                                                0x7ffa1271479f
                                                                                                                0x7ffa127147a7
                                                                                                                0x7ffa127147ac
                                                                                                                0x7ffa127147b6
                                                                                                                0x7ffa127147ba
                                                                                                                0x7ffa127147c6
                                                                                                                0x7ffa127147ca
                                                                                                                0x7ffa127147ce
                                                                                                                0x7ffa127147d6
                                                                                                                0x7ffa127147dc
                                                                                                                0x7ffa127147e0
                                                                                                                0x7ffa127147e7
                                                                                                                0x7ffa1271480d

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • .\boost/exception/detail/exception_ptr.hpp, xrefs: 00007FFA127146E5
                                                                                                                • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void), xrefs: 00007FFA127146DA
                                                                                                                • bad allocation, xrefs: 00007FFA12714586
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy__std_exception_destroy
                                                                                                                • String ID: .\boost/exception/detail/exception_ptr.hpp$bad allocation$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void)
                                                                                                                • API String ID: 2960854011-706345339
                                                                                                                • Opcode ID: ebe683752927038064d407f163aab31aa01ce67e2c17ac03ec49fbafec808eed
                                                                                                                • Instruction ID: f650e5e20107ebbe0f7a6fa81bfd229cd66341d1e2151c3786a94efb12f201a3
                                                                                                                • Opcode Fuzzy Hash: ebe683752927038064d407f163aab31aa01ce67e2c17ac03ec49fbafec808eed
                                                                                                                • Instruction Fuzzy Hash: 01E10536B05F418AEB10CF65E8901AD33B4FB4AB68B068536DE4D53B68EF78D558CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA127149E0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 297COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 57%
                                                                                                                			E00007FFA7FFA127149E0(signed long long __rbx, long long __rcx, void* __r8) {
				void* _t112;
				intOrPtr* _t129;
				long long _t140;
				long long _t141;
				signed long long _t152;
				intOrPtr* _t159;
				intOrPtr* _t161;
				intOrPtr* _t164;
				intOrPtr* _t170;
				intOrPtr* _t174;
				void* _t178;
				void* _t181;
				void* _t183;
				void* _t184;
				void* _t186;
				void* _t187;
				signed long long _t190;
				void* _t192;
				void* _t195;
				void* _t198;

				 *((long long*)(_t186 + 0x20)) = __rbx;
				 *((long long*)(_t186 + 8)) = __rcx;
				_t184 = _t186 - 0x27;
				_t187 = _t186 - 0xe0;
				r12d = 0;
				 *((intOrPtr*)(_t187 + 0x20)) = r12d;
				 *(_t184 - 0x11) = _t190;
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp-0x9], xmm0");
				 *((intOrPtr*)(_t184 + 7)) = 0xffffffff;
				asm("movups [ebp+0x17], xmm0");
				 *((long long*)(_t184 + 0x17)) = "bad exception";
				 *((long long*)(_t184 - 0x19)) = 0x1271ef48;
				 *((long long*)(_t184 + 0xf)) = 0x1271ef58;
				 *((long long*)(_t184 - 0x49)) = 0x1271ee58;
				 *((long long*)(_t184 - 0x39)) = 0x1271cf08;
				 *((intOrPtr*)(_t187 + 0x20)) = 2;
				 *((long long*)(_t187 + 0x30)) = 0x1271cef8;
				 *(_t187 + 0x38) = _t190;
				 *((long long*)(_t184 - 0x79)) =  *((intOrPtr*)(_t184 - 9));
				 *((long long*)(_t184 - 0x71)) =  *((intOrPtr*)(_t184 - 1));
				 *((intOrPtr*)(_t184 - 0x69)) = 0xffffffff;
				 *((long long*)(_t184 - 0x61)) = 0x1271b9e8;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x59], xmm0");
				0x127170e3(_t198, _t195, _t192, _t190, _t178, _t181, _t183);
				 *((long long*)(_t187 + 0x30)) = 0x1271ee18;
				 *((long long*)(_t184 - 0x61)) = 0x1271ee28;
				 *((long long*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x49)) = 0x1271ee40;
				 *((intOrPtr*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x4d)) =  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x10;
				 *(_t184 + 0x6f) = __rbx;
				_t159 =  *(_t184 - 0x11);
				if (_t159 == 0) goto 0x12714b31;
				_t129 =  *_t159;
				 *((intOrPtr*)(_t129 + 0x28))();
				_t152 =  *_t129;
				 *(_t184 + 0x6f) = _t152;
				if (_t152 == 0) goto 0x12714b14;
				 *((intOrPtr*)( *_t152 + 0x18))();
				_t161 =  *((intOrPtr*)(_t184 + 0x67));
				if (_t161 == 0) goto 0x12714b31;
				 *((intOrPtr*)( *_t161 + 0x20))();
				_t163 =  !=  ? _t190 :  *((intOrPtr*)(_t184 + 0x67));
				 *((long long*)(_t184 + 0x67)) =  !=  ? _t190 :  *((intOrPtr*)(_t184 + 0x67));
				 *((long long*)(_t184 - 0x71)) =  *((intOrPtr*)(_t184 - 1));
				 *((intOrPtr*)(_t184 - 0x69)) =  *((intOrPtr*)(_t184 + 7));
				 *((long long*)(_t184 - 0x79)) =  *((intOrPtr*)(_t184 - 9));
				_t164 =  *(_t187 + 0x38);
				if (_t164 == 0) goto 0x12714b57;
				 *((intOrPtr*)( *_t164 + 0x20))();
				 *(_t187 + 0x38) = _t152;
				if (_t152 == 0) goto 0x12714b6b;
				 *((intOrPtr*)( *_t152 + 0x18))();
				if (_t152 == 0) goto 0x12714b7a;
				 *((intOrPtr*)( *_t152 + 0x20))();
				 *((long long*)(_t184 - 0x79)) = "class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)";
				 *((long long*)(_t184 - 0x71)) = ".\\boost/exception/detail/exception_ptr.hpp";
				 *((intOrPtr*)(_t184 - 0x69)) = 0x87;
				r8d = 0x44;
				r15d = 1;
				_t112 =  *0x12732458 -  *((intOrPtr*)(__r8 +  *((intOrPtr*)( *[gs:0x58] + _t152 * 8)))); // 0x80000002
				if (_t112 > 0) goto 0x12714cd3;
				_t140 =  *0x12732448; // 0xd233e0
				 *((long long*)(__rcx)) = _t140;
				_t141 =  *0x12732450; // 0xd43fd0
				 *((long long*)(__rcx + 8)) = _t141;
				if (_t141 == 0) goto 0x12714be6;
				asm("lock inc esp");
				 *((long long*)(_t187 + 0x30)) = 0x1271ee18;
				 *((long long*)(_t184 - 0x61)) = 0x1271ee28;
				 *((long long*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x49)) = 0x1271ee40;
				 *((intOrPtr*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x4d)) =  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x10;
				 *((long long*)(_t187 + 0x30)) = 0x1271ef48;
				 *((long long*)(_t184 - 0x61)) = 0x1271b9e8;
				0x127170e9();
				 *((long long*)(_t187 + 0x30)) = 0x1271cef8;
				_t170 =  *(_t187 + 0x38);
				if (_t170 == 0) goto 0x12714c5f;
				 *((intOrPtr*)( *_t170 + 0x20))();
				_t172 =  !=  ? _t190 :  *(_t187 + 0x38);
				 *(_t187 + 0x38) =  !=  ? _t190 :  *(_t187 + 0x38);
				 *((long long*)(_t184 - 0x39)) = 0x1271cf08;
				 *((long long*)(_t184 - 0x19)) = 0x1271ef48;
				 *((long long*)(_t184 + 0xf)) = 0x1271b9e8;
				0x127170e9();
				 *((long long*)(_t184 - 0x19)) = 0x1271cef8;
				_t174 =  *(_t184 - 0x11);
				if (_t174 == 0) goto 0x12714c90;
				return  *((intOrPtr*)( *_t174 + 0x20))();
			}























                                                                                                                0x7ffa127149e0
                                                                                                                0x7ffa127149e5
                                                                                                                0x7ffa127149f5
                                                                                                                0x7ffa127149fa
                                                                                                                0x7ffa12714a04
                                                                                                                0x7ffa12714a07
                                                                                                                0x7ffa12714a0c
                                                                                                                0x7ffa12714a10
                                                                                                                0x7ffa12714a13
                                                                                                                0x7ffa12714a1f
                                                                                                                0x7ffa12714a22
                                                                                                                0x7ffa12714a2d
                                                                                                                0x7ffa12714a38
                                                                                                                0x7ffa12714a43
                                                                                                                0x7ffa12714a4e
                                                                                                                0x7ffa12714a59
                                                                                                                0x7ffa12714a5d
                                                                                                                0x7ffa12714a6c
                                                                                                                0x7ffa12714a71
                                                                                                                0x7ffa12714a7a
                                                                                                                0x7ffa12714a82
                                                                                                                0x7ffa12714a86
                                                                                                                0x7ffa12714a90
                                                                                                                0x7ffa12714a94
                                                                                                                0x7ffa12714a97
                                                                                                                0x7ffa12714aa3
                                                                                                                0x7ffa12714ab0
                                                                                                                0x7ffa12714abc
                                                                                                                0x7ffa12714acf
                                                                                                                0x7ffa12714adf
                                                                                                                0x7ffa12714ae6
                                                                                                                0x7ffa12714aea
                                                                                                                0x7ffa12714af1
                                                                                                                0x7ffa12714af3
                                                                                                                0x7ffa12714afa
                                                                                                                0x7ffa12714afe
                                                                                                                0x7ffa12714b01
                                                                                                                0x7ffa12714b08
                                                                                                                0x7ffa12714b10
                                                                                                                0x7ffa12714b14
                                                                                                                0x7ffa12714b1b
                                                                                                                0x7ffa12714b20
                                                                                                                0x7ffa12714b29
                                                                                                                0x7ffa12714b2d
                                                                                                                0x7ffa12714b35
                                                                                                                0x7ffa12714b3c
                                                                                                                0x7ffa12714b43
                                                                                                                0x7ffa12714b47
                                                                                                                0x7ffa12714b4f
                                                                                                                0x7ffa12714b54
                                                                                                                0x7ffa12714b57
                                                                                                                0x7ffa12714b5f
                                                                                                                0x7ffa12714b67
                                                                                                                0x7ffa12714b6e
                                                                                                                0x7ffa12714b76
                                                                                                                0x7ffa12714b81
                                                                                                                0x7ffa12714b8c
                                                                                                                0x7ffa12714b90
                                                                                                                0x7ffa12714ba6
                                                                                                                0x7ffa12714bb0
                                                                                                                0x7ffa12714bba
                                                                                                                0x7ffa12714bc0
                                                                                                                0x7ffa12714bc6
                                                                                                                0x7ffa12714bcd
                                                                                                                0x7ffa12714bd0
                                                                                                                0x7ffa12714bd7
                                                                                                                0x7ffa12714bde
                                                                                                                0x7ffa12714be0
                                                                                                                0x7ffa12714bed
                                                                                                                0x7ffa12714bf9
                                                                                                                0x7ffa12714c0c
                                                                                                                0x7ffa12714c1c
                                                                                                                0x7ffa12714c20
                                                                                                                0x7ffa12714c2c
                                                                                                                0x7ffa12714c34
                                                                                                                0x7ffa12714c3a
                                                                                                                0x7ffa12714c3f
                                                                                                                0x7ffa12714c47
                                                                                                                0x7ffa12714c4c
                                                                                                                0x7ffa12714c56
                                                                                                                0x7ffa12714c5a
                                                                                                                0x7ffa12714c66
                                                                                                                0x7ffa12714c6a
                                                                                                                0x7ffa12714c6e
                                                                                                                0x7ffa12714c76
                                                                                                                0x7ffa12714c7c
                                                                                                                0x7ffa12714c80
                                                                                                                0x7ffa12714c87
                                                                                                                0x7ffa12714cad

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void), xrefs: 00007FFA12714B7A
                                                                                                                • .\boost/exception/detail/exception_ptr.hpp, xrefs: 00007FFA12714B85
                                                                                                                • bad exception, xrefs: 00007FFA12714A26
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy__std_exception_destroy
                                                                                                                • String ID: .\boost/exception/detail/exception_ptr.hpp$bad exception$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)
                                                                                                                • API String ID: 2960854011-1507259449
                                                                                                                • Opcode ID: c182e232441528cbbad10cbe17e2a9324b068ab9fb4bc8be422da38bf5a7c790
                                                                                                                • Instruction ID: 7187354fac886f3f02ece2b7eb644eb327f69205e2e5e767ff412aa55e186295
                                                                                                                • Opcode Fuzzy Hash: c182e232441528cbbad10cbe17e2a9324b068ab9fb4bc8be422da38bf5a7c790
                                                                                                                • Instruction Fuzzy Hash: C3E13736B05F418AEB10CF64E4902AE73B4FB4AB68B068536DE4D53768EF78D459CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126EAB60 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 168COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 36%
                                                                                                                			E00007FFA7FFA126EAB60(long long __rcx, void* __rdx, void* __rbp, long long _a40) {
				signed int _v64;
				intOrPtr _v72;
				char _v96;
				intOrPtr _v104;
				char _v128;
				long long _v136;
				long long _v144;
				char _v154;
				short _v156;
				char _v160;
				char _v176;
				char _v184;
				char _v192;
				char _v200;
				long long _v216;
				long long _v224;
				long long _v232;
				long long _v240;
				long long _v248;
				void* __rbx;
				void* __rsi;
				void* __r14;
				char _t54;
				void* _t76;
				signed long long _t95;
				signed long long _t96;
				long long _t100;
				void* _t104;
				long long _t114;
				char _t133;
				long long _t142;
				intOrPtr _t147;
				intOrPtr _t152;
				intOrPtr _t155;
				intOrPtr _t158;
				void* _t161;
				long long _t162;
				void* _t163;
				void* _t164;
				void* _t167;
				void* _t171;
				long long _t172;

				_t163 = __rbp;
				_t171 = _t164;
				_t165 = _t164 - 0xe8;
				_t95 =  *0x1272ec78; // 0xf623ed34940b
				_t96 = _t95 ^ _t164 - 0x000000e8;
				_v64 = _t96;
				r12d = r9d;
				r15d = r8d;
				_t161 = __rdx;
				_t172 = __rcx;
				_v192 = r8d;
				_v200 = r9d;
				_t162 = _a40;
				_v160 = _t114;
				 *((long long*)(_t171 - 0x88)) = 0xf;
				 *((long long*)(_t171 - 0x90)) = 6;
				_t54 = "system"; // 0x74737973
				_v160 = _t54;
				_v156 =  *0x1271ba84 & 0x0000ffff;
				_v154 = 0;
				 *((long long*)(_t171 - 0x80)) = _t114;
				asm("movdqa xmm0, [0x317ba]");
				asm("repe inc ecx");
				 *((char*)(_t171 - 0x80)) = 0;
				E00007FFA7FFA126FD640(_t114, __rcx, _t167);
				if ( &_v128 == _t96) goto 0x126eac20;
				if ( *((long long*)(_t96 + 0x18)) - 0x10 < 0) goto 0x126eac10;
				E00007FFA7FFA126E9100(_t114,  &_v128,  *_t96,  *((intOrPtr*)(_t96 + 0x10)), _t172);
				E00007FFA7FFA127006F0( *((long long*)(_t96 + 0x18)) - 0x10,  *_t96,  &_v160,  *((intOrPtr*)(_t96 + 0x10)));
				_t142 = _v136;
				if (_t142 - 0x10 < 0) goto 0x126eac6e;
				if (_t142 + 1 - 0x1000 < 0) goto 0x126eac69;
				_t100 = _v160 -  *((intOrPtr*)(_v160 - 8)) + 0xfffffff8;
				if (_t100 - 0x1f <= 0) goto 0x126eac69;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v144 = _t114;
				_v136 = 0xf;
				_v160 = 0;
				_v176 = _t162;
				E00007FFA7FFA126F4280(_t76, _t114,  &_v96, _t161, _t162, _t163);
				_v184 = _t172;
				_v216 =  &_v176;
				_v224 =  &_v200;
				_v232 =  &_v192;
				_v240 = _t100;
				_v248 =  &_v184;
				r8d = 0xb9;
				E00007FFA7FFA126E5F50(0, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_startdocport {:#x}, \'{}\', {}, {}, {:#x}");
				_t147 = _v72;
				if (_t147 - 0x10 < 0) goto 0x126ead31;
				if (_t147 + 1 - 0x1000 < 0) goto 0x126ead2c;
				_t104 = _v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8;
				if (_t104 - 0x1f <= 0) goto 0x126ead2c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA126EE0D0( *((intOrPtr*)(_v96 - 8)), _t147 + 0x28);
				E00007FFA7FFA126F4280(_t76, _t104,  &_v96, _t161, _t162, _t163);
				_v240 = _t162;
				_v248 = r12d;
				r9d = r15d;
				_t169 = _t104;
				E00007FFA7FFA126F0CE0(0, _t76, _t104, _t104, _t172, _t104);
				_t152 = _v72;
				if (_t152 - 0x10 < 0) goto 0x126eadad;
				if (_t152 + 1 - 0x1000 < 0) goto 0x126eada7;
				if (_v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126eada7;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA127006F0(_v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8 - 0x1f, _v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8,  &_v128, _t104);
				_t155 = _v104;
				if (_t155 - 0x10 < 0) goto 0x126eae01;
				_t133 = _v128;
				if (_t155 + 1 - 0x1000 < 0) goto 0x126eadfb;
				_t110 = _t133 -  *((intOrPtr*)(_t133 - 8)) + 0xfffffff8;
				_t90 = _t133 -  *((intOrPtr*)(_t133 - 8)) + 0xfffffff8 - 0x1f;
				if (_t133 -  *((intOrPtr*)(_t133 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126eadfb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA127006F0(_t90, _t110,  &_v128, _t169);
				_t158 = _v104;
				if (_t158 - 0x10 < 0) goto 0x126eae5c;
				if (_t158 + 1 - 0x1000 < 0) goto 0x126eae56;
				if (_v128 -  *((intOrPtr*)(_v128 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126eae56;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				return E00007FFA7FFA12705E20(0, 0, _v64 ^ _t165);
			}













































                                                                                                                0x7ffa126eab60
                                                                                                                0x7ffa126eab60
                                                                                                                0x7ffa126eab6c
                                                                                                                0x7ffa126eab73
                                                                                                                0x7ffa126eab7a
                                                                                                                0x7ffa126eab7d
                                                                                                                0x7ffa126eab85
                                                                                                                0x7ffa126eab88
                                                                                                                0x7ffa126eab8b
                                                                                                                0x7ffa126eab8e
                                                                                                                0x7ffa126eab91
                                                                                                                0x7ffa126eab96
                                                                                                                0x7ffa126eab9b
                                                                                                                0x7ffa126eaba5
                                                                                                                0x7ffa126eabaa
                                                                                                                0x7ffa126eabb5
                                                                                                                0x7ffa126eabc0
                                                                                                                0x7ffa126eabc6
                                                                                                                0x7ffa126eabd1
                                                                                                                0x7ffa126eabd6
                                                                                                                0x7ffa126eabda
                                                                                                                0x7ffa126eabde
                                                                                                                0x7ffa126eabe6
                                                                                                                0x7ffa126eabec
                                                                                                                0x7ffa126eabf0
                                                                                                                0x7ffa126eac00
                                                                                                                0x7ffa126eac0b
                                                                                                                0x7ffa126eac1b
                                                                                                                0x7ffa126eac25
                                                                                                                0x7ffa126eac2b
                                                                                                                0x7ffa126eac37
                                                                                                                0x7ffa126eac4b
                                                                                                                0x7ffa126eac58
                                                                                                                0x7ffa126eac60
                                                                                                                0x7ffa126eac62
                                                                                                                0x7ffa126eac68
                                                                                                                0x7ffa126eac69
                                                                                                                0x7ffa126eac6e
                                                                                                                0x7ffa126eac76
                                                                                                                0x7ffa126eac82
                                                                                                                0x7ffa126eac87
                                                                                                                0x7ffa126eac97
                                                                                                                0x7ffa126eac9d
                                                                                                                0x7ffa126eaca7
                                                                                                                0x7ffa126eacb1
                                                                                                                0x7ffa126eacbb
                                                                                                                0x7ffa126eacc0
                                                                                                                0x7ffa126eacca
                                                                                                                0x7ffa126eacd6
                                                                                                                0x7ffa126eace5
                                                                                                                0x7ffa126eaceb
                                                                                                                0x7ffa126eacf7
                                                                                                                0x7ffa126ead0e
                                                                                                                0x7ffa126ead1b
                                                                                                                0x7ffa126ead23
                                                                                                                0x7ffa126ead25
                                                                                                                0x7ffa126ead2b
                                                                                                                0x7ffa126ead2c
                                                                                                                0x7ffa126ead31
                                                                                                                0x7ffa126ead44
                                                                                                                0x7ffa126ead4a
                                                                                                                0x7ffa126ead4f
                                                                                                                0x7ffa126ead54
                                                                                                                0x7ffa126ead57
                                                                                                                0x7ffa126ead60
                                                                                                                0x7ffa126ead66
                                                                                                                0x7ffa126ead72
                                                                                                                0x7ffa126ead89
                                                                                                                0x7ffa126ead9e
                                                                                                                0x7ffa126eada0
                                                                                                                0x7ffa126eada6
                                                                                                                0x7ffa126eada7
                                                                                                                0x7ffa126eadb5
                                                                                                                0x7ffa126eadba
                                                                                                                0x7ffa126eadc6
                                                                                                                0x7ffa126eadcb
                                                                                                                0x7ffa126eaddd
                                                                                                                0x7ffa126eadea
                                                                                                                0x7ffa126eadee
                                                                                                                0x7ffa126eadf2
                                                                                                                0x7ffa126eadf4
                                                                                                                0x7ffa126eadfa
                                                                                                                0x7ffa126eadfb
                                                                                                                0x7ffa126eae10
                                                                                                                0x7ffa126eae15
                                                                                                                0x7ffa126eae21
                                                                                                                0x7ffa126eae38
                                                                                                                0x7ffa126eae4d
                                                                                                                0x7ffa126eae4f
                                                                                                                0x7ffa126eae55
                                                                                                                0x7ffa126eae56
                                                                                                                0x7ffa126eae7e

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA126FD640: __tlregdtor.LIBCMT ref: 00007FFA126FD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EAC62
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EAD25
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EADA0
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EADF4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_startdocport {:#x}, '{}', {}, {}, {:#x}$system
                                                                                                                • API String ID: 333172304-80416438
                                                                                                                • Opcode ID: 406ab90b12b9c71644ad45163aa117fb6f4394c3b52fa641a7fa9bed9ec58b32
                                                                                                                • Instruction ID: 42cacc933c7729935697cfd1a6b8da117d77280c5280b916da0f0b2219b84070
                                                                                                                • Opcode Fuzzy Hash: 406ab90b12b9c71644ad45163aa117fb6f4394c3b52fa641a7fa9bed9ec58b32
                                                                                                                • Instruction Fuzzy Hash: 98716762608A8141FA50DB65E4443AE73A1FB867F0F519235EAAD47BDDDFBCD488CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E9980 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 146COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 32%
                                                                                                                			E00007FFA7FFA126E9980(long long __rbx, void* __rcx, long long __rdx, void* __rbp, void* __r8, long long _a32) {
				signed int _v40;
				intOrPtr _v48;
				char _v72;
				long long _v80;
				long long _v88;
				char _v104;
				intOrPtr _v112;
				char _v136;
				long long _v144;
				long long _v152;
				char _v162;
				short _v164;
				char _v168;
				char _v184;
				long long _v200;
				long long _v208;
				long long _v216;
				void* __rsi;
				void* __r14;
				char _t49;
				void* _t68;
				signed long long _t87;
				signed long long _t88;
				long long _t92;
				void* _t106;
				long long _t107;
				char _t123;
				long long _t132;
				long long _t138;
				intOrPtr _t141;
				intOrPtr _t144;
				intOrPtr _t147;
				void* _t150;
				long long _t151;
				void* _t152;
				void* _t153;
				intOrPtr _t157;
				long long _t159;

				_t152 = __rbp;
				_a32 = __rbx;
				_t154 = _t153 - 0xe0;
				_t87 =  *0x1272ec78; // 0xf623ed34940b
				_t88 = _t87 ^ _t153 - 0x000000e0;
				_v40 = _t88;
				_t106 = __r8;
				_t151 = __rdx;
				_t150 = __rcx;
				r14d = 0;
				_v168 = _t159;
				_v144 = 0xf;
				_v152 = 6;
				_t49 = "system"; // 0x74737973
				_v168 = _t49;
				_v164 =  *0x1271ba84 & 0x0000ffff;
				_v162 = r14b;
				_v136 = _t159;
				asm("movdqa xmm0, [0x329b3]");
				asm("movdqu [esp+0x80], xmm0");
				_v136 = r14b;
				E00007FFA7FFA126FD640(__r8, __rcx, __r8);
				if ( &_v136 == _t88) goto 0x126e9a25;
				_t157 =  *((intOrPtr*)(_t88 + 0x10));
				if ( *((long long*)(_t88 + 0x18)) - 0x10 < 0) goto 0x126e9a18;
				E00007FFA7FFA126E9100(__r8,  &_v136,  *_t88, _t157, _t159);
				E00007FFA7FFA127006F0( *((long long*)(_t88 + 0x18)) - 0x10,  *_t88,  &_v168, _t157);
				_t132 = _v144;
				if (_t132 - 0x10 < 0) goto 0x126e9a70;
				if (_t132 + 1 - 0x1000 < 0) goto 0x126e9a6b;
				_t92 = _v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8;
				if (_t92 - 0x1f <= 0) goto 0x126e9a6b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v152 = _t159;
				_v144 = 0xf;
				_v168 = 0;
				E00007FFA7FFA126F4280(_t68, _t106,  &_v72, _t106, _t151, _t152);
				_t107 = _t92;
				_v184 = _t151;
				E00007FFA7FFA126F4280(_t68, _t107,  &_v104, _t150, _t151, _t152);
				_v200 = _t107;
				_v208 =  &_v184;
				_v216 = _t92;
				r8d = 0x51;
				_t67 = _t157 - 0x50;
				E00007FFA7FFA126E5BB0(_t157 - 0x50, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_configureport \'{}\', {:#x}, \'{}\'");
				_t138 = _v80;
				if (_t138 - 0x10 < 0) goto 0x126e9b24;
				if (_t138 + 1 - 0x1000 < 0) goto 0x126e9b1f;
				if (_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e9b1f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v88 = _t159;
				_v80 = 0xf;
				_v104 = 0;
				_t141 = _v48;
				if (_t141 - 0x10 < 0) goto 0x126e9b87;
				if (_t141 + 1 - 0x1000 < 0) goto 0x126e9b81;
				if (_v72 -  *((intOrPtr*)(_v72 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e9b81;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA127006F0(_v72 -  *((intOrPtr*)(_v72 - 8)) + 0xfffffff8 - 0x1f, _v72 -  *((intOrPtr*)(_v72 - 8)) + 0xfffffff8,  &_v136, _t157);
				_t144 = _v112;
				if (_t144 - 0x10 < 0) goto 0x126e9bd5;
				_t123 = _v136;
				if (_t144 + 1 - 0x1000 < 0) goto 0x126e9bcf;
				_t101 = _t123 -  *((intOrPtr*)(_t123 - 8)) + 0xfffffff8;
				_t82 = _t123 -  *((intOrPtr*)(_t123 - 8)) + 0xfffffff8 - 0x1f;
				if (_t123 -  *((intOrPtr*)(_t123 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e9bcf;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA127006F0(_t82, _t101,  &_v136, _t157);
				_t147 = _v112;
				if (_t147 - 0x10 < 0) goto 0x126e9c2a;
				if (_t147 + 1 - 0x1000 < 0) goto 0x126e9c24;
				if (_v136 -  *((intOrPtr*)(_v136 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e9c24;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				return E00007FFA7FFA12705E20(0, _t67, _v40 ^ _t154);
			}









































                                                                                                                0x7ffa126e9980
                                                                                                                0x7ffa126e9980
                                                                                                                0x7ffa126e9989
                                                                                                                0x7ffa126e9990
                                                                                                                0x7ffa126e9997
                                                                                                                0x7ffa126e999a
                                                                                                                0x7ffa126e99a2
                                                                                                                0x7ffa126e99a5
                                                                                                                0x7ffa126e99a8
                                                                                                                0x7ffa126e99ab
                                                                                                                0x7ffa126e99ae
                                                                                                                0x7ffa126e99b3
                                                                                                                0x7ffa126e99bc
                                                                                                                0x7ffa126e99c5
                                                                                                                0x7ffa126e99cb
                                                                                                                0x7ffa126e99d6
                                                                                                                0x7ffa126e99db
                                                                                                                0x7ffa126e99e0
                                                                                                                0x7ffa126e99e5
                                                                                                                0x7ffa126e99ed
                                                                                                                0x7ffa126e99f6
                                                                                                                0x7ffa126e99fb
                                                                                                                0x7ffa126e9a08
                                                                                                                0x7ffa126e9a0a
                                                                                                                0x7ffa126e9a13
                                                                                                                0x7ffa126e9a20
                                                                                                                0x7ffa126e9a2a
                                                                                                                0x7ffa126e9a30
                                                                                                                0x7ffa126e9a39
                                                                                                                0x7ffa126e9a4d
                                                                                                                0x7ffa126e9a5a
                                                                                                                0x7ffa126e9a62
                                                                                                                0x7ffa126e9a64
                                                                                                                0x7ffa126e9a6a
                                                                                                                0x7ffa126e9a6b
                                                                                                                0x7ffa126e9a70
                                                                                                                0x7ffa126e9a75
                                                                                                                0x7ffa126e9a7e
                                                                                                                0x7ffa126e9a8e
                                                                                                                0x7ffa126e9a93
                                                                                                                0x7ffa126e9a96
                                                                                                                0x7ffa126e9aa6
                                                                                                                0x7ffa126e9aac
                                                                                                                0x7ffa126e9ab6
                                                                                                                0x7ffa126e9abb
                                                                                                                0x7ffa126e9ac7
                                                                                                                0x7ffa126e9ad4
                                                                                                                0x7ffa126e9ad8
                                                                                                                0x7ffa126e9ade
                                                                                                                0x7ffa126e9aea
                                                                                                                0x7ffa126e9b01
                                                                                                                0x7ffa126e9b16
                                                                                                                0x7ffa126e9b18
                                                                                                                0x7ffa126e9b1e
                                                                                                                0x7ffa126e9b1f
                                                                                                                0x7ffa126e9b24
                                                                                                                0x7ffa126e9b2c
                                                                                                                0x7ffa126e9b38
                                                                                                                0x7ffa126e9b40
                                                                                                                0x7ffa126e9b4c
                                                                                                                0x7ffa126e9b63
                                                                                                                0x7ffa126e9b78
                                                                                                                0x7ffa126e9b7a
                                                                                                                0x7ffa126e9b80
                                                                                                                0x7ffa126e9b81
                                                                                                                0x7ffa126e9b8c
                                                                                                                0x7ffa126e9b91
                                                                                                                0x7ffa126e9b9d
                                                                                                                0x7ffa126e9ba2
                                                                                                                0x7ffa126e9bb1
                                                                                                                0x7ffa126e9bbe
                                                                                                                0x7ffa126e9bc2
                                                                                                                0x7ffa126e9bc6
                                                                                                                0x7ffa126e9bc8
                                                                                                                0x7ffa126e9bce
                                                                                                                0x7ffa126e9bcf
                                                                                                                0x7ffa126e9be1
                                                                                                                0x7ffa126e9be6
                                                                                                                0x7ffa126e9bf2
                                                                                                                0x7ffa126e9c06
                                                                                                                0x7ffa126e9c1b
                                                                                                                0x7ffa126e9c1d
                                                                                                                0x7ffa126e9c23
                                                                                                                0x7ffa126e9c24
                                                                                                                0x7ffa126e9c4f

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA126FD640: __tlregdtor.LIBCMT ref: 00007FFA126FD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E9A64
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E9B18
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E9B7A
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E9BC8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_configureport '{}', {:#x}, '{}'$system
                                                                                                                • API String ID: 333172304-3163355225
                                                                                                                • Opcode ID: e14ab46071b807c50b760bae5b8b4710aa90fb6ebf50a14d2b1117d1926ebb90
                                                                                                                • Instruction ID: 3c740708521a2b38208515d037a5c589ef114ecaabcd405df7ce5d4596d4b63e
                                                                                                                • Opcode Fuzzy Hash: e14ab46071b807c50b760bae5b8b4710aa90fb6ebf50a14d2b1117d1926ebb90
                                                                                                                • Instruction Fuzzy Hash: 9A515462A19E8141FA10DB69E4443AF62A1FF877B0F419235E6AD46ADDDFBCD084CB04
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F5550 Relevance: 12.2, APIs: 8, Instructions: 248COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFA126F5BDD), ref: 00007FFA126F5643
                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFA126F5BDD), ref: 00007FFA126F565A
                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFA126F5BDD), ref: 00007FFA126F567E
                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFA126F5BDD), ref: 00007FFA126F5695
                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFA126F5BDD), ref: 00007FFA126F56CE
                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFA126F5BDD), ref: 00007FFA126F56E5
                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFA126F5BDD), ref: 00007FFA126F573E
                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFA126F5BDD), ref: 00007FFA126F5755
                                                                                                                  • Part of subcall function 00007FFA126F5480: __std_type_info_compare.VCRUNTIME140(?,?,?,00007FFA126F561B,?,?,00000000,00007FFA126F5BDD), ref: 00007FFA126F54A6
                                                                                                                  • Part of subcall function 00007FFA126F5480: __std_type_info_compare.VCRUNTIME140(?,?,?,00007FFA126F561B,?,?,00000000,00007FFA126F5BDD), ref: 00007FFA126F54DE
                                                                                                                  • Part of subcall function 00007FFA126F5480: __std_type_info_compare.VCRUNTIME140(?,?,?,00007FFA126F561B,?,?,00000000,00007FFA126F5BDD), ref: 00007FFA126F5516
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_type_info_compare
                                                                                                                • String ID:
                                                                                                                • API String ID: 4241632388-0
                                                                                                                • Opcode ID: 7d142e9f2ca846a9df2f65f0f1854761cbdd8297f96bc156cff0964b0237385b
                                                                                                                • Instruction ID: ee8d125b858173998390750c88f1be7f32629de293277522de2e192fdabe87bd
                                                                                                                • Opcode Fuzzy Hash: 7d142e9f2ca846a9df2f65f0f1854761cbdd8297f96bc156cff0964b0237385b
                                                                                                                • Instruction Fuzzy Hash: A0A1AD72B05E9281DF10CF16E954179B7A5FB89BE4B06C832CB6D4B788DF78E4608710
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126FBD30 Relevance: 12.1, APIs: 8, Instructions: 135COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memmove.VCRUNTIME140(?,?,00000000,?,00007FFA126FE79F), ref: 00007FFA126FBE20
                                                                                                                • memmove.VCRUNTIME140(?,?,00000000,?,00007FFA126FE79F), ref: 00007FFA126FBE37
                                                                                                                • memset.VCRUNTIME140(?,?,00000000,?,00007FFA126FE79F), ref: 00007FFA126FBE4C
                                                                                                                • memmove.VCRUNTIME140(?,?,00000000,?,00007FFA126FE79F), ref: 00007FFA126FBE64
                                                                                                                • memmove.VCRUNTIME140(?,?,00000000,?,00007FFA126FE79F), ref: 00007FFA126FBE7D
                                                                                                                • memset.VCRUNTIME140(?,?,00000000,?,00007FFA126FE79F), ref: 00007FFA126FBE8B
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,00007FFA126FE79F), ref: 00007FFA126FBEEF
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA126FBEF6
                                                                                                                  • Part of subcall function 00007FFA127056A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA126E8F4E), ref: 00007FFA127056C2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$memset$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1282081513-0
                                                                                                                • Opcode ID: 8e293dd022bf7a443d799811d4a9c6e5b51510fe4d37c423bc86922a477f981c
                                                                                                                • Instruction ID: 7eee3b0f504304b6a3a70c1a1dcad368bba33433372aa68f33a92803d8f3ca83
                                                                                                                • Opcode Fuzzy Hash: 8e293dd022bf7a443d799811d4a9c6e5b51510fe4d37c423bc86922a477f981c
                                                                                                                • Instruction Fuzzy Hash: 1041E562A05A8181EF04DB65E4102ED63A1EF4BBF4F558A31DA7D0BBCDEEBCD4408700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA1270B140 Relevance: 10.6, APIs: 7, Instructions: 134COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFA1270B1C7
                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FFA1270B21E
                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FFA1270B248
                                                                                                                • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FFA1270B283
                                                                                                                • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FFA1270B2B7
                                                                                                                • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FFA1270B2BE
                                                                                                                • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FFA1270B2CA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                                                                                                                • String ID:
                                                                                                                • API String ID: 1492985063-0
                                                                                                                • Opcode ID: 9d0936fb1a672e1796aba82365c1d2076bff5db8fa4339c5f789ed29314c767b
                                                                                                                • Instruction ID: 3defab87e5bf2829e36d60272c9a771d2feb8636a50b797cbc79881e6381c42d
                                                                                                                • Opcode Fuzzy Hash: 9d0936fb1a672e1796aba82365c1d2076bff5db8fa4339c5f789ed29314c767b
                                                                                                                • Instruction Fuzzy Hash: 1F516326608E4182EA208F55D48027E67B0EB8BFA5F16D131CE5E077A4DF7DD94D8704
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126EC670 Relevance: 10.6, APIs: 7, Instructions: 125COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(00000009,?,?,?,?,00007FFA126EF95E), ref: 00007FFA126EC6D3
                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(00000009,?,?,?,?,00007FFA126EF95E), ref: 00007FFA126EC74A
                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(00000009,?,?,?,?,00007FFA126EF95E), ref: 00007FFA126EC770
                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,00007FFA126EF95E), ref: 00007FFA126EC79B
                                                                                                                • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(00000009,?,?,?,?,00007FFA126EF95E), ref: 00007FFA126EC7DC
                                                                                                                • ?uncaught_exception@std@@YA_NXZ.MSVCP140(?,?,?,00007FFA126EF95E), ref: 00007FFA126EC7E3
                                                                                                                • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140(?,?,?,00007FFA126EF95E), ref: 00007FFA126EC7EF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                                                                                                                • String ID:
                                                                                                                • API String ID: 2331969452-0
                                                                                                                • Opcode ID: f691e1f04ba2ee2f9ca696224b13ba9103c1a7b8a4e03602e614a439e787b8e8
                                                                                                                • Instruction ID: 626f27bf1a7ba4b2bcf52c0699ad27e727665cfa831942564c99209bec8e4c26
                                                                                                                • Opcode Fuzzy Hash: f691e1f04ba2ee2f9ca696224b13ba9103c1a7b8a4e03602e614a439e787b8e8
                                                                                                                • Instruction Fuzzy Hash: 89516122605E4186EF20CF19D48127AA7A0FF86FA5F16C636DE5E477A8DF79C4468B00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126EE3A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 15%
                                                                                                                			E00007FFA7FFA126EE3A0(void* __eax, void* __ebp, long long __rbx, long long __rcx, void* __rdx, long long _a24) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				signed long long _v104;
				signed long long _v112;
				long long _v120;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r14;
				void* _t35;
				void* _t37;
				signed long long _t52;
				signed long long _t53;
				long long _t66;
				intOrPtr _t83;
				signed long long _t86;
				long long _t87;
				void* _t88;
				void* _t89;
				void* _t92;
				void* _t94;

				_t66 = __rcx;
				_a24 = __rbx;
				_t52 =  *0x1272ec78; // 0xf623ed34940b
				_t53 = _t52 ^ _t89 - 0x00000070;
				_v56 = _t53;
				_t88 = __rdx;
				_t87 = __rcx;
				if ( *((long long*)(__rdx + 0x10)) == 0) goto 0x126ee517;
				_t4 = _t66 + 0x70; // 0x70
				_v120 = _t4;
				0x12705430();
				if (__eax != 0) goto 0x126ee50f;
				E00007FFA7FFA127056A8(E00007FFA7FFA126F3D90(_t37, _t4,  &_v88, __rcx, __rdx, _t92, _t94), _t53,  &_v88);
				_t86 = _t53;
				_v112 = _t53;
				if (_t53 == 0) goto 0x126ee43c;
				asm("xorps xmm0, xmm0");
				asm("movups [eax], xmm0");
				 *((intOrPtr*)(_t53 + 8)) = 1;
				 *((intOrPtr*)(_t53 + 0xc)) = 1;
				 *_t86 = 0x1271c988;
				_t10 = _t86 + 0x10; // 0x10
				E00007FFA7FFA126ED640(0x1271c988, _t4, _t10, _t88, _t53);
				goto 0x126ee43e;
				_t11 = _t86 + 0x10; // 0x10
				_v112 = _t11;
				_v104 = _t86;
				_t15 = _t87 + 0x60; // 0x60
				E00007FFA7FFA126EC830(_t4, _t15,  &_v112, _t87);
				if (_v104 == 0) goto 0x126ee49d;
				asm("lock xadd [ecx+0x8], eax");
				if (0xffffffff != 1) goto 0x126ee498;
				 *((intOrPtr*)( *_v104))();
				asm("lock xadd [ebx+0xc], edi");
				if (0xffffffff != 1) goto 0x126ee498;
				 *((intOrPtr*)( *_v104 + 8))();
				_t83 = _v64;
				if (_t83 - 0x10 < 0) goto 0x126ee4dd;
				if (_t83 + 1 - 0x1000 < 0) goto 0x126ee4d8;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ee4d8;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_t35 = E00007FFA7FFA126F07D0(_v120, _t87, _t86, _t87);
				0x12705436();
				return E00007FFA7FFA12705E20(_t35, 0x118, _v56 ^ _t89 - 0x00000070);
			}

























                                                                                                                0x7ffa126ee3a0
                                                                                                                0x7ffa126ee3a0
                                                                                                                0x7ffa126ee3b0
                                                                                                                0x7ffa126ee3b7
                                                                                                                0x7ffa126ee3ba
                                                                                                                0x7ffa126ee3bf
                                                                                                                0x7ffa126ee3c2
                                                                                                                0x7ffa126ee3ca
                                                                                                                0x7ffa126ee3d0
                                                                                                                0x7ffa126ee3d4
                                                                                                                0x7ffa126ee3dc
                                                                                                                0x7ffa126ee3e3
                                                                                                                0x7ffa126ee3fb
                                                                                                                0x7ffa126ee400
                                                                                                                0x7ffa126ee403
                                                                                                                0x7ffa126ee40b
                                                                                                                0x7ffa126ee40d
                                                                                                                0x7ffa126ee410
                                                                                                                0x7ffa126ee413
                                                                                                                0x7ffa126ee41a
                                                                                                                0x7ffa126ee428
                                                                                                                0x7ffa126ee42b
                                                                                                                0x7ffa126ee435
                                                                                                                0x7ffa126ee43a
                                                                                                                0x7ffa126ee43e
                                                                                                                0x7ffa126ee442
                                                                                                                0x7ffa126ee447
                                                                                                                0x7ffa126ee451
                                                                                                                0x7ffa126ee455
                                                                                                                0x7ffa126ee463
                                                                                                                0x7ffa126ee46c
                                                                                                                0x7ffa126ee474
                                                                                                                0x7ffa126ee481
                                                                                                                0x7ffa126ee483
                                                                                                                0x7ffa126ee48b
                                                                                                                0x7ffa126ee495
                                                                                                                0x7ffa126ee49d
                                                                                                                0x7ffa126ee4a6
                                                                                                                0x7ffa126ee4ba
                                                                                                                0x7ffa126ee4cf
                                                                                                                0x7ffa126ee4d1
                                                                                                                0x7ffa126ee4d7
                                                                                                                0x7ffa126ee4d8
                                                                                                                0x7ffa126ee4e0
                                                                                                                0x7ffa126ee4e9
                                                                                                                0x7ffa126ee50e

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$C_error@std@@ErrorExceptionLastMtx_lockMtx_unlockPathTempThrowThrow__invalid_parameter_noinfo_noreturnmalloc
                                                                                                                • String ID: port name cannot be empty
                                                                                                                • API String ID: 314681990-1868005089
                                                                                                                • Opcode ID: 011e762faf762260215b295b5f74cb018b8456a84fcc47d26104f25b16c416ad
                                                                                                                • Instruction ID: 32d2b915fb8a2c269c4cf79776be23d9296666d8c18143d0309902a967a89757
                                                                                                                • Opcode Fuzzy Hash: 011e762faf762260215b295b5f74cb018b8456a84fcc47d26104f25b16c416ad
                                                                                                                • Instruction Fuzzy Hash: 37418322619E4181FA10DB15E8542AE63A0FF8ABB4F558131EA6D477D9DE7CD485CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F3D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 23%
                                                                                                                			E00007FFA7FFA126F3D90(void* __ebx, long long __rbx, intOrPtr* __rcx, long long __rsi, long long __rbp, void* __r8, void* __r14, long long _a16, long long _a24, long long _a32) {
				void* _v8;
				signed int _v24;
				char _v1064;
				char _v1592;
				char _v1608;
				long long _v1616;
				long long _v1624;
				short _v1632;
				long long _v1640;
				int _t40;
				signed long long _t61;
				intOrPtr* _t81;
				void* _t86;

				_t82 = __rsi;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t61 =  *0x1272ec78; // 0xf623ed34940b
				_v24 = _t61 ^ _t86 - 0x00000680;
				_v1608 = __rcx;
				_t81 = __rcx;
				_v1064 = 0;
				if (GetTempPathW(??, ??) != 0) goto 0x126f3e14;
				_v1608 = GetLastError();
				r8d = 0xdb;
				_v1640 =  &_v1608;
				_t11 = _t82 + 1; // 0x1
				E00007FFA7FFA126F35D0(_t11, "c:\\design\\wiservice\\wiservice\\ext\\win\\ext-win-winutil.cpp", __rbp, "couldn\'t get temp folder path, error {}");
				_v1592 = sil;
				if ( *((intOrPtr*)( &_v1064 + 0xfffffffffffffffe)) != 0) goto 0x126f3e30;
				if (0 == 0) goto 0x126f3ea2;
				_v1616 = __rsi;
				_v1624 = __rsi;
				r9d = __ebx;
				_v1632 = 0;
				_v1640 = __rsi;
				_t40 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				if (_t40 == 0) goto 0x126f3ea2;
				_v1616 = __rsi;
				_v1624 = __rsi;
				_t41 =  >  ? 0x208 : _t40;
				r9d = __ebx;
				_v1632 =  >  ? 0x208 : _t40;
				_v1640 =  &_v1592;
				WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				 *_t81 = __rsi;
				 *((long long*)(_t81 + 0x10)) = __rsi;
				 *((long long*)(_t81 + 0x18)) = 0xf;
				 *_t81 = sil;
				if ( *((intOrPtr*)( &_v1592 + 0xffffffff)) != sil) goto 0x126f3ec0;
				return E00007FFA7FFA12705E20(E00007FFA7FFA126E9100(0, _t81,  &_v1592, 0xffffffff, __r14), 0xfde9, _v24 ^ _t86 - 0x00000680);
			}
















                                                                                                                0x7ffa126f3d90
                                                                                                                0x7ffa126f3d90
                                                                                                                0x7ffa126f3d95
                                                                                                                0x7ffa126f3d9a
                                                                                                                0x7ffa126f3da7
                                                                                                                0x7ffa126f3db1
                                                                                                                0x7ffa126f3db9
                                                                                                                0x7ffa126f3dc6
                                                                                                                0x7ffa126f3dd2
                                                                                                                0x7ffa126f3de2
                                                                                                                0x7ffa126f3dea
                                                                                                                0x7ffa126f3dfa
                                                                                                                0x7ffa126f3e07
                                                                                                                0x7ffa126f3e0c
                                                                                                                0x7ffa126f3e0f
                                                                                                                0x7ffa126f3e1b
                                                                                                                0x7ffa126f3e37
                                                                                                                0x7ffa126f3e3c
                                                                                                                0x7ffa126f3e3e
                                                                                                                0x7ffa126f3e4b
                                                                                                                0x7ffa126f3e50
                                                                                                                0x7ffa126f3e53
                                                                                                                0x7ffa126f3e5e
                                                                                                                0x7ffa126f3e63
                                                                                                                0x7ffa126f3e6b
                                                                                                                0x7ffa126f3e6f
                                                                                                                0x7ffa126f3e74
                                                                                                                0x7ffa126f3e81
                                                                                                                0x7ffa126f3e84
                                                                                                                0x7ffa126f3e87
                                                                                                                0x7ffa126f3e97
                                                                                                                0x7ffa126f3e9c
                                                                                                                0x7ffa126f3ea2
                                                                                                                0x7ffa126f3eaa
                                                                                                                0x7ffa126f3eae
                                                                                                                0x7ffa126f3eb6
                                                                                                                0x7ffa126f3ec7
                                                                                                                0x7ffa126f3f04

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide_invalid_parameter_noinfo_noreturn$ErrorLastPathTemp
                                                                                                                • String ID: c:\design\wiservice\wiservice\ext\win\ext-win-winutil.cpp$couldn't get temp folder path, error {}
                                                                                                                • API String ID: 1286625825-281439859
                                                                                                                • Opcode ID: 27723f8dbbc8be8e3f18a9bff4afd5919641ec508ffa06e2fc59b97fcf0ac7b5
                                                                                                                • Instruction ID: 6e51efdebcabffe11c56c7bd04934d1a1ef9a56c883cbef851a8eae87515cb23
                                                                                                                • Opcode Fuzzy Hash: 27723f8dbbc8be8e3f18a9bff4afd5919641ec508ffa06e2fc59b97fcf0ac7b5
                                                                                                                • Instruction Fuzzy Hash: 6B415632608B8582E7208F15F4402ABB7B5FB8AB90F454636EA9D47B98EF7CD515CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F81D0 Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,00007FFA1270AECA), ref: 00007FFA126F81E2
                                                                                                                • ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,00007FFA1270AECA), ref: 00007FFA126F81FC
                                                                                                                • ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,00007FFA1270AECA), ref: 00007FFA126F8226
                                                                                                                • ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,00007FFA1270AECA), ref: 00007FFA126F8250
                                                                                                                • std::_Facet_Register.LIBCPMT ref: 00007FFA126F8269
                                                                                                                • ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,00007FFA1270AECA), ref: 00007FFA126F8288
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA126F8299
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Concurrency::cancel_current_taskFacet_Getcat@?$codecvt@_Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterV42@@Vfacet@locale@2@std::_
                                                                                                                • String ID:
                                                                                                                • API String ID: 929128910-0
                                                                                                                • Opcode ID: 3a782683d63e8b3b5db5c7f10f913e878a86a5064d5519ca7bc9aeb1d141eeb8
                                                                                                                • Instruction ID: a2f5937249191fcbe1a868f8ae7b1729fc1b10f134e7192423501221b95ab916
                                                                                                                • Opcode Fuzzy Hash: 3a782683d63e8b3b5db5c7f10f913e878a86a5064d5519ca7bc9aeb1d141eeb8
                                                                                                                • Instruction Fuzzy Hash: E7214125A08E4181EF149B55E49417A67B0FF97BB0F098531DA5D077ECEFACE8488B40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F82A0 Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F82B2
                                                                                                                • ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F82CC
                                                                                                                • ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F82F6
                                                                                                                • ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F8320
                                                                                                                • std::_Facet_Register.LIBCPMT ref: 00007FFA126F8339
                                                                                                                • ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F8358
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA126F8369
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Concurrency::cancel_current_taskD@std@@@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterU?$char_traits@V42@@V?$ostreambuf_iterator@Vfacet@locale@2@std::_
                                                                                                                • String ID:
                                                                                                                • API String ID: 3345465274-0
                                                                                                                • Opcode ID: 4e4a803cf451d749639f82d7c091ac8fe20c97de71ea8e2ae2af82c5be18d0bb
                                                                                                                • Instruction ID: eb2a57cd16e05a76e25efb61c8822681e2bdb9f1843c3f40d34d21efcb61fd69
                                                                                                                • Opcode Fuzzy Hash: 4e4a803cf451d749639f82d7c091ac8fe20c97de71ea8e2ae2af82c5be18d0bb
                                                                                                                • Instruction Fuzzy Hash: D5214126608E0181EF149B55E45417A67B0FF97FB0B099531DA6D077ECEEBCD4488B00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12716B90 Relevance: 10.1, APIs: 8, Instructions: 100memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$FreeProcess$Value
                                                                                                                • String ID:
                                                                                                                • API String ID: 3709577838-0
                                                                                                                • Opcode ID: cba726e5eb5ad7b4e1610d0dee1c37cbefd4d62cab8451685cd09f84cd3f4121
                                                                                                                • Instruction ID: 170862d2f7c360d8e14458bf763b32e12133ab001d9fc4cf7d133328691f2949
                                                                                                                • Opcode Fuzzy Hash: cba726e5eb5ad7b4e1610d0dee1c37cbefd4d62cab8451685cd09f84cd3f4121
                                                                                                                • Instruction Fuzzy Hash: 27412025A05E0586EB549B26E44423A63F1FF4BFA0F5AD534CA4E037A8EF6CE449CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F4280 Relevance: 9.2, APIs: 6, Instructions: 157COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$Concurrency::cancel_current_taskXlength_error@std@@mallocmemset
                                                                                                                • String ID:
                                                                                                                • API String ID: 1152013002-0
                                                                                                                • Opcode ID: 23b867ca058e03f9e358808457681dda8dd22d8aa00925ef406a3912bde65562
                                                                                                                • Instruction ID: f8b66ecc3aa7f09f725f1ef48b7894a7c2fc03ebb681ff66f43e4ac4831aad55
                                                                                                                • Opcode Fuzzy Hash: 23b867ca058e03f9e358808457681dda8dd22d8aa00925ef406a3912bde65562
                                                                                                                • Instruction Fuzzy Hash: 8D51C732608B4181EB209B11B51036AB6E5FF86BA4F198634DFAD17FD9DFBCD0949B00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E2190 Relevance: 9.1, APIs: 6, Instructions: 118COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 2016347663-0
                                                                                                                • Opcode ID: bd205e56ab9516b51d7842ca1344e4abd5460b37ec5232d69a680e9117ba0946
                                                                                                                • Instruction ID: 33a7f43938b2658c6271734cce13b98811b7e3fc7fb171320703ee17a40d24e8
                                                                                                                • Opcode Fuzzy Hash: bd205e56ab9516b51d7842ca1344e4abd5460b37ec5232d69a680e9117ba0946
                                                                                                                • Instruction Fuzzy Hash: 1A41C661709E8189FE14DB12A4442AEA3A6FB46BE0F558631EE6D0B7DDDEBCE0458700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA127167A0 Relevance: 9.1, APIs: 6, Instructions: 118COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 54%
                                                                                                                			E00007FFA7FFA127167A0() {
				void* _t42;
				void* _t43;
				void* _t58;
				void* _t61;
				long long _t66;
				intOrPtr* _t67;
				long long _t69;
				intOrPtr* _t71;
				void* _t86;
				intOrPtr _t87;
				intOrPtr* _t88;
				long _t92;
				intOrPtr* _t93;
				long* _t96;
				intOrPtr _t97;
				void* _t99;
				void* _t100;
				long* _t102;
				intOrPtr* _t103;
				long _t105;
				void* _t108;
				intOrPtr _t109;
				void* _t111;
				long long _t112;

				 *((long long*)(_t99 + 0x10)) = _t66;
				_t100 = _t99 - 0x20;
				_t103 = _t71;
				 *((char*)(_t71 + 0x28)) = 1;
				E00007FFA7FFA12716A20(_t42, _t43, _t61, _t66, _t71 + 0x40, _t86, _t92);
				_t112 =  *((intOrPtr*)(_t103 + 0x78));
				_t93 =  *_t112;
				 *((long long*)(_t100 + 0x60)) = _t93;
				 *((long long*)(_t100 + 0x70)) = _t112;
				if (_t93 == _t112) goto 0x12716915;
				_t97 =  *((intOrPtr*)(_t93 + 0x10));
				if ( *((intOrPtr*)(_t97 + 0x10)) == 0) goto 0x12716909;
				E00007FFA7FFA12716690( *((intOrPtr*)(_t97 + 0x10)), _t61, _t66, _t97, _t93, _t111);
				if ( *((intOrPtr*)(_t97 + 0x10)) != 0) goto 0x12716813;
				goto 0x127168d8;
				 *((intOrPtr*)(_t97 + 0x10)) = 0;
				r8d = 0;
				ReleaseSemaphore(_t108, _t105, _t102);
				_t67 =  *((intOrPtr*)(_t97 + 0x18));
				_t87 =  *((intOrPtr*)(_t97 + 0x20));
				if (_t67 == _t87) goto 0x1271684f;
				 *((char*)( *_t67 + 0x14)) = 1;
				r8d = 0;
				ReleaseSemaphore(_t86, _t92, _t96);
				if (_t67 + 8 != _t87) goto 0x12716830;
				_t109 =  *((intOrPtr*)(_t97 + 0x20));
				_t88 =  *((intOrPtr*)(_t97 + 0x18));
				if (_t88 == _t109) goto 0x127168ba;
				_t69 =  *_t88;
				if (_t69 == 0) goto 0x127168ad;
				asm("lock xadd [ebx+0x18], eax");
				if (0xffffffff != 1) goto 0x127168ad;
				if ( *((intOrPtr*)(_t69 + 8)) - 1 - 0xfffffffd > 0) goto 0x1271688c;
				CloseHandle(??);
				if ( *_t69 - 1 - 0xfffffffd > 0) goto 0x127168a0;
				CloseHandle(??);
				E00007FFA7FFA127056E4();
				if (_t88 + 8 != _t109) goto 0x12716860;
				 *((long long*)(_t97 + 0x20)) =  *((intOrPtr*)(_t97 + 0x18));
				_t58 =  *((intOrPtr*)(_t97 + 0x30)) - 1 - 0xfffffffd;
				if (_t58 > 0) goto 0x127168d2;
				CloseHandle(??);
				 *((long long*)(_t97 + 0x30)) = _t69;
				asm("lock xadd [ebp], eax");
				asm("bt eax, 0x1e");
				if (_t58 < 0) goto 0x12716909;
				if (0x80000000 - 0x80000000 <= 0) goto 0x12716909;
				asm("lock bts dword [ebp], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x12716909;
				E00007FFA7FFA126FD940(_t97);
				SetEvent(??);
				if ( *_t93 != _t112) goto 0x127167f0;
				goto ( *((intOrPtr*)( *_t103 + 0x10)));
			}



























                                                                                                                0x7ffa127167a0
                                                                                                                0x7ffa127167b0
                                                                                                                0x7ffa127167b7
                                                                                                                0x7ffa127167ba
                                                                                                                0x7ffa127167c2
                                                                                                                0x7ffa127167c7
                                                                                                                0x7ffa127167cc
                                                                                                                0x7ffa127167cf
                                                                                                                0x7ffa127167d4
                                                                                                                0x7ffa127167dc
                                                                                                                0x7ffa127167f0
                                                                                                                0x7ffa127167f9
                                                                                                                0x7ffa12716802
                                                                                                                0x7ffa1271680c
                                                                                                                0x7ffa1271680e
                                                                                                                0x7ffa12716813
                                                                                                                0x7ffa12716816
                                                                                                                0x7ffa1271681d
                                                                                                                0x7ffa12716823
                                                                                                                0x7ffa12716827
                                                                                                                0x7ffa1271682e
                                                                                                                0x7ffa12716836
                                                                                                                0x7ffa1271683a
                                                                                                                0x7ffa12716840
                                                                                                                0x7ffa1271684d
                                                                                                                0x7ffa1271684f
                                                                                                                0x7ffa12716853
                                                                                                                0x7ffa1271685a
                                                                                                                0x7ffa12716860
                                                                                                                0x7ffa12716866
                                                                                                                0x7ffa1271686d
                                                                                                                0x7ffa12716875
                                                                                                                0x7ffa12716883
                                                                                                                0x7ffa12716885
                                                                                                                0x7ffa12716897
                                                                                                                0x7ffa12716899
                                                                                                                0x7ffa127168a8
                                                                                                                0x7ffa127168b4
                                                                                                                0x7ffa127168ba
                                                                                                                0x7ffa127168c6
                                                                                                                0x7ffa127168ca
                                                                                                                0x7ffa127168cc
                                                                                                                0x7ffa127168d4
                                                                                                                0x7ffa127168dd
                                                                                                                0x7ffa127168e2
                                                                                                                0x7ffa127168e6
                                                                                                                0x7ffa127168ed
                                                                                                                0x7ffa127168ef
                                                                                                                0x7ffa127168f5
                                                                                                                0x7ffa127168fa
                                                                                                                0x7ffa12716902
                                                                                                                0x7ffa1271690f
                                                                                                                0x7ffa12716933

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle$EventReleaseSemaphore$ObjectSingleWait
                                                                                                                • String ID:
                                                                                                                • API String ID: 1488515630-0
                                                                                                                • Opcode ID: 3bcf2f0ad8178168a7f8be7a2930863f511e61aaff0b105efb4953fc0a99a83f
                                                                                                                • Instruction ID: 602d1fdd13bee1946b1e7c0bf11e310fbd22d5a2516a87f7fc3385b840fb9a16
                                                                                                                • Opcode Fuzzy Hash: 3bcf2f0ad8178168a7f8be7a2930863f511e61aaff0b105efb4953fc0a99a83f
                                                                                                                • Instruction Fuzzy Hash: 18416E22A04A818AEB109F25D84466A63B1FF47BB8F169635DE2D437D8EF78D449CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F59F0 Relevance: 9.1, APIs: 6, Instructions: 117COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memmove.VCRUNTIME140(?,?,?,?,00007FFA126FC1BC,?,?,?,?,?,00007FFA126FC11C,?,?,?,00007FFA126FD3B9), ref: 00007FFA126F5ADE
                                                                                                                • memset.VCRUNTIME140(?,?,?,?,00007FFA126FC1BC,?,?,?,?,?,00007FFA126FC11C,?,?,?,00007FFA126FD3B9), ref: 00007FFA126F5AEC
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFA126FC1BC,?,?,?,?,?,00007FFA126FC11C,?,?,?,00007FFA126FD3B9), ref: 00007FFA126F5B25
                                                                                                                • memmove.VCRUNTIME140(?,?,?,?,00007FFA126FC1BC,?,?,?,?,?,00007FFA126FC11C,?,?,?,00007FFA126FD3B9), ref: 00007FFA126F5B2F
                                                                                                                • memset.VCRUNTIME140(?,?,?,?,00007FFA126FC1BC,?,?,?,?,?,00007FFA126FC11C,?,?,?,00007FFA126FD3B9), ref: 00007FFA126F5B3D
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA126F5B72
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmovememset$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 2171940698-0
                                                                                                                • Opcode ID: 774fb2e6606a4e14e78d9516ad0e35f377a52a9fbeaa3c1abe2377eaca6ceb04
                                                                                                                • Instruction ID: 608accc77c0ad7423c9fd64a6f8b0ca952e5b076b99776ebccb5cd9df0a8e06b
                                                                                                                • Opcode Fuzzy Hash: 774fb2e6606a4e14e78d9516ad0e35f377a52a9fbeaa3c1abe2377eaca6ceb04
                                                                                                                • Instruction Fuzzy Hash: A3410361B09F8185EF109B12A4542A9A3A2FB46BF0F458A31DE6D0B7CDDEBCE4458B00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA127114B0 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 338COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFA1271160E
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFA127118FF
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFA12711A9C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ?write@?$basic_ostream@D@std@@@std@@U?$char_traits@V12@
                                                                                                                • String ID: ''''$0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures
                                                                                                                • API String ID: 2277189856-568624354
                                                                                                                • Opcode ID: 3aff13a59325f5cfba9f4cda191dfbefc8fa3dbfffc973e15dde9fda4ad904ce
                                                                                                                • Instruction ID: 52cbc41e792a7d8ec9a12761efdfdca039e5ec504efd23a88afa7742c71c89d3
                                                                                                                • Opcode Fuzzy Hash: 3aff13a59325f5cfba9f4cda191dfbefc8fa3dbfffc973e15dde9fda4ad904ce
                                                                                                                • Instruction Fuzzy Hash: F6E1B42BD28FD341F203473868125A5A760AFE7790F11D73BFEA832916FF2993559218
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12711B10 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 331COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFA12711C9B
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFA12711EE9
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFA127120D2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ?write@?$basic_ostream@D@std@@@std@@U?$char_traits@V12@
                                                                                                                • String ID: ''''$0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures
                                                                                                                • API String ID: 2277189856-568624354
                                                                                                                • Opcode ID: deb9300bf523231e68528a72c5f9e80c1f0207f0c69c3409293c06da2a51802a
                                                                                                                • Instruction ID: 85af339afc65c05680e2d7ebcdf93064ecb713d7e96befd4d05abaf3f0a5e3d4
                                                                                                                • Opcode Fuzzy Hash: deb9300bf523231e68528a72c5f9e80c1f0207f0c69c3409293c06da2a51802a
                                                                                                                • Instruction Fuzzy Hash: 3DE1C226E38BC341F312473DA4065B5A760AFE7790F12D727FE9832A16FF29D2859204
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E3510 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 127COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00007FFA7FFA126E3510(long long __rbx, signed char* __rcx, void* __rdx, long long __rdi, long long __rsi, intOrPtr* __r8, char _a8, long long _a16, long long _a24, long long _a32) {
				void* _v8;
				signed int _t31;
				void* _t43;
				void* _t49;
				signed char* _t56;
				signed char* _t57;
				char* _t58;
				signed char* _t59;
				intOrPtr _t67;
				signed char* _t74;
				void* _t85;
				char* _t87;

				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t74 = __rcx;
				r9d =  *__rcx & 0x000000ff;
				if (r9b >= 0) goto 0x126e354a;
				_t56 =  &(__rcx[1]);
				if (_t56 == __rdx) goto 0x126e3551;
				if (( *_t56 & 0xc0) == 0x80) goto 0x126e3537;
				goto 0x126e354e;
				_t57 =  &(__rcx[1]);
				_t43 = _t57 - __rdx;
				_t58 =  ==  ? __rcx : _t57;
				if (_t43 == 0) goto 0x126e358f;
				if (_t43 == 0) goto 0x126e3588;
				if (_t43 == 0) goto 0x126e3581;
				if ( *_t58 - 0x3a == 0x20) goto 0x126e357a;
				if (_t58 == __rcx) goto 0x126e3632;
				_t59 = __rcx;
				goto 0x126e3555;
				goto 0x126e3594;
				goto 0x126e3594;
				goto 0x126e3594;
				if (__rcx == __rcx) goto 0x126e35f6;
				if (r9b != 0x7b) goto 0x126e35b8;
				_a8 = 0;
				E00007FFA7FFA127050C0(__rcx, "invalid fill character \'{\'");
				goto 0x126e3632;
				_t85 = _t59 - _t74;
				_t87 =  *__r8 + 0x11;
				if (_t85 - 4 > 0) goto 0x126e364c;
				_t49 = _t85;
				if (_t49 == 0) goto 0x126e35f0;
				 *_t87 =  *(_t74 - _t87 + _t87) & 0x000000ff;
				if (_t49 != 0) goto 0x126e35e0;
				 *((intOrPtr*)(_t87 + 4)) = r8b;
				goto 0x126e35f9;
				if (1 != 4) goto 0x126e3624;
				if ( *((intOrPtr*)(__r8 + 0x20)) - 1 - 0xb <= 0) goto 0x126e3624;
				_a8 = 0;
				E00007FFA7FFA127050C0(_t74 - _t87, "format specifier requires numeric argument");
				_t67 =  *__r8;
				_t31 =  *(_t67 + 0xc) & 0xfffffff0 | 0x00000001;
				 *(_t67 + 0xc) = _t31;
				return _t31;
			}















                                                                                                                0x7ffa126e3510
                                                                                                                0x7ffa126e3515
                                                                                                                0x7ffa126e351a
                                                                                                                0x7ffa126e3528
                                                                                                                0x7ffa126e352e
                                                                                                                0x7ffa126e3535
                                                                                                                0x7ffa126e3537
                                                                                                                0x7ffa126e353d
                                                                                                                0x7ffa126e3546
                                                                                                                0x7ffa126e3548
                                                                                                                0x7ffa126e354a
                                                                                                                0x7ffa126e354e
                                                                                                                0x7ffa126e3551
                                                                                                                0x7ffa126e355b
                                                                                                                0x7ffa126e3560
                                                                                                                0x7ffa126e3565
                                                                                                                0x7ffa126e356a
                                                                                                                0x7ffa126e356f
                                                                                                                0x7ffa126e3575
                                                                                                                0x7ffa126e3578
                                                                                                                0x7ffa126e357f
                                                                                                                0x7ffa126e3586
                                                                                                                0x7ffa126e358d
                                                                                                                0x7ffa126e3597
                                                                                                                0x7ffa126e359d
                                                                                                                0x7ffa126e35a1
                                                                                                                0x7ffa126e35b1
                                                                                                                0x7ffa126e35b6
                                                                                                                0x7ffa126e35bb
                                                                                                                0x7ffa126e35c1
                                                                                                                0x7ffa126e35c9
                                                                                                                0x7ffa126e35cf
                                                                                                                0x7ffa126e35d2
                                                                                                                0x7ffa126e35e4
                                                                                                                0x7ffa126e35ee
                                                                                                                0x7ffa126e35f0
                                                                                                                0x7ffa126e35f4
                                                                                                                0x7ffa126e3600
                                                                                                                0x7ffa126e360b
                                                                                                                0x7ffa126e360f
                                                                                                                0x7ffa126e361f
                                                                                                                0x7ffa126e3624
                                                                                                                0x7ffa126e362d
                                                                                                                0x7ffa126e362f
                                                                                                                0x7ffa126e364b

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionThrow__std_exception_copy
                                                                                                                • String ID: format specifier requires numeric argument$invalid fill$invalid fill character '{'
                                                                                                                • API String ID: 1552479455-4061151604
                                                                                                                • Opcode ID: b7ff8291887d5177cecc7ace963eeb140f2fa9a4833c1d2eb685c374454571a0
                                                                                                                • Instruction ID: f9409524a619f68b1430220220dfce084d3763f4c8c8cdbc2b24e83dac7adc4b
                                                                                                                • Opcode Fuzzy Hash: b7ff8291887d5177cecc7ace963eeb140f2fa9a4833c1d2eb685c374454571a0
                                                                                                                • Instruction Fuzzy Hash: 39410362E0CEC281EB10CB28D50417AA7E1EB577A0F5A8132E6AD477DDDEACE555CF00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126EA8F0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 123COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 51%
                                                                                                                			E00007FFA7FFA126EA8F0(long long __rcx, long long __rdx, void* __rbp, long long __r9) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v96;
				long long _v104;
				short _v116;
				char _v120;
				char _v136;
				char _v144;
				char _v152;
				char _v160;
				char _v168;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				void* __rbx;
				void* __r14;
				char _t47;
				void* _t54;
				signed long long _t77;
				signed long long _t78;
				intOrPtr* _t93;
				char _t103;
				long long _t112;
				intOrPtr _t117;
				intOrPtr _t120;
				long long _t123;
				long long _t124;
				void* _t126;
				void* _t129;
				void* _t135;
				void* _t136;
				long long _t137;

				_t135 = _t126;
				_t127 = _t126 - 0xc0;
				_t77 =  *0x1272ec78; // 0xf623ed34940b
				_t78 = _t77 ^ _t126 - 0x000000c0;
				_v56 = _t78;
				_t93 = __r9;
				r14d = r8d;
				_t123 = __rdx;
				_t124 = __rcx;
				_v160 = r14d;
				r15d = 0;
				 *((long long*)(_t135 - 0x78)) = _t137;
				 *((long long*)(_t135 - 0x60)) = 0xf;
				 *((long long*)(_t135 - 0x68)) = 6;
				_t47 = "system"; // 0x74737973
				_v120 = _t47;
				_v116 =  *0x1271ba84 & 0x0000ffff;
				 *((intOrPtr*)(_t135 - 0x72)) = r15b;
				 *((long long*)(_t135 - 0x58)) = _t137;
				asm("movdqa xmm0, [0x31a3f]");
				asm("repe inc ecx");
				 *((intOrPtr*)(_t135 - 0x58)) = r15b;
				E00007FFA7FFA126FD640(__r9, __rcx, _t129);
				if ( &_v88 == _t78) goto 0x126ea99b;
				if ( *((long long*)(_t78 + 0x18)) - 0x10 < 0) goto 0x126ea98b;
				E00007FFA7FFA126E9100(__r9,  &_v88,  *_t78,  *((intOrPtr*)(_t78 + 0x10)), _t136);
				E00007FFA7FFA127006F0( *((long long*)(_t78 + 0x18)) - 0x10,  *_t78,  &_v120,  *((intOrPtr*)(_t78 + 0x10)));
				_t112 = _v96;
				if (_t112 - 0x10 < 0) goto 0x126ea9e9;
				if (_t112 + 1 - 0x1000 < 0) goto 0x126ea9e4;
				if (_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ea9e4;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v104 = _t137;
				_v96 = 0xf;
				_v120 = 0;
				 *((intOrPtr*)(__r9)) = r15d;
				_v168 = r15d;
				_v144 = __r9;
				_v136 = _t123;
				_v152 = _t124;
				_v176 =  &_v144;
				_v184 =  &_v160;
				_v192 =  &_v136;
				_v200 =  &_v152;
				r8d = 0x94;
				E00007FFA7FFA126E6160(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_readport {:#x}, {:#x}, {}, {:#x}");
				_t54 = E00007FFA7FFA126EE0D0( *((intOrPtr*)(_v120 - 8)), "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp");
				_v200 =  &_v168;
				_t131 = _t123;
				E00007FFA7FFA126F07C0(_t54);
				 *_t93 = _v168;
				E00007FFA7FFA127006F0(_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f,  &_v152,  &_v88, _t123);
				_t117 = _v64;
				if (_t117 - 0x10 < 0) goto 0x126eaadb;
				_t103 = _v88;
				if (_t117 + 1 - 0x1000 < 0) goto 0x126eaad5;
				_t89 = _t103 -  *((intOrPtr*)(_t103 - 8)) + 0xfffffff8;
				_t72 = _t103 -  *((intOrPtr*)(_t103 - 8)) + 0xfffffff8 - 0x1f;
				if (_t103 -  *((intOrPtr*)(_t103 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126eaad5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA127006F0(_t72, _t89,  &_v88, _t131);
				_t120 = _v64;
				if (_t120 - 0x10 < 0) goto 0x126eab36;
				if (_t120 + 1 - 0x1000 < 0) goto 0x126eab30;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126eab30;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				return E00007FFA7FFA12705E20(0, 1, _v56 ^ _t127);
			}





































                                                                                                                0x7ffa126ea8f0
                                                                                                                0x7ffa126ea8fa
                                                                                                                0x7ffa126ea901
                                                                                                                0x7ffa126ea908
                                                                                                                0x7ffa126ea90b
                                                                                                                0x7ffa126ea913
                                                                                                                0x7ffa126ea916
                                                                                                                0x7ffa126ea919
                                                                                                                0x7ffa126ea91c
                                                                                                                0x7ffa126ea91f
                                                                                                                0x7ffa126ea924
                                                                                                                0x7ffa126ea927
                                                                                                                0x7ffa126ea92b
                                                                                                                0x7ffa126ea933
                                                                                                                0x7ffa126ea93b
                                                                                                                0x7ffa126ea941
                                                                                                                0x7ffa126ea94c
                                                                                                                0x7ffa126ea951
                                                                                                                0x7ffa126ea955
                                                                                                                0x7ffa126ea959
                                                                                                                0x7ffa126ea961
                                                                                                                0x7ffa126ea967
                                                                                                                0x7ffa126ea96b
                                                                                                                0x7ffa126ea97b
                                                                                                                0x7ffa126ea986
                                                                                                                0x7ffa126ea996
                                                                                                                0x7ffa126ea9a0
                                                                                                                0x7ffa126ea9a6
                                                                                                                0x7ffa126ea9b2
                                                                                                                0x7ffa126ea9c6
                                                                                                                0x7ffa126ea9db
                                                                                                                0x7ffa126ea9dd
                                                                                                                0x7ffa126ea9e3
                                                                                                                0x7ffa126ea9e4
                                                                                                                0x7ffa126ea9e9
                                                                                                                0x7ffa126ea9f1
                                                                                                                0x7ffa126ea9fd
                                                                                                                0x7ffa126eaa02
                                                                                                                0x7ffa126eaa05
                                                                                                                0x7ffa126eaa0a
                                                                                                                0x7ffa126eaa0f
                                                                                                                0x7ffa126eaa14
                                                                                                                0x7ffa126eaa1e
                                                                                                                0x7ffa126eaa28
                                                                                                                0x7ffa126eaa32
                                                                                                                0x7ffa126eaa3c
                                                                                                                0x7ffa126eaa48
                                                                                                                0x7ffa126eaa5a
                                                                                                                0x7ffa126eaa5f
                                                                                                                0x7ffa126eaa6d
                                                                                                                0x7ffa126eaa72
                                                                                                                0x7ffa126eaa7b
                                                                                                                0x7ffa126eaa85
                                                                                                                0x7ffa126eaa8f
                                                                                                                0x7ffa126eaa94
                                                                                                                0x7ffa126eaaa0
                                                                                                                0x7ffa126eaaa5
                                                                                                                0x7ffa126eaab7
                                                                                                                0x7ffa126eaac4
                                                                                                                0x7ffa126eaac8
                                                                                                                0x7ffa126eaacc
                                                                                                                0x7ffa126eaace
                                                                                                                0x7ffa126eaad4
                                                                                                                0x7ffa126eaad5
                                                                                                                0x7ffa126eaaea
                                                                                                                0x7ffa126eaaef
                                                                                                                0x7ffa126eaafb
                                                                                                                0x7ffa126eab12
                                                                                                                0x7ffa126eab27
                                                                                                                0x7ffa126eab29
                                                                                                                0x7ffa126eab2f
                                                                                                                0x7ffa126eab30
                                                                                                                0x7ffa126eab56

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA126FD640: __tlregdtor.LIBCMT ref: 00007FFA126FD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EA9DD
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EAACE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_readport {:#x}, {:#x}, {}, {:#x}$system
                                                                                                                • API String ID: 333172304-2826333439
                                                                                                                • Opcode ID: 63654d137c15f83f08eb559c95b2f5fad86409a222d48f8664635b54fdbb5bfd
                                                                                                                • Instruction ID: 2665bb785e0860d9cfbe42631758cec97ab5bbe2e9e05a26467792488689a52a
                                                                                                                • Opcode Fuzzy Hash: 63654d137c15f83f08eb559c95b2f5fad86409a222d48f8664635b54fdbb5bfd
                                                                                                                • Instruction Fuzzy Hash: 9A515F72618B8185EB10CB55E4443AE73E5FB867A0F518235EAAD03BD9EFBDD484CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126EAE80 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 122COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E00007FFA7FFA126EAE80(long long __rcx, long long __rdx, void* __rbp, long long __r9) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v96;
				long long _v104;
				short _v116;
				char _v120;
				char _v136;
				char _v144;
				char _v152;
				char _v160;
				char _v168;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				void* __rbx;
				void* __r14;
				char _t47;
				void* _t54;
				void* _t64;
				signed long long _t78;
				signed long long _t79;
				intOrPtr* _t94;
				char _t104;
				long long _t113;
				intOrPtr _t118;
				intOrPtr _t121;
				long long _t124;
				long long _t125;
				void* _t127;
				void* _t130;
				void* _t136;
				void* _t137;
				long long _t138;

				_t136 = _t127;
				_t128 = _t127 - 0xc0;
				_t78 =  *0x1272ec78; // 0xf623ed34940b
				_t79 = _t78 ^ _t127 - 0x000000c0;
				_v56 = _t79;
				_t94 = __r9;
				r14d = r8d;
				_t124 = __rdx;
				_t125 = __rcx;
				_v160 = r14d;
				r15d = 0;
				 *((long long*)(_t136 - 0x78)) = _t138;
				 *((long long*)(_t136 - 0x60)) = 0xf;
				 *((long long*)(_t136 - 0x68)) = 6;
				_t47 = "system"; // 0x74737973
				_v120 = _t47;
				_v116 =  *0x1271ba84 & 0x0000ffff;
				 *((intOrPtr*)(_t136 - 0x72)) = r15b;
				 *((long long*)(_t136 - 0x58)) = _t138;
				asm("movdqa xmm0, [0x314af]");
				asm("repe inc ecx");
				 *((intOrPtr*)(_t136 - 0x58)) = r15b;
				E00007FFA7FFA126FD640(__r9, __rcx, _t130);
				if ( &_v88 == _t79) goto 0x126eaf2b;
				if ( *((long long*)(_t79 + 0x18)) - 0x10 < 0) goto 0x126eaf1b;
				E00007FFA7FFA126E9100(__r9,  &_v88,  *_t79,  *((intOrPtr*)(_t79 + 0x10)), _t137);
				E00007FFA7FFA127006F0( *((long long*)(_t79 + 0x18)) - 0x10,  *_t79,  &_v120,  *((intOrPtr*)(_t79 + 0x10)));
				_t113 = _v96;
				if (_t113 - 0x10 < 0) goto 0x126eaf79;
				if (_t113 + 1 - 0x1000 < 0) goto 0x126eaf74;
				if (_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126eaf74;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v104 = _t138;
				_v96 = 0xf;
				_v120 = 0;
				 *((intOrPtr*)(__r9)) = r15d;
				_v168 = r15d;
				_v144 = __r9;
				_v136 = _t124;
				_v152 = _t125;
				_v176 =  &_v144;
				_v184 =  &_v160;
				_v192 =  &_v136;
				_v200 =  &_v152;
				r8d = 0xa7;
				E00007FFA7FFA126E6160(0, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_writeport {:#x}, {:#x}, {}, {:#x}");
				_t54 = E00007FFA7FFA126EE0D0( *((intOrPtr*)(_v120 - 8)), "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp");
				_v200 =  &_v168;
				_t132 = _t124;
				E00007FFA7FFA126F2420(_t54, _t64, _t94,  &_v152, _t125, _t124, _t124 + _t137);
				 *_t94 = _v168;
				E00007FFA7FFA127006F0(_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f,  &_v152,  &_v88, _t124);
				_t118 = _v64;
				if (_t118 - 0x10 < 0) goto 0x126eb068;
				_t104 = _v88;
				if (_t118 + 1 - 0x1000 < 0) goto 0x126eb062;
				_t90 = _t104 -  *((intOrPtr*)(_t104 - 8)) + 0xfffffff8;
				_t73 = _t104 -  *((intOrPtr*)(_t104 - 8)) + 0xfffffff8 - 0x1f;
				if (_t104 -  *((intOrPtr*)(_t104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126eb062;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA127006F0(_t73, _t90,  &_v88, _t132);
				_t121 = _v64;
				if (_t121 - 0x10 < 0) goto 0x126eb0c3;
				if (_t121 + 1 - 0x1000 < 0) goto 0x126eb0bd;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126eb0bd;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				return E00007FFA7FFA12705E20(0, 0, _v56 ^ _t128);
			}






































                                                                                                                0x7ffa126eae80
                                                                                                                0x7ffa126eae8a
                                                                                                                0x7ffa126eae91
                                                                                                                0x7ffa126eae98
                                                                                                                0x7ffa126eae9b
                                                                                                                0x7ffa126eaea3
                                                                                                                0x7ffa126eaea6
                                                                                                                0x7ffa126eaea9
                                                                                                                0x7ffa126eaeac
                                                                                                                0x7ffa126eaeaf
                                                                                                                0x7ffa126eaeb4
                                                                                                                0x7ffa126eaeb7
                                                                                                                0x7ffa126eaebb
                                                                                                                0x7ffa126eaec3
                                                                                                                0x7ffa126eaecb
                                                                                                                0x7ffa126eaed1
                                                                                                                0x7ffa126eaedc
                                                                                                                0x7ffa126eaee1
                                                                                                                0x7ffa126eaee5
                                                                                                                0x7ffa126eaee9
                                                                                                                0x7ffa126eaef1
                                                                                                                0x7ffa126eaef7
                                                                                                                0x7ffa126eaefb
                                                                                                                0x7ffa126eaf0b
                                                                                                                0x7ffa126eaf16
                                                                                                                0x7ffa126eaf26
                                                                                                                0x7ffa126eaf30
                                                                                                                0x7ffa126eaf36
                                                                                                                0x7ffa126eaf42
                                                                                                                0x7ffa126eaf56
                                                                                                                0x7ffa126eaf6b
                                                                                                                0x7ffa126eaf6d
                                                                                                                0x7ffa126eaf73
                                                                                                                0x7ffa126eaf74
                                                                                                                0x7ffa126eaf79
                                                                                                                0x7ffa126eaf81
                                                                                                                0x7ffa126eaf8d
                                                                                                                0x7ffa126eaf92
                                                                                                                0x7ffa126eaf95
                                                                                                                0x7ffa126eaf9a
                                                                                                                0x7ffa126eaf9f
                                                                                                                0x7ffa126eafa4
                                                                                                                0x7ffa126eafae
                                                                                                                0x7ffa126eafb8
                                                                                                                0x7ffa126eafc2
                                                                                                                0x7ffa126eafcc
                                                                                                                0x7ffa126eafd8
                                                                                                                0x7ffa126eafe7
                                                                                                                0x7ffa126eafec
                                                                                                                0x7ffa126eaffa
                                                                                                                0x7ffa126eafff
                                                                                                                0x7ffa126eb008
                                                                                                                0x7ffa126eb012
                                                                                                                0x7ffa126eb01c
                                                                                                                0x7ffa126eb021
                                                                                                                0x7ffa126eb02d
                                                                                                                0x7ffa126eb032
                                                                                                                0x7ffa126eb044
                                                                                                                0x7ffa126eb051
                                                                                                                0x7ffa126eb055
                                                                                                                0x7ffa126eb059
                                                                                                                0x7ffa126eb05b
                                                                                                                0x7ffa126eb061
                                                                                                                0x7ffa126eb062
                                                                                                                0x7ffa126eb077
                                                                                                                0x7ffa126eb07c
                                                                                                                0x7ffa126eb088
                                                                                                                0x7ffa126eb09f
                                                                                                                0x7ffa126eb0b4
                                                                                                                0x7ffa126eb0b6
                                                                                                                0x7ffa126eb0bc
                                                                                                                0x7ffa126eb0bd
                                                                                                                0x7ffa126eb0e3

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA126FD640: __tlregdtor.LIBCMT ref: 00007FFA126FD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EAF6D
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EB05B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_writeport {:#x}, {:#x}, {}, {:#x}$system
                                                                                                                • API String ID: 333172304-2630413138
                                                                                                                • Opcode ID: ddacbfdd1a9649652c7a86655d04096a8500b7752d6a0cdd5784e42f15562c43
                                                                                                                • Instruction ID: d7d249578258c95976143d97e2dca541d96b38faca5fb9931574c72d41beb21e
                                                                                                                • Opcode Fuzzy Hash: ddacbfdd1a9649652c7a86655d04096a8500b7752d6a0cdd5784e42f15562c43
                                                                                                                • Instruction Fuzzy Hash: 9B516272618B8185EB10CB55E4443AE73E5FB867A0F515235EAAD43BD9EF7CD484CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126EC470 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 106COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 42%
                                                                                                                			E00007FFA7FFA126EC470(long long __rcx, long long __rdx, void* __rbp, long long __r8, void* __r14) {
				signed int _v40;
				intOrPtr _v48;
				char _v72;
				long long _v80;
				long long _v88;
				char _v104;
				char _v120;
				char _v128;
				char _v136;
				char _v144;
				char _v152;
				long long _v168;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				void* __rbx;
				char _t41;
				signed long long _t61;
				signed long long _t62;
				long long _t75;
				long long _t89;
				intOrPtr _t93;
				long long _t96;
				long long _t97;
				void* _t99;
				void* _t105;

				_t105 = _t99;
				_t61 =  *0x1272ec78; // 0xf623ed34940b
				_t62 = _t61 ^ _t99 - 0x000000d0;
				_v40 = _t62;
				_t75 = __r8;
				_t97 = __rdx;
				_t96 = __rcx;
				_v136 = __r8;
				_v152 = r9d;
				 *((long long*)(_t105 - 0x68)) = 0;
				 *((long long*)(_t105 - 0x50)) = 0xf;
				 *((long long*)(_t105 - 0x58)) = 6;
				_t41 = "rundll"; // 0x646e7572
				 *((intOrPtr*)(_t105 - 0x68)) = _t41;
				 *((short*)(_t105 - 0x64)) =  *0x1271bfe8 & 0x0000ffff;
				 *((char*)(_t105 - 0x62)) = 0;
				 *((long long*)(_t105 - 0x48)) = 0;
				asm("movdqa xmm0, [0x2febb]");
				asm("repe inc ecx");
				 *((char*)(_t105 - 0x48)) = 0;
				E00007FFA7FFA126FD640(__r8, __rcx, __r8);
				if ( &_v72 == _t62) goto 0x126ec520;
				if ( *((long long*)(_t62 + 0x18)) - 0x10 < 0) goto 0x126ec510;
				E00007FFA7FFA126E9100(__r8,  &_v72,  *_t62,  *((intOrPtr*)(_t62 + 0x10)), __r14);
				E00007FFA7FFA127006F0( *((long long*)(_t62 + 0x18)) - 0x10,  *_t62,  &_v104,  *((intOrPtr*)(_t62 + 0x10)));
				_t89 = _v80;
				if (_t89 - 0x10 < 0) goto 0x126ec574;
				if (_t89 + 1 - 0x1000 < 0) goto 0x126ec56f;
				if (_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ec56f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v88 = 0;
				_v80 = 0xf;
				_v104 = 0;
				_v128 = _t75;
				_v120 = _t97;
				_v144 = _t96;
				_v168 =  &_v152;
				_v176 =  &_v136;
				_v184 =  &_v128;
				_v192 =  &_v120;
				_v200 =  &_v144;
				r8d = 0x113;
				E00007FFA7FFA126E6330(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "RunDllCallback {:#x}, {:#x}, {:#x} -> \'{}\', {}");
				E00007FFA7FFA127006F0(_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f,  &_v144,  &_v72,  *((intOrPtr*)(_t62 + 0x10)));
				_t93 = _v48;
				if (_t93 - 0x10 < 0) goto 0x126ec648;
				if (_t93 + 1 - 0x1000 < 0) goto 0x126ec642;
				if (_v72 -  *((intOrPtr*)(_v72 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ec642;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFA7FFA12705E20(E00007FFA7FFA127056E4(), 1, _v40 ^ _t99 - 0x000000d0);
			}






























                                                                                                                0x7ffa126ec470
                                                                                                                0x7ffa126ec47d
                                                                                                                0x7ffa126ec484
                                                                                                                0x7ffa126ec487
                                                                                                                0x7ffa126ec48f
                                                                                                                0x7ffa126ec492
                                                                                                                0x7ffa126ec495
                                                                                                                0x7ffa126ec498
                                                                                                                0x7ffa126ec49d
                                                                                                                0x7ffa126ec4a2
                                                                                                                0x7ffa126ec4aa
                                                                                                                0x7ffa126ec4b2
                                                                                                                0x7ffa126ec4ba
                                                                                                                0x7ffa126ec4c0
                                                                                                                0x7ffa126ec4cb
                                                                                                                0x7ffa126ec4d0
                                                                                                                0x7ffa126ec4d5
                                                                                                                0x7ffa126ec4dd
                                                                                                                0x7ffa126ec4e5
                                                                                                                0x7ffa126ec4eb
                                                                                                                0x7ffa126ec4f0
                                                                                                                0x7ffa126ec500
                                                                                                                0x7ffa126ec50b
                                                                                                                0x7ffa126ec51b
                                                                                                                0x7ffa126ec528
                                                                                                                0x7ffa126ec52e
                                                                                                                0x7ffa126ec53a
                                                                                                                0x7ffa126ec551
                                                                                                                0x7ffa126ec566
                                                                                                                0x7ffa126ec568
                                                                                                                0x7ffa126ec56e
                                                                                                                0x7ffa126ec56f
                                                                                                                0x7ffa126ec574
                                                                                                                0x7ffa126ec580
                                                                                                                0x7ffa126ec58c
                                                                                                                0x7ffa126ec594
                                                                                                                0x7ffa126ec599
                                                                                                                0x7ffa126ec59e
                                                                                                                0x7ffa126ec5a8
                                                                                                                0x7ffa126ec5b2
                                                                                                                0x7ffa126ec5bc
                                                                                                                0x7ffa126ec5c6
                                                                                                                0x7ffa126ec5d0
                                                                                                                0x7ffa126ec5dc
                                                                                                                0x7ffa126ec5ee
                                                                                                                0x7ffa126ec5fc
                                                                                                                0x7ffa126ec601
                                                                                                                0x7ffa126ec60d
                                                                                                                0x7ffa126ec624
                                                                                                                0x7ffa126ec639
                                                                                                                0x7ffa126ec63b
                                                                                                                0x7ffa126ec641
                                                                                                                0x7ffa126ec662

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA126FD640: __tlregdtor.LIBCMT ref: 00007FFA126FD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EC568
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EC63B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: RunDllCallback {:#x}, {:#x}, {:#x} -> '{}', {}$c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$rundll
                                                                                                                • API String ID: 333172304-2456309662
                                                                                                                • Opcode ID: a6f49f52a633823130ec69534744436b55779717cb7c8cb33321a036e829d2c8
                                                                                                                • Instruction ID: 79e583c145812602928bcf4d01e3cf4a88147a7426999dc0241f0ad634ce3869
                                                                                                                • Opcode Fuzzy Hash: a6f49f52a633823130ec69534744436b55779717cb7c8cb33321a036e829d2c8
                                                                                                                • Instruction Fuzzy Hash: 6A514072619F8185FB10CB54E4543AE73A1FB867A0F514235E6AC46BD9EFBCD488CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E9780 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E00007FFA7FFA126E9780(long long __rcx, void* __rbp, void* __r14) {
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v82;
				short _v84;
				char _v88;
				char _v104;
				long long _v120;
				void* __rbx;
				char _t34;
				signed long long _t63;
				signed long long _t64;
				long long _t76;
				char _t85;
				long long _t93;
				intOrPtr _t98;
				intOrPtr _t101;
				void* _t104;
				signed long long _t106;
				void* _t107;
				intOrPtr _t108;

				_t63 =  *0x1272ec78; // 0xf623ed34940b
				_t64 = _t63 ^ _t106;
				_v24 = _t64;
				_t76 = __rcx;
				_v88 = 0;
				_v64 = 0xf;
				_v72 = 6;
				_t34 = "system"; // 0x74737973
				_v88 = _t34;
				_v84 =  *0x1271ba84 & 0x0000ffff;
				_v82 = 0;
				_v56 = 0;
				asm("movdqa xmm0, [0x32bbb]");
				asm("movdqu [esp+0x70], xmm0");
				_v56 = 0;
				E00007FFA7FFA126FD640(__rcx, __rcx, _t107);
				if ( &_v56 == _t64) goto 0x126e981a;
				_t108 =  *((intOrPtr*)(_t64 + 0x10));
				if ( *((long long*)(_t64 + 0x18)) - 0x10 < 0) goto 0x126e980d;
				E00007FFA7FFA126E9100(_t76,  &_v56,  *_t64, _t108, __r14);
				E00007FFA7FFA127006F0( *((long long*)(_t64 + 0x18)) - 0x10,  *_t64,  &_v88, _t108);
				_t93 = _v64;
				if (_t93 - 0x10 < 0) goto 0x126e9865;
				if (_t93 + 1 - 0x1000 < 0) goto 0x126e9860;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e9860;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v72 = 0;
				_v64 = 0xf;
				_v88 = 0;
				_v104 = _t76;
				_v120 =  &_v104;
				r8d = 0x42;
				_t50 = _t108 - 0x41;
				E00007FFA7FFA126E5DB0(_t108 - 0x41, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_closeport {:#x}");
				E00007FFA7FFA126EE5B0(E00007FFA7FFA126EE0D0( *((intOrPtr*)(_v88 - 8)), "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp"), _t76,  &_v104, _t76, _t104);
				E00007FFA7FFA127006F0(_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f,  &_v104,  &_v56, _t108);
				_t98 = _v32;
				if (_t98 - 0x10 < 0) goto 0x126e9904;
				_t85 = _v56;
				if (_t98 + 1 - 0x1000 < 0) goto 0x126e98fe;
				_t72 = _t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8;
				_t58 = _t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8 - 0x1f;
				if (_t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e98fe;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA127006F0(_t58, _t72,  &_v56, _t108);
				_t101 = _v32;
				if (_t101 - 0x10 < 0) goto 0x126e9956;
				if (_t101 + 1 - 0x1000 < 0) goto 0x126e9950;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126e9950;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				return E00007FFA7FFA12705E20(0, _t50, _v24 ^ _t106);
			}


























                                                                                                                0x7ffa126e9789
                                                                                                                0x7ffa126e9790
                                                                                                                0x7ffa126e9793
                                                                                                                0x7ffa126e979b
                                                                                                                0x7ffa126e979e
                                                                                                                0x7ffa126e97a7
                                                                                                                0x7ffa126e97b0
                                                                                                                0x7ffa126e97b9
                                                                                                                0x7ffa126e97bf
                                                                                                                0x7ffa126e97ca
                                                                                                                0x7ffa126e97cf
                                                                                                                0x7ffa126e97d4
                                                                                                                0x7ffa126e97dd
                                                                                                                0x7ffa126e97e5
                                                                                                                0x7ffa126e97eb
                                                                                                                0x7ffa126e97f0
                                                                                                                0x7ffa126e97fd
                                                                                                                0x7ffa126e97ff
                                                                                                                0x7ffa126e9808
                                                                                                                0x7ffa126e9815
                                                                                                                0x7ffa126e981f
                                                                                                                0x7ffa126e9825
                                                                                                                0x7ffa126e982e
                                                                                                                0x7ffa126e9842
                                                                                                                0x7ffa126e9857
                                                                                                                0x7ffa126e9859
                                                                                                                0x7ffa126e985f
                                                                                                                0x7ffa126e9860
                                                                                                                0x7ffa126e9865
                                                                                                                0x7ffa126e986e
                                                                                                                0x7ffa126e9877
                                                                                                                0x7ffa126e987c
                                                                                                                0x7ffa126e9886
                                                                                                                0x7ffa126e9892
                                                                                                                0x7ffa126e989f
                                                                                                                0x7ffa126e98a3
                                                                                                                0x7ffa126e98b3
                                                                                                                0x7ffa126e98be
                                                                                                                0x7ffa126e98c3
                                                                                                                0x7ffa126e98cc
                                                                                                                0x7ffa126e98d1
                                                                                                                0x7ffa126e98e0
                                                                                                                0x7ffa126e98ed
                                                                                                                0x7ffa126e98f1
                                                                                                                0x7ffa126e98f5
                                                                                                                0x7ffa126e98f7
                                                                                                                0x7ffa126e98fd
                                                                                                                0x7ffa126e98fe
                                                                                                                0x7ffa126e9910
                                                                                                                0x7ffa126e9915
                                                                                                                0x7ffa126e991e
                                                                                                                0x7ffa126e9932
                                                                                                                0x7ffa126e9947
                                                                                                                0x7ffa126e9949
                                                                                                                0x7ffa126e994f
                                                                                                                0x7ffa126e9950
                                                                                                                0x7ffa126e9970

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA126FD640: __tlregdtor.LIBCMT ref: 00007FFA126FD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E9859
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126E98F7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_closeport {:#x}$system
                                                                                                                • API String ID: 333172304-1932419764
                                                                                                                • Opcode ID: c233e20f0ecee108d1a02a7d94f0f0a992bf656e7a8d8815467a65db118e4f11
                                                                                                                • Instruction ID: 2847598c25683c2773a762e5632a4180076bc35a2d43ab685280f9769ebfb557
                                                                                                                • Opcode Fuzzy Hash: c233e20f0ecee108d1a02a7d94f0f0a992bf656e7a8d8815467a65db118e4f11
                                                                                                                • Instruction Fuzzy Hash: 52419061A19B8582FA10CB55E44436B63A1FF87770F418635E6AD06BDEEFACD048CB04
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126EA000 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 51%
                                                                                                                			E00007FFA7FFA126EA000(long long __rcx, void* __rbp, void* __r14) {
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v82;
				short _v84;
				char _v88;
				char _v104;
				long long _v120;
				void* __rbx;
				char _t33;
				void* _t50;
				signed long long _t63;
				signed long long _t64;
				long long _t76;
				char _t85;
				long long _t93;
				intOrPtr _t98;
				intOrPtr _t101;
				void* _t104;
				void* _t105;
				void* _t106;
				signed long long _t107;
				void* _t108;

				_t106 = __rbp;
				_t63 =  *0x1272ec78; // 0xf623ed34940b
				_t64 = _t63 ^ _t107;
				_v24 = _t64;
				_t76 = __rcx;
				_v88 = 0;
				_v64 = 0xf;
				_v72 = 6;
				_t33 = "system"; // 0x74737973
				_v88 = _t33;
				_v84 =  *0x1271ba84 & 0x0000ffff;
				_v82 = 0;
				_v56 = 0;
				asm("movdqa xmm0, [0x3233b]");
				asm("movdqu [esp+0x70], xmm0");
				_v56 = 0;
				E00007FFA7FFA126FD640(__rcx, __rcx, _t108);
				if ( &_v56 == _t64) goto 0x126ea09a;
				_t109 =  *((intOrPtr*)(_t64 + 0x10));
				if ( *((long long*)(_t64 + 0x18)) - 0x10 < 0) goto 0x126ea08d;
				E00007FFA7FFA126E9100(_t76,  &_v56,  *_t64,  *((intOrPtr*)(_t64 + 0x10)), __r14);
				E00007FFA7FFA127006F0( *((long long*)(_t64 + 0x18)) - 0x10,  *_t64,  &_v88,  *((intOrPtr*)(_t64 + 0x10)));
				_t93 = _v64;
				if (_t93 - 0x10 < 0) goto 0x126ea0e5;
				if (_t93 + 1 - 0x1000 < 0) goto 0x126ea0e0;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ea0e0;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				_v72 = 0;
				_v64 = 0xf;
				_v88 = 0;
				_v104 = _t76;
				_v120 =  &_v104;
				r8d = 0xc8;
				E00007FFA7FFA126E5DB0(0, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_enddocport {:#x}");
				E00007FFA7FFA126EE730(E00007FFA7FFA126EE0D0( *((intOrPtr*)(_v88 - 8)), "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp"), _t50, _t76,  &_v104, _t76, _t104, _t105, _t106,  *((intOrPtr*)(_t64 + 0x10)));
				E00007FFA7FFA127006F0(_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f,  &_v104,  &_v56,  *((intOrPtr*)(_t64 + 0x10)));
				_t98 = _v32;
				if (_t98 - 0x10 < 0) goto 0x126ea182;
				_t85 = _v56;
				if (_t98 + 1 - 0x1000 < 0) goto 0x126ea17c;
				_t72 = _t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8;
				_t58 = _t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8 - 0x1f;
				if (_t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ea17c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				E00007FFA7FFA127006F0(_t58, _t72,  &_v56, _t109);
				_t101 = _v32;
				if (_t101 - 0x10 < 0) goto 0x126ea1d4;
				if (_t101 + 1 - 0x1000 < 0) goto 0x126ea1ce;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126ea1ce;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				return E00007FFA7FFA12705E20(0, 0, _v24 ^ _t107);
			}




























                                                                                                                0x7ffa126ea000
                                                                                                                0x7ffa126ea009
                                                                                                                0x7ffa126ea010
                                                                                                                0x7ffa126ea013
                                                                                                                0x7ffa126ea01b
                                                                                                                0x7ffa126ea01e
                                                                                                                0x7ffa126ea027
                                                                                                                0x7ffa126ea030
                                                                                                                0x7ffa126ea039
                                                                                                                0x7ffa126ea03f
                                                                                                                0x7ffa126ea04a
                                                                                                                0x7ffa126ea04f
                                                                                                                0x7ffa126ea054
                                                                                                                0x7ffa126ea05d
                                                                                                                0x7ffa126ea065
                                                                                                                0x7ffa126ea06b
                                                                                                                0x7ffa126ea070
                                                                                                                0x7ffa126ea07d
                                                                                                                0x7ffa126ea07f
                                                                                                                0x7ffa126ea088
                                                                                                                0x7ffa126ea095
                                                                                                                0x7ffa126ea09f
                                                                                                                0x7ffa126ea0a5
                                                                                                                0x7ffa126ea0ae
                                                                                                                0x7ffa126ea0c2
                                                                                                                0x7ffa126ea0d7
                                                                                                                0x7ffa126ea0d9
                                                                                                                0x7ffa126ea0df
                                                                                                                0x7ffa126ea0e0
                                                                                                                0x7ffa126ea0e5
                                                                                                                0x7ffa126ea0ee
                                                                                                                0x7ffa126ea0f7
                                                                                                                0x7ffa126ea0fc
                                                                                                                0x7ffa126ea106
                                                                                                                0x7ffa126ea112
                                                                                                                0x7ffa126ea121
                                                                                                                0x7ffa126ea131
                                                                                                                0x7ffa126ea13c
                                                                                                                0x7ffa126ea141
                                                                                                                0x7ffa126ea14a
                                                                                                                0x7ffa126ea14f
                                                                                                                0x7ffa126ea15e
                                                                                                                0x7ffa126ea16b
                                                                                                                0x7ffa126ea16f
                                                                                                                0x7ffa126ea173
                                                                                                                0x7ffa126ea175
                                                                                                                0x7ffa126ea17b
                                                                                                                0x7ffa126ea17c
                                                                                                                0x7ffa126ea18e
                                                                                                                0x7ffa126ea193
                                                                                                                0x7ffa126ea19c
                                                                                                                0x7ffa126ea1b0
                                                                                                                0x7ffa126ea1c5
                                                                                                                0x7ffa126ea1c7
                                                                                                                0x7ffa126ea1cd
                                                                                                                0x7ffa126ea1ce
                                                                                                                0x7ffa126ea1ee

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA126FD640: __tlregdtor.LIBCMT ref: 00007FFA126FD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EA0D9
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EA175
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_enddocport {:#x}$system
                                                                                                                • API String ID: 333172304-3202253893
                                                                                                                • Opcode ID: 57bfcb7602752614298551ab384cecd1973dc53a3eb87004b246696b6192037e
                                                                                                                • Instruction ID: a804137ee86fd266d78c6241ab5176693146ff417623c13ec7a2dc7e19c6a99d
                                                                                                                • Opcode Fuzzy Hash: 57bfcb7602752614298551ab384cecd1973dc53a3eb87004b246696b6192037e
                                                                                                                • Instruction Fuzzy Hash: AD418262A18E8142FA10DB54E40437E63A1FF877B0F418235E6AD46ADDEFBDD448CB04
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F67C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FFA126F682B
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F82B2
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F82CC
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F82F6
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F8320
                                                                                                                  • Part of subcall function 00007FFA126F82A0: std::_Facet_Register.LIBCPMT ref: 00007FFA126F8339
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F8358
                                                                                                                • ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z.MSVCP140 ref: 00007FFA126F689B
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFA126F68D0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: U?$char_traits@$V?$ostreambuf_iterator@$D@std@@@std@@@std@@Lockit@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?put@?$time_put@Bid@locale@std@@D@std@@@2@D@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterUtm@@V12@V32@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@std::_
                                                                                                                • String ID: $A
                                                                                                                • API String ID: 2374335714-926879570
                                                                                                                • Opcode ID: 23fbfba1f362895d4738c1b54d018f1fa61c5d990b0208e7b8aa9063b041dc4d
                                                                                                                • Instruction ID: ed9308fcd270ac6bfdcdfda2be2f944e2020d8e4d4f78449d8764bdff349427f
                                                                                                                • Opcode Fuzzy Hash: 23fbfba1f362895d4738c1b54d018f1fa61c5d990b0208e7b8aa9063b041dc4d
                                                                                                                • Instruction Fuzzy Hash: 3B314462608BC186EB10CB64E4903AAB7B0FBDAB54F159136DB8D47759DF7CD488CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F6B50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FFA126F6BBB
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F82B2
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F82CC
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F82F6
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F8320
                                                                                                                  • Part of subcall function 00007FFA126F82A0: std::_Facet_Register.LIBCPMT ref: 00007FFA126F8339
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F8358
                                                                                                                • ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z.MSVCP140 ref: 00007FFA126F6C2B
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFA126F6C60
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: U?$char_traits@$V?$ostreambuf_iterator@$D@std@@@std@@@std@@Lockit@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?put@?$time_put@Bid@locale@std@@D@std@@@2@D@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterUtm@@V12@V32@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@std::_
                                                                                                                • String ID: $b
                                                                                                                • API String ID: 2374335714-2505604640
                                                                                                                • Opcode ID: c6cd45424e9051ab469fa1244db57bbf8476600e3f5e0e57702211fa5840139c
                                                                                                                • Instruction ID: 341f77605feec7df5cc1df2ec281fa9bcb44a6376d63d48bada575fa322dd4bd
                                                                                                                • Opcode Fuzzy Hash: c6cd45424e9051ab469fa1244db57bbf8476600e3f5e0e57702211fa5840139c
                                                                                                                • Instruction Fuzzy Hash: 53315262608BC182EB10CB64E4903AAB7A0FBDAB54F159136DA8D4775ADF7CD488CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F68F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FFA126F695B
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F82B2
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F82CC
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F82F6
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F8320
                                                                                                                  • Part of subcall function 00007FFA126F82A0: std::_Facet_Register.LIBCPMT ref: 00007FFA126F8339
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F8358
                                                                                                                • ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z.MSVCP140 ref: 00007FFA126F69CB
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFA126F6A00
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: U?$char_traits@$V?$ostreambuf_iterator@$D@std@@@std@@@std@@Lockit@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?put@?$time_put@Bid@locale@std@@D@std@@@2@D@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterUtm@@V12@V32@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@std::_
                                                                                                                • String ID: $B
                                                                                                                • API String ID: 2374335714-2922798824
                                                                                                                • Opcode ID: 4c90dcd5b17b733bbf7a0741c09f34c9d962b6272dfb0017e2fd1e9677194e17
                                                                                                                • Instruction ID: 8683b02ba0743334d171386b0f5d12c7e0e84622c8cdd3a71bf8add1ffe98fb0
                                                                                                                • Opcode Fuzzy Hash: 4c90dcd5b17b733bbf7a0741c09f34c9d962b6272dfb0017e2fd1e9677194e17
                                                                                                                • Instruction Fuzzy Hash: E9314262608BC182EB14CB65E4903AAB7B0FBDAB54F159136DB8D4775ADF7CD488CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F6A20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FFA126F6A8B
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F82B2
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F82CC
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F82F6
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F8320
                                                                                                                  • Part of subcall function 00007FFA126F82A0: std::_Facet_Register.LIBCPMT ref: 00007FFA126F8339
                                                                                                                  • Part of subcall function 00007FFA126F82A0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFA1270AECA), ref: 00007FFA126F8358
                                                                                                                • ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z.MSVCP140 ref: 00007FFA126F6AFB
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFA126F6B30
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: U?$char_traits@$V?$ostreambuf_iterator@$D@std@@@std@@@std@@Lockit@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?put@?$time_put@Bid@locale@std@@D@std@@@2@D@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterUtm@@V12@V32@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@std::_
                                                                                                                • String ID: $a
                                                                                                                • API String ID: 2374335714-206647194
                                                                                                                • Opcode ID: 40208c702b3025eb7d6e4bcea59c6ce640fd8d329c515ba2f42296a91b8afa97
                                                                                                                • Instruction ID: c77f6729112e205552f8fdedd7f39f3aeab0340b73478d09429d920e0864b499
                                                                                                                • Opcode Fuzzy Hash: 40208c702b3025eb7d6e4bcea59c6ce640fd8d329c515ba2f42296a91b8afa97
                                                                                                                • Instruction Fuzzy Hash: 1D314262608BC186EB10CB64E4903AAB7B0FBDAB54F159136DB8D4775ADF7CD498CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126EE5B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 16%
                                                                                                                			E00007FFA7FFA126EE5B0(void* __eax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long _a8, long long _a24) {
				void* _v8;
				signed int _v16;
				long long _v80;
				void* _t15;
				signed long long _t21;
				intOrPtr* _t23;
				void* _t28;
				intOrPtr* _t35;
				void* _t40;

				_t28 = __rcx;
				_a8 = __rbx;
				_a24 = __rsi;
				_t41 = _t40 - 0x70;
				_t21 =  *0x1272ec78; // 0xf623ed34940b
				_v16 = _t21 ^ _t40 - 0x00000070;
				_t4 = _t28 + 0x70; // 0x70
				_v80 = _t4;
				0x12705430();
				if (__eax != 0) goto 0x126ee636;
				_t35 =  *((intOrPtr*)(__rcx + 0x60));
				_t23 =  *_t35;
				if (_t23 == _t35) goto 0x126ee63e;
				if ( *((intOrPtr*)(_t23 + 0x10)) == __rdx) goto 0x126ee608;
				if ( *_t23 == _t35) goto 0x126ee63e;
				goto 0x126ee5f5;
				 *((char*)(__rdx + 0xa0)) = 0;
				0x12705436();
				return E00007FFA7FFA12705E20(__eax, _t15, _v16 ^ _t41);
			}












                                                                                                                0x7ffa126ee5b0
                                                                                                                0x7ffa126ee5b0
                                                                                                                0x7ffa126ee5b5
                                                                                                                0x7ffa126ee5bb
                                                                                                                0x7ffa126ee5bf
                                                                                                                0x7ffa126ee5c9
                                                                                                                0x7ffa126ee5d4
                                                                                                                0x7ffa126ee5d8
                                                                                                                0x7ffa126ee5e0
                                                                                                                0x7ffa126ee5e7
                                                                                                                0x7ffa126ee5e9
                                                                                                                0x7ffa126ee5ed
                                                                                                                0x7ffa126ee5f3
                                                                                                                0x7ffa126ee5f9
                                                                                                                0x7ffa126ee604
                                                                                                                0x7ffa126ee606
                                                                                                                0x7ffa126ee608
                                                                                                                0x7ffa126ee612
                                                                                                                0x7ffa126ee635

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: C_error@std@@ExceptionMtx_lockMtx_unlockThrowThrow_
                                                                                                                • String ID: port object {:#x} is not present in the list
                                                                                                                • API String ID: 2666407778-719059081
                                                                                                                • Opcode ID: 24d7fd1fe5605673694042690c94f3859060df4a94e54292fa0a103a04a0d1b7
                                                                                                                • Instruction ID: 1b748937412c7db1cfe01e6c829afc6dd1e815a5251a88399a3f371779922843
                                                                                                                • Opcode Fuzzy Hash: 24d7fd1fe5605673694042690c94f3859060df4a94e54292fa0a103a04a0d1b7
                                                                                                                • Instruction Fuzzy Hash: B0116261618F4681EA14DB25E4540AA63E4FF87BE0F958131EA9D43BADEE7CE449CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F9720 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 24%
                                                                                                                			E00007FFA7FFA126F9720(signed long long __rcx) {
				signed int _v24;
				long long _v32;
				long long _v40;
				signed long long _v56;
				char _v64;
				signed long long _v72;
				void* _t17;
				intOrPtr _t19;
				void* _t21;
				signed long long _t28;
				signed long long _t29;
				long long* _t37;
				signed long long _t39;
				intOrPtr _t46;
				signed long long _t49;

				_t28 =  *0x1272ec78; // 0xf623ed34940b
				_t29 = _t28 ^ _t49;
				_v24 = _t29;
				_t37 = __rcx;
				_v72 = __rcx;
				E00007FFA7FFA127056A8(_t17, _t29, __rcx);
				asm("movups xmm0, [0x23982]");
				_t39 = _t29;
				_v40 = 0x26;
				_v32 = 0x2f;
				asm("movups [eax], xmm0");
				_v72 = _t39;
				asm("movups xmm1, [0x2396a]");
				_v64 = 1;
				asm("xorps xmm0, xmm0");
				asm("movups [eax+0x10], xmm1");
				_t19 = M00007FFA7FFA1271D0F0; // 0x39392e2e
				 *((intOrPtr*)(_t39 + 0x20)) = _t19;
				 *((short*)(_t39 + 0x24)) =  *0x1271d0f4 & 0x0000ffff;
				 *((char*)(_t39 + 0x26)) = 0;
				_v56 = _t39;
				 *_t37 = 0x1271b9e8;
				asm("movups [edx], xmm0");
				0x127170e3();
				_t46 = _v32;
				 *_t37 = 0x1271cff0;
				if (_t46 - 0x10 < 0) goto 0x126f9800;
				if (_t46 + 1 - 0x1000 < 0) goto 0x126f97fb;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126f97fb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t21 = E00007FFA7FFA127056E4();
				 *_t37 = 0x1271d0c0;
				return E00007FFA7FFA12705E20(_t21, 0x30, _v24 ^ _t49);
			}


















                                                                                                                0x7ffa126f9726
                                                                                                                0x7ffa126f972d
                                                                                                                0x7ffa126f9730
                                                                                                                0x7ffa126f9735
                                                                                                                0x7ffa126f9738
                                                                                                                0x7ffa126f9742
                                                                                                                0x7ffa126f9747
                                                                                                                0x7ffa126f974e
                                                                                                                0x7ffa126f9751
                                                                                                                0x7ffa126f975a
                                                                                                                0x7ffa126f9767
                                                                                                                0x7ffa126f976a
                                                                                                                0x7ffa126f976f
                                                                                                                0x7ffa126f9776
                                                                                                                0x7ffa126f977b
                                                                                                                0x7ffa126f977e
                                                                                                                0x7ffa126f9782
                                                                                                                0x7ffa126f9788
                                                                                                                0x7ffa126f9792
                                                                                                                0x7ffa126f979d
                                                                                                                0x7ffa126f97a1
                                                                                                                0x7ffa126f97ab
                                                                                                                0x7ffa126f97ae
                                                                                                                0x7ffa126f97b1
                                                                                                                0x7ffa126f97b6
                                                                                                                0x7ffa126f97c2
                                                                                                                0x7ffa126f97c9
                                                                                                                0x7ffa126f97dd
                                                                                                                0x7ffa126f97f2
                                                                                                                0x7ffa126f97f4
                                                                                                                0x7ffa126f97fa
                                                                                                                0x7ffa126f97fb
                                                                                                                0x7ffa126f9807
                                                                                                                0x7ffa126f981f

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA127056A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA126E8F4E), ref: 00007FFA127056C2
                                                                                                                • __std_exception_copy.VCRUNTIME140 ref: 00007FFA126F97B1
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126F97F4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                • String ID: &$..9999$/
                                                                                                                • API String ID: 4226527432-2119091122
                                                                                                                • Opcode ID: 871529760c979a51ea963592778a2fd09b0c648707558f453f10bf7c6df79573
                                                                                                                • Instruction ID: dcdf5abcc01e6fdc46aeffdafa2ecc4719e06d810959b55d0a6755e51c52a8cf
                                                                                                                • Opcode Fuzzy Hash: 871529760c979a51ea963592778a2fd09b0c648707558f453f10bf7c6df79573
                                                                                                                • Instruction Fuzzy Hash: 40218431919F4581EB11CB64E45036A73B0FF9B768F419231D69C063A9EFBCE099CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12700F50 Relevance: 7.6, APIs: 5, Instructions: 150windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 19%
                                                                                                                			E00007FFA7FFA12700F50(int __edx, long long __rbx, long long __rcx, long long _a24) {
				signed int _v56;
				long long _v64;
				long long _v72;
				char _v88;
				long long _v96;
				void* _v104;
				long long _v112;
				long long _v120;
				intOrPtr _v128;
				long long _v136;
				void* __rbp;
				void* __r14;
				int _t51;
				int _t54;
				void* _t56;
				int _t71;
				signed long long _t89;
				int _t113;
				void* _t119;
				long long _t121;
				void* _t125;
				long long _t127;
				void* _t129;
				intOrPtr _t133;
				void* _t134;
				char _t136;
				void* _t137;
				long long _t139;

				_a24 = __rbx;
				_t89 =  *0x1272ec78; // 0xf623ed34940b
				_v56 = _t89 ^ _t129 - 0x00000080;
				_t71 = __edx;
				_t127 = __rcx;
				_v104 = __rcx;
				r15d = 0;
				_v104 = _t139;
				_v120 = _t139;
				_v128 = r15d;
				_v136 =  &_v104;
				r9d = 0x400;
				r8d = __edx;
				if (FormatMessageW(??, ??, ??, ??, ??, ??, ??) != 0) goto 0x12700fc0;
				E00007FFA7FFA12701450(__edx, FormatMessageW(??, ??, ??, ??, ??, ??, ??), __rcx, _t119, _t129, _t134, _t137);
				goto 0x12701159;
				_v96 = _v104;
				_v112 = _t139;
				_v120 = _t139;
				_v128 = r15d;
				_v136 = _t139;
				r9d = 0xffffffff;
				_t51 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				_t138 = _t51;
				if (_t51 != 0) goto 0x12701005;
				E00007FFA7FFA12701450(__edx, _t51, __rcx, _t119, _t129, _t134, _t51);
				goto 0x12701150;
				_v88 = _t139;
				_v72 = _t139;
				_v64 = 0xf;
				_v88 = 0;
				r8d = 0;
				E00007FFA7FFA126FC1D0(_v104,  &_v88, _t51, _t51);
				_t93 =  >=  ? _v88 :  &_v88;
				_v112 = _t139;
				_v120 = _t139;
				_v128 = r14d;
				_v136 =  >=  ? _v88 :  &_v88;
				r9d = 0xffffffff;
				_t133 = _v104;
				_t54 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				r8d = _t54;
				if (_t54 != 0) goto 0x127010b8;
				E00007FFA7FFA12701450(_t71, _t54, _t127, _t51, _t129, _t134, _t138);
				_t121 = _v64;
				if (_t121 - 0x10 < 0) goto 0x12701140;
				if (_t121 + 1 - 0x1000 < 0) goto 0x127010ae;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x127010ae;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t56 = E00007FFA7FFA127056E4();
				goto 0x12701140;
				r8d = r8d - 1;
				_t113 = r8d;
				_t136 = _v88;
				if (r8d <= 0) goto 0x12701122;
				_t98 =  >=  ? _t136 :  &_v88;
				if ( *((char*)(_t113 + ( >=  ? _t136 :  &_v88) - 1)) == 0xa) goto 0x127010f6;
				_t100 =  >=  ? _t136 :  &_v88;
				if ( *((char*)(_t113 + ( >=  ? _t136 :  &_v88) - 1)) != 0xd) goto 0x12701101;
				r8d = r8d - 1;
				if (_t113 - 1 > 0) goto 0x127010d0;
				if (r8d <= 0) goto 0x12701122;
				_t125 =  >=  ? _t136 :  &_v88;
				_t40 = _t133 - 1; // -3
				r8d =  ==  ? _t40 : r8d;
				r8d = 0;
				E00007FFA7FFA12700430(_t56,  &_v88, r8d);
				asm("movups xmm0, [ebp-0x30]");
				asm("movups [edi], xmm0");
				asm("movups xmm1, [ebp-0x20]");
				asm("movups [edi+0x10], xmm1");
				_v88 = 0;
				_v64 = 0xf;
				_v72 = _t139;
				return E00007FFA7FFA12705E20(LocalFree(??), _t40, _v56 ^ _t129 - 0x00000080);
			}































                                                                                                                0x7ffa12700f50
                                                                                                                0x7ffa12700f66
                                                                                                                0x7ffa12700f70
                                                                                                                0x7ffa12700f74
                                                                                                                0x7ffa12700f76
                                                                                                                0x7ffa12700f79
                                                                                                                0x7ffa12700f7d
                                                                                                                0x7ffa12700f80
                                                                                                                0x7ffa12700f84
                                                                                                                0x7ffa12700f89
                                                                                                                0x7ffa12700f92
                                                                                                                0x7ffa12700f97
                                                                                                                0x7ffa12700f9d
                                                                                                                0x7ffa12700faf
                                                                                                                0x7ffa12700fb6
                                                                                                                0x7ffa12700fbb
                                                                                                                0x7ffa12700fc4
                                                                                                                0x7ffa12700fc8
                                                                                                                0x7ffa12700fcd
                                                                                                                0x7ffa12700fd2
                                                                                                                0x7ffa12700fd7
                                                                                                                0x7ffa12700fdc
                                                                                                                0x7ffa12700fe9
                                                                                                                0x7ffa12700fef
                                                                                                                0x7ffa12700ff4
                                                                                                                0x7ffa12700ffb
                                                                                                                0x7ffa12701000
                                                                                                                0x7ffa12701005
                                                                                                                0x7ffa12701009
                                                                                                                0x7ffa1270100d
                                                                                                                0x7ffa12701015
                                                                                                                0x7ffa1270101c
                                                                                                                0x7ffa12701023
                                                                                                                0x7ffa12701032
                                                                                                                0x7ffa12701037
                                                                                                                0x7ffa1270103c
                                                                                                                0x7ffa12701041
                                                                                                                0x7ffa12701046
                                                                                                                0x7ffa1270104b
                                                                                                                0x7ffa12701051
                                                                                                                0x7ffa12701059
                                                                                                                0x7ffa1270105f
                                                                                                                0x7ffa12701064
                                                                                                                0x7ffa1270106b
                                                                                                                0x7ffa12701071
                                                                                                                0x7ffa12701079
                                                                                                                0x7ffa12701090
                                                                                                                0x7ffa127010a5
                                                                                                                0x7ffa127010a7
                                                                                                                0x7ffa127010ad
                                                                                                                0x7ffa127010ae
                                                                                                                0x7ffa127010b3
                                                                                                                0x7ffa127010b8
                                                                                                                0x7ffa127010bb
                                                                                                                0x7ffa127010c2
                                                                                                                0x7ffa127010c9
                                                                                                                0x7ffa127010d8
                                                                                                                0x7ffa127010e1
                                                                                                                0x7ffa127010eb
                                                                                                                0x7ffa127010f4
                                                                                                                0x7ffa127010f6
                                                                                                                0x7ffa127010ff
                                                                                                                0x7ffa12701104
                                                                                                                0x7ffa1270110e
                                                                                                                0x7ffa12701112
                                                                                                                0x7ffa1270111e
                                                                                                                0x7ffa12701125
                                                                                                                0x7ffa1270112c
                                                                                                                0x7ffa12701131
                                                                                                                0x7ffa12701135
                                                                                                                0x7ffa12701138
                                                                                                                0x7ffa1270113c
                                                                                                                0x7ffa12701140
                                                                                                                0x7ffa12701144
                                                                                                                0x7ffa1270114c
                                                                                                                0x7ffa1270117e

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharFormatFreeLocalMessageMultiWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 2906450291-0
                                                                                                                • Opcode ID: af953d9cff2a8f05137041803a2c7d5d08e1c9e19b80ec48ea067704dbc0be7f
                                                                                                                • Instruction ID: 51066ce992512cb5b7fe514d895b29a251b4246794d0ba44475e011545f13e56
                                                                                                                • Opcode Fuzzy Hash: af953d9cff2a8f05137041803a2c7d5d08e1c9e19b80ec48ea067704dbc0be7f
                                                                                                                • Instruction Fuzzy Hash: 5451C322B18F5185FB10CB65E8507BE27F1BB47BA8F418635EE4D12A99DF78D0498B04
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F3FF0 Relevance: 7.6, APIs: 5, Instructions: 140COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FFA126F3B6C), ref: 00007FFA126F404F
                                                                                                                • memset.VCRUNTIME140(?,?,?,?,00000000,?,?,?,00000000,00007FFA126F3B6C), ref: 00007FFA126F40AC
                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FFA126F3B6C), ref: 00007FFA126F40EA
                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FFA126F3B6C), ref: 00007FFA126F4117
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,?,?,?,00000000,00007FFA126F3B6C), ref: 00007FFA126F4178
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$_invalid_parameter_noinfo_noreturnmemset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2536929686-0
                                                                                                                • Opcode ID: afe144113961a97d98ef3f5f0637efb7c2706ae311b8a217db6a83da57d6f214
                                                                                                                • Instruction ID: d463317f3e9b050566387743a1ddb0a96cc94f5f3a8cfc8776621baf90b16d29
                                                                                                                • Opcode Fuzzy Hash: afe144113961a97d98ef3f5f0637efb7c2706ae311b8a217db6a83da57d6f214
                                                                                                                • Instruction Fuzzy Hash: 5641C621A18B5142EB10DB12A40467AA6D4FF96BF0F168A35DA7C17FD8EFBCD4418B00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F7ED0 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA126F9000: __std_exception_copy.VCRUNTIME140(?,?,?,00007FFA126F7EE1), ref: 00007FFA126F902F
                                                                                                                • _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFA126FE5AE), ref: 00007FFA126F7EED
                                                                                                                • _CxxThrowException.VCRUNTIME140 ref: 00007FFA126F7F20
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionThrow$__std_exception_copy
                                                                                                                • String ID:
                                                                                                                • API String ID: 174860668-0
                                                                                                                • Opcode ID: 1863cd82fac41dba5849118a917ca5cd3564107b8257b490e11ea4118fc6bec0
                                                                                                                • Instruction ID: 199b7ffe36e685a953cb9247cdbcd00ff2be013ec6524606cbe0e19f2968f993
                                                                                                                • Opcode Fuzzy Hash: 1863cd82fac41dba5849118a917ca5cd3564107b8257b490e11ea4118fc6bec0
                                                                                                                • Instruction Fuzzy Hash: E8416F22608E8581DF14DB15D0A02AEA7A0FB46FD4F15C532DA6D4BBADCF6CE44ACB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E8330 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 119COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove
                                                                                                                • String ID: false
                                                                                                                • API String ID: 2162964266-734881840
                                                                                                                • Opcode ID: bc025fc7f03d0eb2bbeeb250945b171c69d13fae9fd529cdf8a4856c7184f660
                                                                                                                • Instruction ID: 48e7c1517424034358fc2a7a46825653863b45dcdf7c96447afd6183617d0377
                                                                                                                • Opcode Fuzzy Hash: bc025fc7f03d0eb2bbeeb250945b171c69d13fae9fd529cdf8a4856c7184f660
                                                                                                                • Instruction Fuzzy Hash: EC41E362B44E8581EB14CF62D5040AEA3A2EB4BFE4719C032DF5D57B9ECE7CD4428700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126FCBA0 Relevance: 7.6, APIs: 5, Instructions: 117COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126FCBDC
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFA126FCC39
                                                                                                                • ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FFA126FCC46
                                                                                                                • ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FFA126FCC50
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126FCCBF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: D@std@@@std@@U?$char_traits@$_invalid_parameter_noinfo_noreturn$??1?$basic_streambuf@?flush@?$basic_ostream@D?$basic_ostream@V12@
                                                                                                                • String ID:
                                                                                                                • API String ID: 2012728387-0
                                                                                                                • Opcode ID: e1402780647fd9f5ba4265f82a7b71ad14e8cddf1fc0af9fd9e8ab2e09c68d73
                                                                                                                • Instruction ID: 76a8af74ce14912efca92f066c33cba604855a73bde6023f95298d314a4c3ee3
                                                                                                                • Opcode Fuzzy Hash: e1402780647fd9f5ba4265f82a7b71ad14e8cddf1fc0af9fd9e8ab2e09c68d73
                                                                                                                • Instruction Fuzzy Hash: 6B41BE62A09A8181EF04CB25E45437D22A1EF46FE8F599531DA6D0B7ECDFBCD489CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F6C80 Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFA126F6CE1
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFA126F6D09
                                                                                                                • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FFA126F6D35
                                                                                                                • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FFA126F6DAC
                                                                                                                • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FFA126F6DB8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: D@std@@@std@@U?$char_traits@$?flush@?$basic_ostream@V12@$?getloc@ios_base@std@@?uncaught_exception@std@@Osfx@?$basic_ostream@Vlocale@2@
                                                                                                                • String ID:
                                                                                                                • API String ID: 3671896189-0
                                                                                                                • Opcode ID: 4e65773688b1f2c42ebbc07e31e0dda28c504954d5f195be2978443c76955207
                                                                                                                • Instruction ID: a09949a0d09d8d4835eb6ae42b06e08495bb0fe0db4e225956eac34073622364
                                                                                                                • Opcode Fuzzy Hash: 4e65773688b1f2c42ebbc07e31e0dda28c504954d5f195be2978443c76955207
                                                                                                                • Instruction Fuzzy Hash: 0B417B26609F4185EF548F26D0A037967A0EF86F99F198536CE6E0B7A9CF7CD8498700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12713EBC Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: EventExceptionThrow$CloseCurrentHandleOpenProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 1106008904-0
                                                                                                                • Opcode ID: 87c7cc9a79bbdfa8d9774b536e87ba9f3763bfb6022dff9efd4164e42d8d3c5f
                                                                                                                • Instruction ID: f1466061edf944672eb464c0cba7e32da6a7eadd2e27463d8bd6b1cc3c53cf87
                                                                                                                • Opcode Fuzzy Hash: 87c7cc9a79bbdfa8d9774b536e87ba9f3763bfb6022dff9efd4164e42d8d3c5f
                                                                                                                • Instruction Fuzzy Hash: C321A162B18E4196EA24DB21E4502BA63B4FF47BA0F458531C75D07A99FF6CE15CCB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12719B80 Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionThrow$LockShared$AcquireReleasefree
                                                                                                                • String ID:
                                                                                                                • API String ID: 3699279316-0
                                                                                                                • Opcode ID: 31515549c75ed788ea0c1695023ac1dc9ebf407b0dee6fe39a9ddf696b84dbfb
                                                                                                                • Instruction ID: 8d64c321005e05f940e731baa6720c8ce24207a7302072d5e12f77b3ef081cba
                                                                                                                • Opcode Fuzzy Hash: 31515549c75ed788ea0c1695023ac1dc9ebf407b0dee6fe39a9ddf696b84dbfb
                                                                                                                • Instruction Fuzzy Hash: 44112126A09B4585EB58DF3198153BE13E1AF87B54F09D435ED4E4668DDFBCD04E8600
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12704BC0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00007FFA7FFA12704BC0(void* __edx, long long __rbx, long long* __rcx, long long _a8) {
				intOrPtr _t27;

				_a8 = __rbx;
				 *__rcx = 0x1271e148;
				_t27 =  *((intOrPtr*)(__rcx + 8));
				if (_t27 == __rcx + 0x20) goto 0x12704c14;
				if ( *(__rcx + 0x18) << 2 - 0x1000 < 0) goto 0x12704c0f;
				if (_t27 -  *((intOrPtr*)(_t27 - 8)) - 8 - 0x1f > 0) goto 0x12704c35;
				E00007FFA7FFA127056E4();
				if ((dil & 0x00000001) == 0) goto 0x12704c27;
				return E00007FFA7FFA127056E4();
			}




                                                                                                                0x7ffa12704bc0
                                                                                                                0x7ffa12704bd4
                                                                                                                0x7ffa12704bd9
                                                                                                                0x7ffa12704be4
                                                                                                                0x7ffa12704bf5
                                                                                                                0x7ffa12704c0a
                                                                                                                0x7ffa12704c0f
                                                                                                                0x7ffa12704c18
                                                                                                                0x7ffa12704c34

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: free$??1facet@locale@std@@_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3103965028-0
                                                                                                                • Opcode ID: 985aa39b10825d040dc855dac926cd403c71a9902d08aeaecbf66b3b98fdfc4f
                                                                                                                • Instruction ID: ce17553beaac9ec1d24627b82a985973504037c60d750899bb2a95a5746d7dce
                                                                                                                • Opcode Fuzzy Hash: 985aa39b10825d040dc855dac926cd403c71a9902d08aeaecbf66b3b98fdfc4f
                                                                                                                • Instruction Fuzzy Hash: B821AF35B05E4592EF048B25E4542BA23B0FF8BFD4F598031CA4D07B69EEACD899C704
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA1270AC20 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 195COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 46%
                                                                                                                			E00007FFA7FFA1270AC20(void* __eax, void* __edi, long long __rcx, void* __rdx, long long __r8, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* _t57;
				void* _t70;
				signed long long _t87;
				void* _t90;
				void* _t98;
				void* _t102;
				void* _t109;
				long long _t111;
				long long _t117;
				void* _t134;
				intOrPtr _t135;
				signed char* _t139;
				long long _t141;
				void* _t143;
				void* _t144;
				signed long long _t145;
				long long _t161;
				void* _t162;
				long long _t167;

				_t143 = _t144 - 0x98;
				_t145 = _t144 - 0x198;
				_t87 =  *0x1272ec78; // 0xf623ed34940b
				 *(_t143 + 0x80) = _t87 ^ _t145;
				_t167 = __r8;
				_t161 = __rcx;
				 *((long long*)(_t145 + 0x48)) = __rcx;
				 *((long long*)(_t145 + 0x50)) = _t141;
				r13d = 0x100;
				_t90 =  >  ? _t162 : __r9;
				if (__rcx == __rdx) goto 0x1270ae59;
				if (_t90 == 0) goto 0x1270ae59;
				_t6 = _t143 - 0x80; // 0x80
				 *((long long*)(_t145 + 0x40)) = _t6;
				_t8 = _t143 - 0x80; // 0x80
				 *((long long*)(_t145 + 0x38)) = _t145 + 0x40;
				 *((long long*)(_t145 + 0x30)) = _t90 + _t8;
				_t12 = _t143 - 0x80; // 0x80
				 *((long long*)(_t145 + 0x28)) = _t12;
				 *((long long*)(_t145 + 0x20)) = _t145 + 0x48;
				__imp__?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z();
				_t70 = __eax;
				if (_t70 == 0) goto 0x1270acfe;
				if (_t70 != 0) goto 0x1270ad39;
				_t17 = _t143 - 0x80; // 0x80
				if ( *((intOrPtr*)(_t145 + 0x40)) != _t17) goto 0x1270ad03;
				if ( *((intOrPtr*)(_t145 + 0x48)) != __rdx) goto 0x1270ae85;
				goto 0x1270ae59;
				_t21 = _t143 - 0x80; // 0x80
				_t117 = __r8;
				_t57 = E00007FFA7FFA126F3030(__r9, __r8, _t141,  *((intOrPtr*)(_t145 + 0x40)) - _t21);
				_t24 = _t143 - 0x80; // 0x80
				_t109 = __r9 -  *((intOrPtr*)(_t145 + 0x40)) + _t24;
				_t98 =  >  ? _t162 : _t109;
				goto 0x1270ac82;
				if (_t57 != 2) goto 0x1270ae85;
				_t139 =  *((intOrPtr*)(_t145 + 0x48));
				_t110 =  <  ? __rdx - _t139 >> 1 : _t109;
				_t166 = ( <  ? __rdx - _t139 >> 1 : _t109) + _t110;
				_t111 = ( <  ? __rdx - _t139 >> 1 : _t109) + _t110 + _t139;
				 *((long long*)(_t145 + 0x70)) = _t141;
				 *((long long*)(_t145 + 0x78)) = _t117;
				 *((intOrPtr*)(_t145 + 0x60)) = sil;
				if (_t111 - _t139 >> 1 - 0x10 < 0) goto 0x1270ad96;
				r8d = 0;
				E00007FFA7FFA1270AAD0(_t111, _t145 + 0x60, _t111 - _t139 >> 1, _t141);
				 *((long long*)(_t145 + 0x70)) = _t141;
				 *((long long*)(_t145 + 0x58)) = _t145 + 0x60;
				if (_t139 == _t111) goto 0x1270adf5;
				r9d =  *_t139 & 0x000000ff;
				if (_t141 -  *((intOrPtr*)(_t145 + 0x78)) >= 0) goto 0x1270add1;
				_t37 = _t141 + 1; // 0x1
				 *((long long*)(_t145 + 0x70)) = _t37;
				_t102 =  >=  ?  *((void*)(_t145 + 0x60)) : _t145 + 0x60;
				 *((intOrPtr*)(_t102 + _t141)) = r9b;
				 *((char*)(_t102 + _t141 + 1)) = 0;
				goto 0x1270ade2;
				r8d = 0;
				E00007FFA7FFA126F29B0(_t111, _t145 + 0x60, _t111 - _t139 >> 1, _t139, _t161);
				if ( &(_t139[2]) != _t111) goto 0x1270ada5;
				_t134 =  >=  ?  *((void*)(_t145 + 0x60)) : _t145 + 0x60;
				E00007FFA7FFA126F3030(_t111, _t167,  *((intOrPtr*)(_t145 + 0x70)),  *((intOrPtr*)(_t145 + 0x70)));
				_t135 =  *((intOrPtr*)(_t145 + 0x78));
				if (_t135 - 0x10 < 0) goto 0x1270ae51;
				if (_t135 + 1 - 0x1000 < 0) goto 0x1270ae4b;
				if ( *((intOrPtr*)(_t145 + 0x60)) -  *((intOrPtr*)( *((intOrPtr*)(_t145 + 0x60)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1270ae4b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFA7FFA12705E20(E00007FFA7FFA127056E4(), 0xf,  *(_t143 + 0x80) ^ _t145);
			}



























                                                                                                                0x7ffa1270ac2d
                                                                                                                0x7ffa1270ac35
                                                                                                                0x7ffa1270ac3c
                                                                                                                0x7ffa1270ac46
                                                                                                                0x7ffa1270ac50
                                                                                                                0x7ffa1270ac56
                                                                                                                0x7ffa1270ac5c
                                                                                                                0x7ffa1270ac6a
                                                                                                                0x7ffa1270ac72
                                                                                                                0x7ffa1270ac7b
                                                                                                                0x7ffa1270ac82
                                                                                                                0x7ffa1270ac8b
                                                                                                                0x7ffa1270ac91
                                                                                                                0x7ffa1270ac95
                                                                                                                0x7ffa1270ac9a
                                                                                                                0x7ffa1270aca6
                                                                                                                0x7ffa1270acab
                                                                                                                0x7ffa1270acb0
                                                                                                                0x7ffa1270acb4
                                                                                                                0x7ffa1270acbe
                                                                                                                0x7ffa1270acce
                                                                                                                0x7ffa1270acd4
                                                                                                                0x7ffa1270acd6
                                                                                                                0x7ffa1270acdb
                                                                                                                0x7ffa1270acdd
                                                                                                                0x7ffa1270ace9
                                                                                                                0x7ffa1270acf3
                                                                                                                0x7ffa1270acf9
                                                                                                                0x7ffa1270ad03
                                                                                                                0x7ffa1270ad0e
                                                                                                                0x7ffa1270ad11
                                                                                                                0x7ffa1270ad1b
                                                                                                                0x7ffa1270ad1f
                                                                                                                0x7ffa1270ad28
                                                                                                                0x7ffa1270ad34
                                                                                                                0x7ffa1270ad3c
                                                                                                                0x7ffa1270ad42
                                                                                                                0x7ffa1270ad50
                                                                                                                0x7ffa1270ad54
                                                                                                                0x7ffa1270ad58
                                                                                                                0x7ffa1270ad5c
                                                                                                                0x7ffa1270ad66
                                                                                                                0x7ffa1270ad6b
                                                                                                                0x7ffa1270ad7d
                                                                                                                0x7ffa1270ad7f
                                                                                                                0x7ffa1270ad87
                                                                                                                0x7ffa1270ad8c
                                                                                                                0x7ffa1270ad9b
                                                                                                                0x7ffa1270ada3
                                                                                                                0x7ffa1270ada5
                                                                                                                0x7ffa1270adac
                                                                                                                0x7ffa1270adae
                                                                                                                0x7ffa1270adb2
                                                                                                                0x7ffa1270adc0
                                                                                                                0x7ffa1270adc6
                                                                                                                0x7ffa1270adca
                                                                                                                0x7ffa1270adcf
                                                                                                                0x7ffa1270add1
                                                                                                                0x7ffa1270addd
                                                                                                                0x7ffa1270adf3
                                                                                                                0x7ffa1270adfe
                                                                                                                0x7ffa1270ae0a
                                                                                                                0x7ffa1270ae10
                                                                                                                0x7ffa1270ae19
                                                                                                                0x7ffa1270ae2d
                                                                                                                0x7ffa1270ae42
                                                                                                                0x7ffa1270ae44
                                                                                                                0x7ffa1270ae4a
                                                                                                                0x7ffa1270ae84

                                                                                                                APIs
                                                                                                                • ?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z.MSVCP140 ref: 00007FFA1270ACCE
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA1270AE44
                                                                                                                  • Part of subcall function 00007FFA1270AAD0: memmove.VCRUNTIME140(?,?,00007FFA1270AD8C), ref: 00007FFA1270ABAE
                                                                                                                  • Part of subcall function 00007FFA126F29B0: memmove.VCRUNTIME140(?,?,?,?,?,?,00000000,00007FFA12704980), ref: 00007FFA126F2A8F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$?out@?$codecvt@_Mbstatet@@Mbstatet@@@std@@_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: Could not convert character encoding$libs\log\src\code_conversion.cpp
                                                                                                                • API String ID: 2223218856-1764552477
                                                                                                                • Opcode ID: 373f2eaf66edeac2eb1f88e4373690d468f65cc4fe1e7d55d591e64ccef73e95
                                                                                                                • Instruction ID: 16d61262c244e2b9fcf61238f51def3b328c02667ea835497ca4b42651e17eec
                                                                                                                • Opcode Fuzzy Hash: 373f2eaf66edeac2eb1f88e4373690d468f65cc4fe1e7d55d591e64ccef73e95
                                                                                                                • Instruction Fuzzy Hash: 9971A036A08B8585EB109B65F4402EA67B5FB877D4F958532EB8D03B9DDFBCD1488B00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126EBB20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionThrow__std_exception_copymemmove
                                                                                                                • String ID: string pointer is null
                                                                                                                • API String ID: 1395217600-3607014066
                                                                                                                • Opcode ID: 038199a635b4dbb348c3cedf97dcc78cab75a2d3bff88be1c45ea5f51a765d28
                                                                                                                • Instruction ID: e30704cfcba3ff77b3f4941f0aa2c9b482cd575d4d4792626c7d18dc17c0dc16
                                                                                                                • Opcode Fuzzy Hash: 038199a635b4dbb348c3cedf97dcc78cab75a2d3bff88be1c45ea5f51a765d28
                                                                                                                • Instruction Fuzzy Hash: D831A772618F8585EA60CB15E4401AAB7B0FB467E4F55C131EAAD436ADEF7CD145CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F95E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00007FFA7FFA126F95E0(signed long long __rcx) {
				signed int _v24;
				long long _v32;
				long long _v40;
				signed long long _v56;
				char _v64;
				signed long long _v72;
				void* _t16;
				void* _t19;
				signed long long _t26;
				signed long long _t27;
				long long* _t35;
				signed long long _t37;
				intOrPtr _t44;
				signed long long _t47;

				_t26 =  *0x1272ec78; // 0xf623ed34940b
				_t27 = _t26 ^ _t47;
				_v24 = _t27;
				_t35 = __rcx;
				_v72 = __rcx;
				E00007FFA7FFA127056A8(_t16, _t27, __rcx);
				asm("movups xmm0, [0x23b02]");
				_t37 = _t27;
				_v40 = 0x22;
				_v32 = 0x2f;
				asm("movups [eax], xmm0");
				_v72 = _t37;
				asm("movups xmm1, [0x23aea]");
				_v64 = 1;
				asm("xorps xmm0, xmm0");
				asm("movups [eax+0x10], xmm1");
				 *((short*)(_t37 + 0x20)) =  *0x1271d130 & 0x0000ffff;
				 *((char*)(_t37 + 0x22)) = 0;
				_v56 = _t37;
				 *_t35 = 0x1271b9e8;
				asm("movups [edx], xmm0");
				0x127170e3();
				_t44 = _v32;
				 *_t35 = 0x1271cff0;
				if (_t44 - 0x10 < 0) goto 0x126f96b7;
				if (_t44 + 1 - 0x1000 < 0) goto 0x126f96b2;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126f96b2;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t19 = E00007FFA7FFA127056E4();
				 *_t35 = 0x1271d100;
				return E00007FFA7FFA12705E20(_t19, 0x30, _v24 ^ _t47);
			}

















                                                                                                                0x7ffa126f95e6
                                                                                                                0x7ffa126f95ed
                                                                                                                0x7ffa126f95f0
                                                                                                                0x7ffa126f95f5
                                                                                                                0x7ffa126f95f8
                                                                                                                0x7ffa126f9602
                                                                                                                0x7ffa126f9607
                                                                                                                0x7ffa126f960e
                                                                                                                0x7ffa126f9611
                                                                                                                0x7ffa126f961a
                                                                                                                0x7ffa126f9627
                                                                                                                0x7ffa126f962a
                                                                                                                0x7ffa126f962f
                                                                                                                0x7ffa126f9636
                                                                                                                0x7ffa126f963b
                                                                                                                0x7ffa126f963e
                                                                                                                0x7ffa126f9649
                                                                                                                0x7ffa126f9654
                                                                                                                0x7ffa126f9658
                                                                                                                0x7ffa126f9662
                                                                                                                0x7ffa126f9665
                                                                                                                0x7ffa126f9668
                                                                                                                0x7ffa126f966d
                                                                                                                0x7ffa126f9679
                                                                                                                0x7ffa126f9680
                                                                                                                0x7ffa126f9694
                                                                                                                0x7ffa126f96a9
                                                                                                                0x7ffa126f96ab
                                                                                                                0x7ffa126f96b1
                                                                                                                0x7ffa126f96b2
                                                                                                                0x7ffa126f96be
                                                                                                                0x7ffa126f96d6

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA127056A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA126E8F4E), ref: 00007FFA127056C2
                                                                                                                • __std_exception_copy.VCRUNTIME140 ref: 00007FFA126F9668
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126F96AB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                • String ID: "$/
                                                                                                                • API String ID: 4226527432-2662438755
                                                                                                                • Opcode ID: e407ef6e3ff1a9d88b93d3833e286595eecd4f330843cedd81ba747b7a733b0b
                                                                                                                • Instruction ID: bb206d1eaef881e1b608efd6a0d03d0e708834b3ace8607f00e8706f3560dfbf
                                                                                                                • Opcode Fuzzy Hash: e407ef6e3ff1a9d88b93d3833e286595eecd4f330843cedd81ba747b7a733b0b
                                                                                                                • Instruction Fuzzy Hash: 0621A521918F8581EB019B64E45036A73B0FF9B768F019231E6DC06799EFBCE0D88B00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F94A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA127056A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA126E8F4E), ref: 00007FFA127056C2
                                                                                                                • __std_exception_copy.VCRUNTIME140 ref: 00007FFA126F9527
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126F956A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                • String ID: ($/
                                                                                                                • API String ID: 4226527432-2468745909
                                                                                                                • Opcode ID: 5e8c779a14b96b9ecdf221629a4a5fc1362b3c59b3c64664326aa5887f6375dd
                                                                                                                • Instruction ID: a476c9d101a2ab1c91dbb6259ed41431427f9e5baebbe4ab7a9e60513f87a511
                                                                                                                • Opcode Fuzzy Hash: 5e8c779a14b96b9ecdf221629a4a5fc1362b3c59b3c64664326aa5887f6375dd
                                                                                                                • Instruction Fuzzy Hash: 8F218262D19F4581EB118B24E45036A73B0FF9B7A4F419231DA9C06799EFBCE1C88B00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA1271A8A0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExclusiveLock$AcquireRelease_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: _old.txt
                                                                                                                • API String ID: 2194057460-616907513
                                                                                                                • Opcode ID: 19375733d42b06231c66649bbc83495ebd19588091db51a5034f5594767d68ad
                                                                                                                • Instruction ID: 2796ceb251de9a6e1b81f57c222e2b8ef2f874c47a49486b27e23642cfc31836
                                                                                                                • Opcode Fuzzy Hash: 19375733d42b06231c66649bbc83495ebd19588091db51a5034f5594767d68ad
                                                                                                                • Instruction Fuzzy Hash: 37112954E18E8240FE11976CA8553B613B06F437B4F42C332D5AC516EDFEECE0898A08
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA1270FD40 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 26memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00007FFA7FFA1270FD40(long* __rcx) {
				long _t1;

				_t1 = TlsAlloc();
				 *__rcx = _t1;
				if (_t1 == 0xffffffff) goto 0x1270fd5f;
				return _t1;
			}




                                                                                                                0x7ffa1270fd49
                                                                                                                0x7ffa1270fd4f
                                                                                                                0x7ffa1270fd54
                                                                                                                0x7ffa1270fd5e

                                                                                                                APIs
                                                                                                                • TlsAlloc.KERNEL32(?,?,?,00007FFA1270F2EA,?,?,?,00007FFA1270F238,?,?,00000000,00007FFA12709BEB), ref: 00007FFA1270FD49
                                                                                                                • TlsFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FFA1270F238,?,?,00000000), ref: 00007FFA1270FD86
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocFree
                                                                                                                • String ID: TLS capacity depleted$libs\log\src\thread_specific.cpp
                                                                                                                • API String ID: 265982327-1379514790
                                                                                                                • Opcode ID: c51c84f54730cbf98e99767d18b2e406bb13c54ec22f08a479ce666a06b74c17
                                                                                                                • Instruction ID: e0fb2058e3e5e58f52ecbe8c6f6ae7803290cd2478a549fb0a3b41b8e2adc935
                                                                                                                • Opcode Fuzzy Hash: c51c84f54730cbf98e99767d18b2e406bb13c54ec22f08a479ce666a06b74c17
                                                                                                                • Instruction Fuzzy Hash: 9DE06535A0490A83E6189B71E44547923B0EF1B725F559930C61D0B6E4EEBCF19ECF45
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E1590 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: CreateHardLinkW$kernel32.dll
                                                                                                                • API String ID: 1646373207-294928789
                                                                                                                • Opcode ID: 815e6742ab7692d77a54d0fd69f46ece7c65f6f90913d5dedfb638f05082a8ff
                                                                                                                • Instruction ID: 3a8dab34a68cacc3a3484f16d7b9957853bae0c005251539f5fb8621dbd73074
                                                                                                                • Opcode Fuzzy Hash: 815e6742ab7692d77a54d0fd69f46ece7c65f6f90913d5dedfb638f05082a8ff
                                                                                                                • Instruction Fuzzy Hash: E7D09224A0AE0692E6099B02EC9107622F0BF5B720F829535C40D01328FEACE55ECB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E15C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: CreateSymbolicLinkW$kernel32.dll
                                                                                                                • API String ID: 1646373207-1962376091
                                                                                                                • Opcode ID: 518f2b726df48b0379b464764493b469d08d199bf35e544040c96d894980a45c
                                                                                                                • Instruction ID: 48278998df802be329c2d16f0a6284a814160091c0565ce26f140cc3d520fc6f
                                                                                                                • Opcode Fuzzy Hash: 518f2b726df48b0379b464764493b469d08d199bf35e544040c96d894980a45c
                                                                                                                • Instruction Fuzzy Hash: F0D09224E1AE0292E6099B12EC9107622F0BF4B730F829435C40D02228FEACE59E8B00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E44C1 Relevance: 6.4, APIs: 5, Instructions: 138COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00007FFA7FFA126E44C1(long long* __rax, long long __rbx, long long __rsi, char* __r9, void* __r15) {
				void* _t48;
				char* _t57;
				intOrPtr* _t61;
				long long* _t62;
				intOrPtr _t66;
				void* _t77;
				char* _t83;
				void* _t87;
				signed long long _t89;

				_t62 = __rbx;
				asm("dec ax");
				asm("psrldq xmm0, 0x8");
				asm("dec ax");
				 *__rax();
				goto 0x126e45a6;
				 *(_t87 - 0x14) =  *(_t87 - 0x14) & 0xffffff80;
				 *(_t87 - 0x10) =  *(_t87 - 0x10) & 0x000000fe;
				 *((intOrPtr*)(_t87 - 0xf)) = 0;
				 *((intOrPtr*)(_t87 - 0x20)) = 0;
				 *((long long*)(_t89 + 0x70)) = _t87 - 0x20;
				_t57 = _t89 + 0x70;
				 *((intOrPtr*)(_t87 - 0x1c)) = 0xffffffff;
				 *((long long*)(_t87 - 0x78)) = _t57;
				 *((intOrPtr*)(_t87 - 0x70)) =  *((intOrPtr*)(__rsi + 0x58));
				 *((char*)(_t87 - 0x18)) = 0;
				 *((char*)(_t87 - 0xf)) = 0x20;
				 *((char*)(_t87 - 0xb)) = 1;
				 *((long long*)(_t89 + 0x78)) = __rsi;
				 *((long long*)(_t87 - 0x80)) = __rbx;
				E00007FFA7FFA126E3CC0(_t57, __rbx, __r9, __r15, _t89 + 0x70);
				_t83 = _t57;
				if (_t57 == __r15) goto 0x126e4547;
				if ( *_t57 == 0x7d) goto 0x126e4556;
				E00007FFA7FFA127050C0(_t62, "missing \'}\' in format string");
				_t66 =  *((intOrPtr*)(__rsi));
				 *((long long*)(_t89 + 0x40)) = _t62;
				_t77 = _t83 - _t66;
				 *((long long*)(_t89 + 0x48)) = __rsi;
				 *((long long*)(__rsi)) = _t77 + _t66;
				 *((intOrPtr*)(__rsi + 8)) =  *((intOrPtr*)(__rsi + 8)) - _t77;
				 *((long long*)(_t89 + 0x28)) =  *_t62;
				 *((long long*)(_t89 + 0x30)) =  *((intOrPtr*)(_t62 + 0x28));
				_t61 = _t87 - 0x20;
				 *((long long*)(_t89 + 0x38)) = _t61;
				E00007FFA7FFA126E4AF0();
				 *_t62 =  *_t61;
				if (_t83 == __r15) goto 0x126e45d0;
				if ( *_t83 != 0x7d) goto 0x126e45d0;
				_t33 = _t83 + 1; // 0x2
				if (_t33 == __r15) goto 0x126e45e8;
				goto 0x126e4022;
				E00007FFA7FFA126E8C80(_t61, _t62, _t89 + 0x58, _t33, _t87, __r15, __r15);
				goto 0x126e45e8;
				goto 0x126e45e0;
				return E00007FFA7FFA12705E20(E00007FFA7FFA127050C0(_t62, "invalid format string"), _t48,  *(_t87 - 8) ^ _t89);
			}












                                                                                                                0x7ffa126e44c1
                                                                                                                0x7ffa126e44c9
                                                                                                                0x7ffa126e44ce
                                                                                                                0x7ffa126e44d3
                                                                                                                0x7ffa126e44d8
                                                                                                                0x7ffa126e44dd
                                                                                                                0x7ffa126e44e2
                                                                                                                0x7ffa126e44eb
                                                                                                                0x7ffa126e44f1
                                                                                                                0x7ffa126e44fb
                                                                                                                0x7ffa126e4502
                                                                                                                0x7ffa126e450a
                                                                                                                0x7ffa126e450f
                                                                                                                0x7ffa126e4516
                                                                                                                0x7ffa126e451d
                                                                                                                0x7ffa126e4520
                                                                                                                0x7ffa126e4524
                                                                                                                0x7ffa126e4528
                                                                                                                0x7ffa126e452c
                                                                                                                0x7ffa126e4531
                                                                                                                0x7ffa126e4535
                                                                                                                0x7ffa126e453a
                                                                                                                0x7ffa126e4540
                                                                                                                0x7ffa126e4545
                                                                                                                0x7ffa126e4551
                                                                                                                0x7ffa126e4556
                                                                                                                0x7ffa126e4560
                                                                                                                0x7ffa126e4565
                                                                                                                0x7ffa126e4568
                                                                                                                0x7ffa126e4571
                                                                                                                0x7ffa126e4578
                                                                                                                0x7ffa126e4584
                                                                                                                0x7ffa126e458d
                                                                                                                0x7ffa126e4592
                                                                                                                0x7ffa126e4596
                                                                                                                0x7ffa126e459b
                                                                                                                0x7ffa126e45a3
                                                                                                                0x7ffa126e45a9
                                                                                                                0x7ffa126e45ae
                                                                                                                0x7ffa126e45b0
                                                                                                                0x7ffa126e45b7
                                                                                                                0x7ffa126e45b9
                                                                                                                0x7ffa126e45c9
                                                                                                                0x7ffa126e45ce
                                                                                                                0x7ffa126e45d7
                                                                                                                0x7ffa126e4621

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memchr$memmove
                                                                                                                • String ID:
                                                                                                                • API String ID: 4199700744-0
                                                                                                                • Opcode ID: 73a91e6077936b72f932de7d3562217ea11923a2af180b412c3a42b8658b6dad
                                                                                                                • Instruction ID: f0399d1be9f3bb58b9355f859f06189cc38051ddf8eddf6ff9a293b8ba0ad88d
                                                                                                                • Opcode Fuzzy Hash: 73a91e6077936b72f932de7d3562217ea11923a2af180b412c3a42b8658b6dad
                                                                                                                • Instruction Fuzzy Hash: 30519262A08F8582EB20CF21E04026AA7E1FB46BE4F558136EFAD13799DF7CE554C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F8800 Relevance: 6.4, APIs: 5, Instructions: 131COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove
                                                                                                                • String ID:
                                                                                                                • API String ID: 2162964266-0
                                                                                                                • Opcode ID: adc04215cd4fd4c0a0b031881e90294048e23f6722abfe3fe1c836f0e6035876
                                                                                                                • Instruction ID: b519ba8aa9895fc79d1a6772bc8eb22907aa4f756cc10241a27fc149f5936725
                                                                                                                • Opcode Fuzzy Hash: adc04215cd4fd4c0a0b031881e90294048e23f6722abfe3fe1c836f0e6035876
                                                                                                                • Instruction Fuzzy Hash: 9641D332A08F9182EB149F29E5441AD63A1F756BD4F558931DFAC0B78ACFBCE194C380
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA127004D0 Relevance: 6.4, APIs: 5, Instructions: 107COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionThrow$__std_exception_copy
                                                                                                                • String ID:
                                                                                                                • API String ID: 174860668-0
                                                                                                                • Opcode ID: 5835f474e1769be0152aa8ffbbf43488734d5310dad5b9431d807699ec9559d6
                                                                                                                • Instruction ID: 90a11e970fb7cd099fb4dd3ef5ca90afceb40538a57a59d8920d9e057eab6c24
                                                                                                                • Opcode Fuzzy Hash: 5835f474e1769be0152aa8ffbbf43488734d5310dad5b9431d807699ec9559d6
                                                                                                                • Instruction Fuzzy Hash: 6411C312628D8681DF24A720D8551ABA3B1FF92794FA1C131D19D069BEDF6CE20DCF00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12704470 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 193COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove
                                                                                                                • String ID: #$%
                                                                                                                • API String ID: 2162964266-2141590602
                                                                                                                • Opcode ID: 34b4d6372bd322e99289d8db90c65af6c82bb6af3c9b5a6835dcb834b3bcb206
                                                                                                                • Instruction ID: add43c21f7ab876409ec3f0800bb4e008680a2328431308d74d3d66ccfeb0b32
                                                                                                                • Opcode Fuzzy Hash: 34b4d6372bd322e99289d8db90c65af6c82bb6af3c9b5a6835dcb834b3bcb206
                                                                                                                • Instruction Fuzzy Hash: B571132AA08E9181EB118B25D5243BFABF1EB53B98F069032DA0D07398DFBCD44DC744
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12704200 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 191COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove
                                                                                                                • String ID: #$%
                                                                                                                • API String ID: 2162964266-2141590602
                                                                                                                • Opcode ID: 88576e8595118c141d0c5084a1eeabb62c25855a64c728a16ca8d9d51b900290
                                                                                                                • Instruction ID: 417f7cfcdd5fee4cf3468e69c7f49e448a50d80fdc5a661a8459bbfb911cb22d
                                                                                                                • Opcode Fuzzy Hash: 88576e8595118c141d0c5084a1eeabb62c25855a64c728a16ca8d9d51b900290
                                                                                                                • Instruction Fuzzy Hash: 7971E22AA08E8581EB118F25D5243BFA7F1EB97B98F469132DA0D17298CFBCD45DC704
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA1270DC80 Relevance: 6.2, APIs: 4, Instructions: 187COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA126FE130: ?exceptions@ios_base@std@@QEAAXH@Z.MSVCP140 ref: 00007FFA126FE154
                                                                                                                  • Part of subcall function 00007FFA126FE130: ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FFA126FE180
                                                                                                                • ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z.MSVCP140 ref: 00007FFA1270DCB3
                                                                                                                • ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z.MSVCP140 ref: 00007FFA1270DCD9
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA1270DDC9
                                                                                                                • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FFA1270DE99
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@$?exceptions@ios_base@std@@?imbue@?$basic_ios@Init@locale@std@@Locimp@12@_V32@@Vlocale@2@_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 978063264-0
                                                                                                                • Opcode ID: 5171cbfb1a66cbbb129140d7ad303c9ca4bda11a20518d13f7f221ebe2b3a53d
                                                                                                                • Instruction ID: 0c790ea4cc91634368b9203381a88033d4e3afd7fc8f93ba1a22eeba1a0d4974
                                                                                                                • Opcode Fuzzy Hash: 5171cbfb1a66cbbb129140d7ad303c9ca4bda11a20518d13f7f221ebe2b3a53d
                                                                                                                • Instruction Fuzzy Hash: 53819536B05B418AEB14CB25D0503AE33B1EB87BA8F068536DA1D53B89DF78E4998744
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA1270D5B0 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionThrow__std_type_info_compare
                                                                                                                • String ID:
                                                                                                                • API String ID: 3388463524-0
                                                                                                                • Opcode ID: 0bbec93366a2f6f3123775854d9491221931c74d43e2a73d4a0a05894ddb74fb
                                                                                                                • Instruction ID: 7c0931a011216caad4fb554e532ec66eeac35f5dd25a9f4c5ec13c3d2d1fff01
                                                                                                                • Opcode Fuzzy Hash: 0bbec93366a2f6f3123775854d9491221931c74d43e2a73d4a0a05894ddb74fb
                                                                                                                • Instruction Fuzzy Hash: 6451BC36618B8182EB14DF15E4402AEB7B5FB8ABA4F5A9135DF8D03758DF78E458CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E2760 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 149COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00007FFA126E276F
                                                                                                                • d, xrefs: 00007FFA126E28DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove
                                                                                                                • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899$d
                                                                                                                • API String ID: 2162964266-2578503166
                                                                                                                • Opcode ID: 5f542f157bc4bcc359921d91813b84694f3378aacfbd99376261179b15e2f923
                                                                                                                • Instruction ID: 5f66c9267c7a415f55bb2fdb09a199b3a40fdffd52f50bb4d9291016bd81d0b1
                                                                                                                • Opcode Fuzzy Hash: 5f542f157bc4bcc359921d91813b84694f3378aacfbd99376261179b15e2f923
                                                                                                                • Instruction Fuzzy Hash: C351C077A08A848AEB15CB26D44016A7BA1F75AB90B058432DFAE07355DF78D054CB10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA1270FA00 Relevance: 6.1, APIs: 4, Instructions: 140timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 52%
                                                                                                                			E00007FFA7FFA1270FA00(void* __esi, long long __rbx, intOrPtr* __rcx, unsigned int __rdx, long long _a24) {
				signed int _v40;
				void* _v80;
				signed long long _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				signed long long _v120;
				void* _v124;
				void* _v128;
				signed short _v134;
				signed int _v136;
				signed int _t37;
				signed short _t52;
				signed long long _t61;
				signed long long _t89;
				void* _t90;

				_a24 = __rbx;
				_t61 =  *0x1272ec78; // 0xf623ed34940b
				_v40 = _t61 ^ _t90 - 0x00000090;
				GetSystemTimeAsFileTime(??);
				_t89 = __rdx >> 0x12;
				_v120 = _t89;
				 *__rdx();
				_t37 =  *0x431BDE82D7B634E7 & 0x0000ffff;
				if (0x431bde82d7b634dc - 2 < 0) goto 0x1270fb6a;
				if (_t37 - 0x1f > 0) goto 0x1270fb7b;
				_t52 = ( *0x431BDE82D7B634EB & 0x0000ffff) + 1;
				if ((_t52 & 0x0000ffff) + 1 - 2 < 0) goto 0x1270fb8c;
				if (_t52 - 0xc > 0) goto 0x1270fb9a;
				r9d =  *0x431BDE82D7B634EF & 0x0000ffff;
				r9w = r9w + 0x76c;
				if ((r9w & 0xffffffff) + 1 - 0x579 < 0) goto 0x1270fba8;
				if (r9w - 0x270f > 0) goto 0x1270fbba;
				_v112 =  *((intOrPtr*)(0x431bde82d7b634e3));
				_v104 =  *((intOrPtr*)(0x431bde82d7b634df));
				asm("movups xmm0, [esp+0x38]");
				_v96 =  *0xd7b634db;
				asm("movups [edi+0x8], xmm0");
				_v136 = r9w;
				_v134 = _t52;
				_v88 = _t89 * 0xf4240;
				asm("movups xmm1, [esp+0x48]");
				 *((intOrPtr*)(__rcx)) = _v136;
				 *(__rcx + 4) = _t37;
				asm("movups [edi+0x18], xmm1");
				return E00007FFA7FFA12705E20(_t37, _v136, _v40 ^ _t90 - 0x00000090);
			}



















                                                                                                                0x7ffa1270fa00
                                                                                                                0x7ffa1270fa0f
                                                                                                                0x7ffa1270fa19
                                                                                                                0x7ffa1270fa2c
                                                                                                                0x7ffa1270fa7c
                                                                                                                0x7ffa1270fa80
                                                                                                                0x7ffa1270fa85
                                                                                                                0x7ffa1270fa8a
                                                                                                                0x7ffa1270fa94
                                                                                                                0x7ffa1270fa9d
                                                                                                                0x7ffa1270faa8
                                                                                                                0x7ffa1270fab3
                                                                                                                0x7ffa1270fabd
                                                                                                                0x7ffa1270fac3
                                                                                                                0x7ffa1270facd
                                                                                                                0x7ffa1270fadd
                                                                                                                0x7ffa1270faec
                                                                                                                0x7ffa1270faf6
                                                                                                                0x7ffa1270faff
                                                                                                                0x7ffa1270fb07
                                                                                                                0x7ffa1270fb0c
                                                                                                                0x7ffa1270fb18
                                                                                                                0x7ffa1270fb1c
                                                                                                                0x7ffa1270fb25
                                                                                                                0x7ffa1270fb2c
                                                                                                                0x7ffa1270fb31
                                                                                                                0x7ffa1270fb3a
                                                                                                                0x7ffa1270fb3c
                                                                                                                0x7ffa1270fb43
                                                                                                                0x7ffa1270fb69

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Time$EventFileSystem__acrt_iob_funcfflush
                                                                                                                • String ID:
                                                                                                                • API String ID: 1736211985-0
                                                                                                                • Opcode ID: 8fbe9deb50a2553d171e416f978606913200a09efcb97367198c30951ce863af
                                                                                                                • Instruction ID: e418ce1ffb5d88798745eac03e324b6b399ce84837128bd141c038f64957ccda
                                                                                                                • Opcode Fuzzy Hash: 8fbe9deb50a2553d171e416f978606913200a09efcb97367198c30951ce863af
                                                                                                                • Instruction Fuzzy Hash: DF514D22E18A5147EB188B25E46577A73A0FB8B790F519039EB8E47BD9DE7CD0588F00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E7C90 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 130COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memset$memmove
                                                                                                                • String ID: 0123456789ABCDEF$0123456789abcdef
                                                                                                                • API String ID: 3527438329-885041942
                                                                                                                • Opcode ID: 01c60fb82b4070b04af536b7e455bd7ddc4279d52e774962564a86c2e4666df0
                                                                                                                • Instruction ID: 4b6a6bdaeefe2b798907337d29485be0d74b5234cd9598607e63b757ee3f2b94
                                                                                                                • Opcode Fuzzy Hash: 01c60fb82b4070b04af536b7e455bd7ddc4279d52e774962564a86c2e4666df0
                                                                                                                • Instruction Fuzzy Hash: E5419262B08E5582EA19DF1AE4400AD77A1FB4AFE4B498032EF5D07B99DF7CD496C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E7E50 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 129COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memset$memmove
                                                                                                                • String ID: 0123456789ABCDEF$0123456789abcdef
                                                                                                                • API String ID: 3527438329-885041942
                                                                                                                • Opcode ID: 965fe44ab52bcfe57b52ceee5a0724d6543be5051b4c50be708f4ccc0e8df8c3
                                                                                                                • Instruction ID: 1e9bab81a68cfeace684faef563f82b54bfede8d3483fc7d237722f1958898ca
                                                                                                                • Opcode Fuzzy Hash: 965fe44ab52bcfe57b52ceee5a0724d6543be5051b4c50be708f4ccc0e8df8c3
                                                                                                                • Instruction Fuzzy Hash: 23416162B08E5582EA15DF16E4401ADA7A1FB4AFE4B498032EF5C07B9DDF7CD4968700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126FC1D0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E00007FFA7FFA126FC1D0(long long __rbx, long long* __rcx, signed int __rdx, long long __r14) {
				void* _t21;
				void* _t22;
				void* _t25;
				void* _t43;
				long long _t44;
				long long* _t48;
				signed long long _t53;
				unsigned long long _t63;
				int _t66;
				int _t73;
				long long _t76;
				unsigned long long _t77;
				void* _t79;
				long long _t88;
				void* _t90;

				 *((long long*)(_t79 + 0x10)) = __rbx;
				 *((long long*)(_t79 + 0x18)) = _t76;
				_t77 =  *((intOrPtr*)(__rcx + 0x18));
				r15d = r8b;
				_t48 = __rcx;
				if (__rdx - _t77 > 0) goto 0x126fc21c;
				if (_t77 - 0x10 < 0) goto 0x126fc201;
				 *((long long*)(__rcx + 0x10)) = __rdx;
				_t21 = memset(_t90, _t66, _t73);
				 *((char*)( *((intOrPtr*)(__rcx)) + __rdx)) = 0;
				goto 0x126fc30b;
				if (__rdx - 0xffffffff > 0) goto 0x126fc328;
				 *((long long*)(_t79 - 0x20 + 0x40)) = __r14;
				_t53 = __rdx | 0x0000000f;
				if (_t53 - 0xffffffff > 0) goto 0x126fc27a;
				_t63 = _t77 >> 1;
				if (_t77 - 0xffffffff - _t63 > 0) goto 0x126fc27a;
				_t43 = _t63 + _t77;
				_t8 = ( <  ? _t43 : _t53) + 1; // 0x9
				_t44 = _t8;
				if (_t44 - 0x1000 < 0) goto 0x126fc2a0;
				_t9 = _t44 + 0x27; // 0x30
				if (_t9 - _t44 <= 0) goto 0x126fc32e;
				goto 0x126fc284;
				_t22 = E00007FFA7FFA127056A8(_t21, _t44, 0x27);
				if (_t44 == 0) goto 0x126fc321;
				_t10 = _t44 + 0x27; // 0x27
				 *((long long*)((_t10 & 0xffffffe0) - 8)) = _t44;
				goto 0x126fc2b5;
				if (_t44 == 0) goto 0x126fc2b2;
				E00007FFA7FFA127056A8(_t22, _t44, _t44);
				_t88 = _t44;
				goto 0x126fc2b5;
				r14d = 0;
				 *((long long*)(_t48 + 0x10)) = __rdx;
				 *((long long*)(_t48 + 0x18)) =  <  ? _t43 : _t53;
				memset(??, ??, ??);
				 *((char*)(_t88 + __rdx)) = 0;
				if (_t77 - 0x10 < 0) goto 0x126fc303;
				if (_t77 + 1 - 0x1000 < 0) goto 0x126fc2fe;
				if ( *_t48 -  *((intOrPtr*)( *_t48 - 8)) - 8 - 0x1f > 0) goto 0x126fc321;
				_t25 = E00007FFA7FFA127056E4();
				 *_t48 = _t88;
				return _t25;
			}


















                                                                                                                0x7ffa126fc1d0
                                                                                                                0x7ffa126fc1d5
                                                                                                                0x7ffa126fc1e2
                                                                                                                0x7ffa126fc1e9
                                                                                                                0x7ffa126fc1ed
                                                                                                                0x7ffa126fc1f3
                                                                                                                0x7ffa126fc1fc
                                                                                                                0x7ffa126fc201
                                                                                                                0x7ffa126fc20e
                                                                                                                0x7ffa126fc213
                                                                                                                0x7ffa126fc217
                                                                                                                0x7ffa126fc229
                                                                                                                0x7ffa126fc232
                                                                                                                0x7ffa126fc237
                                                                                                                0x7ffa126fc23e
                                                                                                                0x7ffa126fc246
                                                                                                                0x7ffa126fc24f
                                                                                                                0x7ffa126fc251
                                                                                                                0x7ffa126fc25f
                                                                                                                0x7ffa126fc25f
                                                                                                                0x7ffa126fc269
                                                                                                                0x7ffa126fc26b
                                                                                                                0x7ffa126fc272
                                                                                                                0x7ffa126fc278
                                                                                                                0x7ffa126fc284
                                                                                                                0x7ffa126fc28c
                                                                                                                0x7ffa126fc292
                                                                                                                0x7ffa126fc29a
                                                                                                                0x7ffa126fc29e
                                                                                                                0x7ffa126fc2a3
                                                                                                                0x7ffa126fc2a8
                                                                                                                0x7ffa126fc2ad
                                                                                                                0x7ffa126fc2b0
                                                                                                                0x7ffa126fc2b2
                                                                                                                0x7ffa126fc2b8
                                                                                                                0x7ffa126fc2bf
                                                                                                                0x7ffa126fc2c6
                                                                                                                0x7ffa126fc2cb
                                                                                                                0x7ffa126fc2d4
                                                                                                                0x7ffa126fc2e4
                                                                                                                0x7ffa126fc2f9
                                                                                                                0x7ffa126fc2fe
                                                                                                                0x7ffa126fc303
                                                                                                                0x7ffa126fc320

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memset$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 674427795-0
                                                                                                                • Opcode ID: cdfa750938da0650040e964fb2832e0cf142a776a887572e6ea092ab9310a21e
                                                                                                                • Instruction ID: 9b090123e60d23a8df3d21c84efee267cb35db916b779214dede7a83e98a33a9
                                                                                                                • Opcode Fuzzy Hash: cdfa750938da0650040e964fb2832e0cf142a776a887572e6ea092ab9310a21e
                                                                                                                • Instruction Fuzzy Hash: 7331F022B09E8284EF14DB5191643B822E1EB46FF0F558931DA2D0B7CDDEBCD0808740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F29B0 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 45%
                                                                                                                			E00007FFA7FFA126F29B0(long long __rbx, long long* __rcx, void* __rdx, long long __rdi, long long __r12) {
				void* _t28;
				void* _t29;
				void* _t33;
				long long _t51;
				long long _t57;
				unsigned long long _t64;
				signed long long _t73;
				long long _t81;
				int _t83;
				long long* _t84;
				long long _t86;
				unsigned long long _t87;
				void* _t89;
				void* _t90;
				signed long long _t94;
				void* _t96;
				intOrPtr _t97;
				void* _t99;

				 *((long long*)(_t89 + 0x20)) = __rbx;
				_t90 = _t89 - 0x20;
				_t97 =  *((intOrPtr*)(__rcx + 0x10));
				r15d = r9b & 0xffffffff;
				_t84 = __rcx;
				if (0xffffffff - _t97 - __rdx < 0) goto 0x126f2b0a;
				 *((long long*)(_t90 + 0x40)) = _t86;
				_t87 =  *((intOrPtr*)(__rcx + 0x18));
				 *((long long*)(_t90 + 0x48)) = __rdi;
				 *((long long*)(_t90 + 0x50)) = __r12;
				_t94 = _t97 + __rdx;
				_t73 = _t94 | 0x0000000f;
				if (_t73 - 0xffffffff > 0) goto 0x126f2a3f;
				_t64 = _t87 >> 1;
				if (_t87 - 0xffffffff - _t64 > 0) goto 0x126f2a3f;
				_t57 =  <  ? _t64 + _t87 : _t73;
				_t51 = _t57 + 1;
				if (_t51 - 0x1000 < 0) goto 0x126f2a61;
				_t10 = _t51 + 0x27; // 0x27
				if (_t10 - _t51 <= 0) goto 0x126f2b10;
				goto 0x126f2a49;
				_t29 = E00007FFA7FFA127056A8(_t28, _t51, 0x27);
				if (_t51 == 0) goto 0x126f2acd;
				_t11 = _t51 + 0x27; // 0x27
				 *((long long*)((_t11 & 0xffffffe0) - 8)) = _t51;
				goto 0x126f2a75;
				if (_t51 == 0) goto 0x126f2a73;
				E00007FFA7FFA127056A8(_t29, _t51, _t51);
				_t81 = _t51;
				goto 0x126f2a75;
				 *(_t84 + 0x10) = _t94;
				 *((long long*)(_t84 + 0x18)) = _t57;
				if (_t87 - 0x10 < 0) goto 0x126f2ad4;
				memmove(_t99, _t96, _t83);
				 *((intOrPtr*)(_t81 + _t97)) = r15b;
				 *((char*)(_t81 + _t97 + 1)) = 0;
				if (_t87 + 1 - 0x1000 < 0) goto 0x126f2ac3;
				_t20 =  *_t84 -  *((intOrPtr*)( *_t84 - 8)) - 8; // 0x7ffffffffffffff7
				if (_t20 - 0x1f > 0) goto 0x126f2acd;
				E00007FFA7FFA127056E4();
				goto 0x126f2ae6;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t33 = memmove(??, ??, ??);
				 *((intOrPtr*)(_t81 + _t97)) = r15b;
				 *((char*)(_t81 + _t97 + 1)) = 0;
				 *_t84 = _t81;
				return _t33;
			}





















                                                                                                                0x7ffa126f29b0
                                                                                                                0x7ffa126f29ba
                                                                                                                0x7ffa126f29be
                                                                                                                0x7ffa126f29cf
                                                                                                                0x7ffa126f29d6
                                                                                                                0x7ffa126f29dc
                                                                                                                0x7ffa126f29e2
                                                                                                                0x7ffa126f29e7
                                                                                                                0x7ffa126f29eb
                                                                                                                0x7ffa126f29f0
                                                                                                                0x7ffa126f29f5
                                                                                                                0x7ffa126f29fc
                                                                                                                0x7ffa126f2a03
                                                                                                                0x7ffa126f2a0b
                                                                                                                0x7ffa126f2a14
                                                                                                                0x7ffa126f2a20
                                                                                                                0x7ffa126f2a24
                                                                                                                0x7ffa126f2a2e
                                                                                                                0x7ffa126f2a30
                                                                                                                0x7ffa126f2a37
                                                                                                                0x7ffa126f2a3d
                                                                                                                0x7ffa126f2a49
                                                                                                                0x7ffa126f2a51
                                                                                                                0x7ffa126f2a53
                                                                                                                0x7ffa126f2a5b
                                                                                                                0x7ffa126f2a5f
                                                                                                                0x7ffa126f2a64
                                                                                                                0x7ffa126f2a69
                                                                                                                0x7ffa126f2a6e
                                                                                                                0x7ffa126f2a71
                                                                                                                0x7ffa126f2a75
                                                                                                                0x7ffa126f2a7c
                                                                                                                0x7ffa126f2a87
                                                                                                                0x7ffa126f2a8f
                                                                                                                0x7ffa126f2a98
                                                                                                                0x7ffa126f2a9c
                                                                                                                0x7ffa126f2aa9
                                                                                                                0x7ffa126f2ab6
                                                                                                                0x7ffa126f2abe
                                                                                                                0x7ffa126f2ac6
                                                                                                                0x7ffa126f2acb
                                                                                                                0x7ffa126f2acd
                                                                                                                0x7ffa126f2ad3
                                                                                                                0x7ffa126f2ad7
                                                                                                                0x7ffa126f2adc
                                                                                                                0x7ffa126f2ae0
                                                                                                                0x7ffa126f2ae6
                                                                                                                0x7ffa126f2b09

                                                                                                                APIs
                                                                                                                • memmove.VCRUNTIME140(?,?,?,?,?,?,00000000,00007FFA12704980), ref: 00007FFA126F2A8F
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,00007FFA12704980), ref: 00007FFA126F2ACD
                                                                                                                • memmove.VCRUNTIME140(?,?,?,?,?,?,00000000,00007FFA12704980), ref: 00007FFA126F2AD7
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA126F2B10
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 2016347663-0
                                                                                                                • Opcode ID: 89b5b9bc3c51725a82197f677c97ae6df0fd29904b2dcb88690343892e0ae213
                                                                                                                • Instruction ID: 62d00a659b7545d890be47636f15ad6b6564f92d7bf33dc2c75d686eba5b6787
                                                                                                                • Opcode Fuzzy Hash: 89b5b9bc3c51725a82197f677c97ae6df0fd29904b2dcb88690343892e0ae213
                                                                                                                • Instruction Fuzzy Hash: 2331E421709F8195FF209B15A514269A3A2EB06BE0F598A31DF6D0B7DDDFBCE0518B04
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F6430 Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 31%
                                                                                                                			E00007FFA7FFA126F6430(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __rsi, void* __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				long long _v56;
				char _v64;
				void* _v72;
				char _v88;
				void* __rdi;
				void* _t31;
				void* _t37;
				void* _t43;
				void* _t51;
				void* _t55;
				long long _t57;
				intOrPtr* _t59;
				long long _t61;
				long long _t83;
				void* _t86;
				void* _t98;
				void* _t101;

				_t84 = __rsi;
				_t57 = __rax;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __r9;
				_a8 = __rcx;
				_t101 = __r8;
				_t61 = __rcx;
				_t31 = E00007FFA7FFA12716670(__rax);
				if (_t57 == 0) goto 0x126f647e;
				r10d =  *((intOrPtr*)(__rcx + 0x28));
				if ( *_t57 != r10d) goto 0x126f647e;
				goto 0x126f64fe;
				_v56 = __rcx + 0x10;
				__imp__AcquireSRWLockShared();
				E00007FFA7FFA127056A8(_t31, _t57, __rcx + 0x10);
				_v64 = _t57;
				if (_t57 == 0) goto 0x126f64bf;
				E00007FFA7FFA126F9AD0(_t43,  *((intOrPtr*)(_t61 + 0x28)), _t51, _t61, _t57, _t61 + 0x38, _t61 + 0x30);
				_t83 = _t57;
				goto 0x126f64c3;
				__imp__ReleaseSRWLockShared();
				E00007FFA7FFA12716670(_t57);
				_t55 = _t57 - _t83;
				if (_t55 == 0) goto 0x126f64f6;
				_v88 = 1;
				E00007FFA7FFA12716E20( *((intOrPtr*)(_t61 + 0x28)), _t57, _t61, _t61 + 0x48, 0x126fc340, _t83, __rsi, _t86,  *((intOrPtr*)(_t61 + 0x48)), _t83, _t98);
				_v64 = _t83;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t83 + 0x128))))))();
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				_t37 = E00007FFA7FFA126F8A90( &_v72, _t101);
				_t22 = _t83 + 8; // 0x8
				E00007FFA7FFA1270E2D0(_t37, _t61, _a32, _t83, _t84, _t86, _t22);
				_t59 = _v72;
				 *_t59 =  *_t59 - 1;
				if (_t55 != 0) goto 0x126f657e;
				 *((intOrPtr*)(_t59 + 4)) = 0;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t55 < 0) goto 0x126f657e;
				if (0x80000000 - 0x80000000 <= 0) goto 0x126f657e;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x126f657e;
				E00007FFA7FFA126FD940(_t59 + 8);
				SetEvent(??);
				return E00007FFA7FFA126FA810(_t61,  &_v64);
			}





















                                                                                                                0x7ffa126f6430
                                                                                                                0x7ffa126f6430
                                                                                                                0x7ffa126f6430
                                                                                                                0x7ffa126f6435
                                                                                                                0x7ffa126f643a
                                                                                                                0x7ffa126f643f
                                                                                                                0x7ffa126f6454
                                                                                                                0x7ffa126f645a
                                                                                                                0x7ffa126f6461
                                                                                                                0x7ffa126f646c
                                                                                                                0x7ffa126f646e
                                                                                                                0x7ffa126f6475
                                                                                                                0x7ffa126f6479
                                                                                                                0x7ffa126f6482
                                                                                                                0x7ffa126f648a
                                                                                                                0x7ffa126f6496
                                                                                                                0x7ffa126f649b
                                                                                                                0x7ffa126f64a3
                                                                                                                0x7ffa126f64b3
                                                                                                                0x7ffa126f64b8
                                                                                                                0x7ffa126f64bd
                                                                                                                0x7ffa126f64c6
                                                                                                                0x7ffa126f64d0
                                                                                                                0x7ffa126f64d5
                                                                                                                0x7ffa126f64d8
                                                                                                                0x7ffa126f64da
                                                                                                                0x7ffa126f64f1
                                                                                                                0x7ffa126f64fe
                                                                                                                0x7ffa126f6514
                                                                                                                0x7ffa126f651d
                                                                                                                0x7ffa126f652b
                                                                                                                0x7ffa126f6531
                                                                                                                0x7ffa126f653b
                                                                                                                0x7ffa126f6541
                                                                                                                0x7ffa126f6546
                                                                                                                0x7ffa126f6549
                                                                                                                0x7ffa126f654b
                                                                                                                0x7ffa126f6557
                                                                                                                0x7ffa126f655b
                                                                                                                0x7ffa126f655f
                                                                                                                0x7ffa126f6566
                                                                                                                0x7ffa126f6568
                                                                                                                0x7ffa126f656d
                                                                                                                0x7ffa126f656f
                                                                                                                0x7ffa126f6577
                                                                                                                0x7ffa126f65a1

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LockShared$?flush@?$basic_ostream@AcquireD@std@@@std@@EventReleaseU?$char_traits@V12@
                                                                                                                • String ID:
                                                                                                                • API String ID: 3106982728-0
                                                                                                                • Opcode ID: afc33a7c46e055b87590330ca59edfbe107defa0812bb5b879477dd3e6978315
                                                                                                                • Instruction ID: 840e3b4564a3ec335c549735d322fd48af17c7c7b3f410005d6badbfd08294d6
                                                                                                                • Opcode Fuzzy Hash: afc33a7c46e055b87590330ca59edfbe107defa0812bb5b879477dd3e6978315
                                                                                                                • Instruction Fuzzy Hash: FC419132A08B4296DB01DB65D4101AA73A0FF86BA4F42C431EE6D1779DDF7CD959CB80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F62B0 Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 34%
                                                                                                                			E00007FFA7FFA126F62B0(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __rsi, void* __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				long long _v56;
				char _v64;
				void* _v72;
				char _v88;
				void* __rdi;
				void* _t31;
				void* _t42;
				void* _t50;
				void* _t54;
				long long _t56;
				intOrPtr* _t58;
				long long _t60;
				long long _t82;
				void* _t85;
				void* _t97;
				void* _t100;

				_t56 = __rax;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __r9;
				_a8 = __rcx;
				_t100 = __r8;
				_t60 = __rcx;
				_t31 = E00007FFA7FFA12716670(__rax);
				if (_t56 == 0) goto 0x126f62fe;
				r10d =  *((intOrPtr*)(__rcx + 0x28));
				if ( *_t56 != r10d) goto 0x126f62fe;
				goto 0x126f637e;
				_v56 = __rcx + 0x10;
				__imp__AcquireSRWLockShared();
				E00007FFA7FFA127056A8(_t31, _t56, __rcx + 0x10);
				_v64 = _t56;
				if (_t56 == 0) goto 0x126f633f;
				E00007FFA7FFA126F9AD0(_t42,  *((intOrPtr*)(_t60 + 0x28)), _t50, _t60, _t56, _t60 + 0x38, _t60 + 0x30);
				_t82 = _t56;
				goto 0x126f6343;
				__imp__ReleaseSRWLockShared();
				E00007FFA7FFA12716670(_t56);
				_t54 = _t56 - _t82;
				if (_t54 == 0) goto 0x126f6376;
				_v88 = 1;
				E00007FFA7FFA12716E20( *((intOrPtr*)(_t60 + 0x28)), _t56, _t60, _t60 + 0x48, 0x126fc340, _t82, __rsi, _t85,  *((intOrPtr*)(_t60 + 0x48)), _t82, _t97);
				_v64 = _t82;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t82 + 0x128))))))();
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				E00007FFA7FFA126F8A90( &_v72, _t100);
				E00007FFA7FFA1270DF50();
				_t58 = _v72;
				 *_t58 =  *_t58 - 1;
				if (_t54 != 0) goto 0x126f63fe;
				 *((intOrPtr*)(_t58 + 4)) = 0;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t54 < 0) goto 0x126f63fe;
				if (0x80000000 - 0x80000000 <= 0) goto 0x126f63fe;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x126f63fe;
				E00007FFA7FFA126FD940(_t58 + 8);
				SetEvent(??);
				return E00007FFA7FFA126FA810(_t60,  &_v64);
			}




















                                                                                                                0x7ffa126f62b0
                                                                                                                0x7ffa126f62b0
                                                                                                                0x7ffa126f62b5
                                                                                                                0x7ffa126f62ba
                                                                                                                0x7ffa126f62bf
                                                                                                                0x7ffa126f62d4
                                                                                                                0x7ffa126f62da
                                                                                                                0x7ffa126f62e1
                                                                                                                0x7ffa126f62ec
                                                                                                                0x7ffa126f62ee
                                                                                                                0x7ffa126f62f5
                                                                                                                0x7ffa126f62f9
                                                                                                                0x7ffa126f6302
                                                                                                                0x7ffa126f630a
                                                                                                                0x7ffa126f6316
                                                                                                                0x7ffa126f631b
                                                                                                                0x7ffa126f6323
                                                                                                                0x7ffa126f6333
                                                                                                                0x7ffa126f6338
                                                                                                                0x7ffa126f633d
                                                                                                                0x7ffa126f6346
                                                                                                                0x7ffa126f6350
                                                                                                                0x7ffa126f6355
                                                                                                                0x7ffa126f6358
                                                                                                                0x7ffa126f635a
                                                                                                                0x7ffa126f6371
                                                                                                                0x7ffa126f637e
                                                                                                                0x7ffa126f6394
                                                                                                                0x7ffa126f639d
                                                                                                                0x7ffa126f63ab
                                                                                                                0x7ffa126f63bb
                                                                                                                0x7ffa126f63c1
                                                                                                                0x7ffa126f63c6
                                                                                                                0x7ffa126f63c9
                                                                                                                0x7ffa126f63cb
                                                                                                                0x7ffa126f63d7
                                                                                                                0x7ffa126f63db
                                                                                                                0x7ffa126f63df
                                                                                                                0x7ffa126f63e6
                                                                                                                0x7ffa126f63e8
                                                                                                                0x7ffa126f63ed
                                                                                                                0x7ffa126f63ef
                                                                                                                0x7ffa126f63f7
                                                                                                                0x7ffa126f6421

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LockShared$?flush@?$basic_ostream@AcquireD@std@@@std@@EventReleaseU?$char_traits@V12@
                                                                                                                • String ID:
                                                                                                                • API String ID: 3106982728-0
                                                                                                                • Opcode ID: c63b4ed83c83b838a0fbea9b1c0e3767ce5b8c2c4c918cd10913b58dd98661b7
                                                                                                                • Instruction ID: 2815a25913824e1bac440c1dd5019f2636f93577907fe681b3750e63ccfc5183
                                                                                                                • Opcode Fuzzy Hash: c63b4ed83c83b838a0fbea9b1c0e3767ce5b8c2c4c918cd10913b58dd98661b7
                                                                                                                • Instruction Fuzzy Hash: 6741B232609A4296DF05CB25D4100AE63A0FF87BA4F429431DE6D4779DDF7CD959CB80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E9100 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E00007FFA7FFA126E9100(long long __rbx, long long* __rcx, void* __rdx, signed int __r8, long long __r14) {
				void* _t21;
				void* _t22;
				void* _t25;
				void* _t41;
				long long _t42;
				long long* _t46;
				signed long long _t51;
				unsigned long long _t61;
				void* _t65;
				int _t72;
				long long _t75;
				unsigned long long _t76;
				void* _t78;
				long long _t87;
				void* _t89;

				 *((long long*)(_t78 + 0x10)) = __rbx;
				 *((long long*)(_t78 + 0x18)) = _t75;
				_t76 =  *((intOrPtr*)(__rcx + 0x18));
				_t46 = __rcx;
				if (__r8 - _t76 > 0) goto 0x126e9145;
				if (_t76 - 0x10 < 0) goto 0x126e9130;
				 *((long long*)(__rcx + 0x10)) = __r8;
				_t21 = memmove(_t89, _t65, _t72);
				 *((char*)( *((intOrPtr*)(__rcx)) + __r8)) = 0;
				goto 0x126e9234;
				if (__r8 - 0xffffffff > 0) goto 0x126e9251;
				 *((long long*)(_t78 - 0x20 + 0x40)) = __r14;
				_t51 = __r8 | 0x0000000f;
				if (_t51 - 0xffffffff > 0) goto 0x126e91a3;
				_t61 = _t76 >> 1;
				if (_t76 - 0xffffffff - _t61 > 0) goto 0x126e91a3;
				_t41 = _t61 + _t76;
				_t8 = ( <  ? _t41 : _t51) + 1; // 0x100000001
				_t42 = _t8;
				if (_t42 - 0x1000 < 0) goto 0x126e91c9;
				_t9 = _t42 + 0x27; // 0x100000028
				if (_t9 - _t42 <= 0) goto 0x126e9257;
				goto 0x126e91ad;
				_t22 = E00007FFA7FFA127056A8(_t21, _t42, 0x27);
				if (_t42 == 0) goto 0x126e924a;
				_t10 = _t42 + 0x27; // 0x27
				 *((long long*)((_t10 & 0xffffffe0) - 8)) = _t42;
				goto 0x126e91de;
				if (_t42 == 0) goto 0x126e91db;
				E00007FFA7FFA127056A8(_t22, _t42, _t42);
				_t87 = _t42;
				goto 0x126e91de;
				r14d = 0;
				 *((long long*)(_t46 + 0x10)) = __r8;
				 *((long long*)(_t46 + 0x18)) =  <  ? _t41 : _t51;
				memmove(??, ??, ??);
				 *((char*)(_t87 + __r8)) = 0;
				if (_t76 - 0x10 < 0) goto 0x126e922c;
				_t15 = _t76 + 1; // 0x10
				if (_t15 - 0x1000 < 0) goto 0x126e9227;
				if ( *_t46 -  *((intOrPtr*)( *_t46 - 8)) - 8 - 0x1f > 0) goto 0x126e924a;
				_t25 = E00007FFA7FFA127056E4();
				 *_t46 = _t87;
				return _t25;
			}


















                                                                                                                0x7ffa126e9100
                                                                                                                0x7ffa126e9105
                                                                                                                0x7ffa126e9112
                                                                                                                0x7ffa126e911c
                                                                                                                0x7ffa126e9122
                                                                                                                0x7ffa126e912b
                                                                                                                0x7ffa126e9130
                                                                                                                0x7ffa126e9137
                                                                                                                0x7ffa126e913c
                                                                                                                0x7ffa126e9140
                                                                                                                0x7ffa126e9152
                                                                                                                0x7ffa126e915b
                                                                                                                0x7ffa126e9160
                                                                                                                0x7ffa126e9167
                                                                                                                0x7ffa126e916f
                                                                                                                0x7ffa126e9178
                                                                                                                0x7ffa126e917a
                                                                                                                0x7ffa126e9188
                                                                                                                0x7ffa126e9188
                                                                                                                0x7ffa126e9192
                                                                                                                0x7ffa126e9194
                                                                                                                0x7ffa126e919b
                                                                                                                0x7ffa126e91a1
                                                                                                                0x7ffa126e91ad
                                                                                                                0x7ffa126e91b5
                                                                                                                0x7ffa126e91bb
                                                                                                                0x7ffa126e91c3
                                                                                                                0x7ffa126e91c7
                                                                                                                0x7ffa126e91cc
                                                                                                                0x7ffa126e91d1
                                                                                                                0x7ffa126e91d6
                                                                                                                0x7ffa126e91d9
                                                                                                                0x7ffa126e91db
                                                                                                                0x7ffa126e91e1
                                                                                                                0x7ffa126e91e8
                                                                                                                0x7ffa126e91ef
                                                                                                                0x7ffa126e91f4
                                                                                                                0x7ffa126e91fd
                                                                                                                0x7ffa126e9202
                                                                                                                0x7ffa126e920d
                                                                                                                0x7ffa126e9222
                                                                                                                0x7ffa126e9227
                                                                                                                0x7ffa126e922c
                                                                                                                0x7ffa126e9249

                                                                                                                APIs
                                                                                                                • memmove.VCRUNTIME140(?,00000000,?,00007FFA126F2B4F,?,?,?,?,?,?,?,?,?,?,00000000,00007FFA12704980), ref: 00007FFA126E9137
                                                                                                                • memmove.VCRUNTIME140(?,00000000,?,00007FFA126F2B4F,?,?,?,?,?,?,?,?,?,?,00000000,00007FFA12704980), ref: 00007FFA126E91EF
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,00007FFA126F2B4F,?,?,?,?,?,?,?,?,?,?,00000000,00007FFA12704980), ref: 00007FFA126E924A
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA126E9257
                                                                                                                  • Part of subcall function 00007FFA127056A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA126E8F4E), ref: 00007FFA127056C2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2075926362-0
                                                                                                                • Opcode ID: 97b568ff606c6f9234d7d667734f0f7e8e76229e7529599d0345874e8aa86c93
                                                                                                                • Instruction ID: 807957d3ede792e4dcc513912b3643618ade768e403c12e2e0dea0ee4f1b8168
                                                                                                                • Opcode Fuzzy Hash: 97b568ff606c6f9234d7d667734f0f7e8e76229e7529599d0345874e8aa86c93
                                                                                                                • Instruction Fuzzy Hash: 4231D22171AE8284FE18DB5195482B922E1EF46FE0F558531EA3D07BCDDEBCE4858B00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126ED4C0 Relevance: 6.1, APIs: 4, Instructions: 82COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 29%
                                                                                                                			E00007FFA7FFA126ED4C0(long long __rax, long long __rbx, signed long long* __rcx, void* __rdx, long long __rsi) {
				void* _t18;
				void* _t20;
				long long _t30;
				signed long long _t32;
				signed long long* _t35;
				void* _t39;
				long long _t41;
				void* _t45;
				signed long long _t52;
				long long _t54;
				signed long long _t55;
				void* _t57;

				 *((long long*)(_t57 + 0x10)) = __rbx;
				 *((long long*)(_t57 + 0x18)) = _t54;
				 *((long long*)(__rcx)) = __rax;
				_t35 = __rcx;
				 *((long long*)(__rcx + 0x10)) = __rax;
				 *((long long*)(__rcx + 0x18)) = __rax;
				_t55 =  *((intOrPtr*)(__rdx + 0x10));
				if ( *((long long*)(__rdx + 0x18)) - 0x10 < 0) goto 0x126ed4f0;
				 *((long long*)(_t57 - 0x20 + 0x30)) = __rsi;
				if (_t55 - 0x10 >= 0) goto 0x126ed508;
				asm("movups xmm0, [edi]");
				asm("movups [ecx], xmm0");
				goto 0x126ed577;
				_t52 =  >  ? 0xffffffff : _t55 | 0x0000000f;
				_t39 = _t52 + 1;
				if (_t39 - 0x1000 < 0) goto 0x126ed55b;
				_t30 = _t39 + 0x27;
				if (_t30 - _t39 <= 0) goto 0x126ed597;
				_t18 = E00007FFA7FFA127056A8(0, _t30, _t30);
				_t41 = _t30;
				if (_t30 == 0) goto 0x126ed554;
				_t32 = _t30 + 0x00000027 & 0xffffffe0;
				 *((long long*)(_t32 - 8)) = _t41;
				goto 0x126ed565;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				if (_t41 == 0) goto 0x126ed565;
				E00007FFA7FFA127056A8(_t18, _t32, _t41);
				 *_t35 = _t32;
				_t20 = memmove(_t45, ??);
				_t35[2] = _t55;
				_t35[3] = _t52;
				return _t20;
			}















                                                                                                                0x7ffa126ed4c0
                                                                                                                0x7ffa126ed4c5
                                                                                                                0x7ffa126ed4d4
                                                                                                                0x7ffa126ed4d7
                                                                                                                0x7ffa126ed4da
                                                                                                                0x7ffa126ed4de
                                                                                                                0x7ffa126ed4e7
                                                                                                                0x7ffa126ed4eb
                                                                                                                0x7ffa126ed4f0
                                                                                                                0x7ffa126ed4f9
                                                                                                                0x7ffa126ed4fb
                                                                                                                0x7ffa126ed503
                                                                                                                0x7ffa126ed506
                                                                                                                0x7ffa126ed51c
                                                                                                                0x7ffa126ed520
                                                                                                                0x7ffa126ed52b
                                                                                                                0x7ffa126ed52d
                                                                                                                0x7ffa126ed534
                                                                                                                0x7ffa126ed539
                                                                                                                0x7ffa126ed53e
                                                                                                                0x7ffa126ed544
                                                                                                                0x7ffa126ed54a
                                                                                                                0x7ffa126ed54e
                                                                                                                0x7ffa126ed552
                                                                                                                0x7ffa126ed554
                                                                                                                0x7ffa126ed55a
                                                                                                                0x7ffa126ed55e
                                                                                                                0x7ffa126ed560
                                                                                                                0x7ffa126ed569
                                                                                                                0x7ffa126ed572
                                                                                                                0x7ffa126ed577
                                                                                                                0x7ffa126ed57e
                                                                                                                0x7ffa126ed596

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFA126EE21C,?,?,?,00007FFA126FD6C2), ref: 00007FFA126ED554
                                                                                                                • memmove.VCRUNTIME140(?,?,?,00007FFA126EE21C,?,?,?,00007FFA126FD6C2), ref: 00007FFA126ED572
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA126ED597
                                                                                                                • __std_exception_copy.VCRUNTIME140(?,?,?,?,?,?,?,00007FFA126EE21C,?,?,?,00007FFA126FD6C2), ref: 00007FFA126ED5C4
                                                                                                                  • Part of subcall function 00007FFA127056A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA126E8F4E), ref: 00007FFA127056C2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Concurrency::cancel_current_task__std_exception_copy_invalid_parameter_noinfo_noreturnmallocmemmove
                                                                                                                • String ID:
                                                                                                                • API String ID: 3686582625-0
                                                                                                                • Opcode ID: cce12c65991343c6079664bc75ef51f488c916a5ef3b5d47c46880943e65cc4b
                                                                                                                • Instruction ID: a2d24b324e6c486c1b6a5055e917885abd6df6cbd7a0c2d3e44e02084cfbe062
                                                                                                                • Opcode Fuzzy Hash: cce12c65991343c6079664bc75ef51f488c916a5ef3b5d47c46880943e65cc4b
                                                                                                                • Instruction Fuzzy Hash: 3531EE22A09F4184EB04DB59E4001B923E4EF1ABA8F558630EA7C07BD9EF7CE191C740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E8C80 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memchr.VCRUNTIME140(00000001,00000000,?,00007FFA126E45CE), ref: 00007FFA126E8CAA
                                                                                                                • memmove.VCRUNTIME140(00000001,00000000,?,00007FFA126E45CE), ref: 00007FFA126E8D4F
                                                                                                                  • Part of subcall function 00007FFA126EBA30: memmove.VCRUNTIME140 ref: 00007FFA126EBA87
                                                                                                                • memchr.VCRUNTIME140(00000001,00000000,?,00007FFA126E45CE), ref: 00007FFA126E8CF5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memchrmemmove
                                                                                                                • String ID: unmatched '}' in format string
                                                                                                                • API String ID: 1132781299-1164737745
                                                                                                                • Opcode ID: e3a4b6110c697d36bd24bbe5557a8b97f08152c800b349514c7e98e6efbc01b0
                                                                                                                • Instruction ID: f9ab2a9d8708dab6c8658d03beab8dd82378f3c3559c7ffdb08309b0507f3634
                                                                                                                • Opcode Fuzzy Hash: e3a4b6110c697d36bd24bbe5557a8b97f08152c800b349514c7e98e6efbc01b0
                                                                                                                • Instruction Fuzzy Hash: C421B162B08E8182EA15DF12E5442AEA3A0FF46FE4F0A8032DF5C07799EE7CD446C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12716A20 Relevance: 6.1, APIs: 4, Instructions: 63COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 16%
                                                                                                                			E00007FFA7FFA12716A20(void* __ecx, void* __edx, void* __rax, long long __rbx, void* __rcx, long long __rdi, long long __rsi, long long _a8, long long _a16, long long _a24) {
				void* _t40;
				intOrPtr* _t46;
				intOrPtr _t59;
				void* _t62;

				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t62 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x10)) == 0) goto 0x12716b03;
				E00007FFA7FFA12716690( *((intOrPtr*)(__rcx + 0x10)), __rax, __rbx, __rcx, __rcx);
				if ( *((intOrPtr*)(_t62 + 0x10)) != 0) goto 0x12716a54;
				goto 0x12716ad4;
				 *((intOrPtr*)(_t62 + 0x10)) = 0;
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				_t46 =  *((intOrPtr*)(_t62 + 0x18));
				_t59 =  *((intOrPtr*)(_t62 + 0x20));
				if (_t46 == _t59) goto 0x12716a9f;
				asm("o16 nop [eax+eax]");
				 *((char*)( *_t46 + 0x14)) = 1;
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				if (_t46 + 8 != _t59) goto 0x12716a80;
				E00007FFA7FFA12714250(_t46 + 8,  *((intOrPtr*)(_t62 + 0x18)),  *((intOrPtr*)(_t62 + 0x20)), _t62);
				 *((long long*)(_t62 + 0x20)) =  *((intOrPtr*)(_t62 + 0x18));
				_t40 =  *((intOrPtr*)(_t62 + 0x30)) - 1 - 0xfffffffd;
				if (_t40 > 0) goto 0x12716acc;
				CloseHandle(??);
				 *((long long*)(_t62 + 0x30)) = 0;
				asm("lock xadd [esi], eax");
				asm("bt eax, 0x1e");
				if (_t40 < 0) goto 0x12716b03;
				if (0x80000000 - 0x80000000 <= 0) goto 0x12716b03;
				asm("lock bts dword [esi], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x12716b03;
				E00007FFA7FFA126FD940(_t62);
				return SetEvent(??);
			}







                                                                                                                0x7ffa12716a20
                                                                                                                0x7ffa12716a25
                                                                                                                0x7ffa12716a2a
                                                                                                                0x7ffa12716a35
                                                                                                                0x7ffa12716a3d
                                                                                                                0x7ffa12716a43
                                                                                                                0x7ffa12716a4d
                                                                                                                0x7ffa12716a4f
                                                                                                                0x7ffa12716a54
                                                                                                                0x7ffa12716a5b
                                                                                                                0x7ffa12716a62
                                                                                                                0x7ffa12716a68
                                                                                                                0x7ffa12716a6c
                                                                                                                0x7ffa12716a73
                                                                                                                0x7ffa12716a75
                                                                                                                0x7ffa12716a86
                                                                                                                0x7ffa12716a8a
                                                                                                                0x7ffa12716a90
                                                                                                                0x7ffa12716a9d
                                                                                                                0x7ffa12716aab
                                                                                                                0x7ffa12716ab4
                                                                                                                0x7ffa12716ac0
                                                                                                                0x7ffa12716ac4
                                                                                                                0x7ffa12716ac6
                                                                                                                0x7ffa12716acc
                                                                                                                0x7ffa12716ad9
                                                                                                                0x7ffa12716add
                                                                                                                0x7ffa12716ae1
                                                                                                                0x7ffa12716ae8
                                                                                                                0x7ffa12716aea
                                                                                                                0x7ffa12716aef
                                                                                                                0x7ffa12716af4
                                                                                                                0x7ffa12716b18

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ReleaseSemaphore$CloseEventHandleObjectSingleWait
                                                                                                                • String ID:
                                                                                                                • API String ID: 568734227-0
                                                                                                                • Opcode ID: 9236d54c9f8004cdcccdb61e91e6bfd2483121a615e91c4b9fed31d8ba419f9e
                                                                                                                • Instruction ID: dc273165e3203f127adbdafbb9e1c91fdcd8094f4d6cde54862f1f2e45fe66b3
                                                                                                                • Opcode Fuzzy Hash: 9236d54c9f8004cdcccdb61e91e6bfd2483121a615e91c4b9fed31d8ba419f9e
                                                                                                                • Instruction Fuzzy Hash: B0212321A15E4287EB609B15E44436B73B0FF86BA0F159131DB9E43B99EF7CE4498B40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E1B70 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmovememset
                                                                                                                • String ID: 0123456789ABCDEF$0123456789abcdef
                                                                                                                • API String ID: 1288253900-885041942
                                                                                                                • Opcode ID: 0103df9f0cf36cab03a71a0973b504f73d6bc333af0cbd4df2281995c3c09994
                                                                                                                • Instruction ID: 2224abe3fd323953a616adebf7c83b291b4ea51f4384587e95e9318a9f72ad2d
                                                                                                                • Opcode Fuzzy Hash: 0103df9f0cf36cab03a71a0973b504f73d6bc333af0cbd4df2281995c3c09994
                                                                                                                • Instruction Fuzzy Hash: 60216AA2A05F8582EA14CF06E5401A9BBA1FB4AFD0B199472DB8D07B59EE3CD445CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E1AA0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmovememset
                                                                                                                • String ID: 0123456789ABCDEF$0123456789abcdef
                                                                                                                • API String ID: 1288253900-885041942
                                                                                                                • Opcode ID: 3243a9616e88c44d7496df093ef204c03e19f444df9bf1332a5cfe5c19237609
                                                                                                                • Instruction ID: 2f4a532444ed9718fe069d02d48f9ecd6bac25fada5885ee026e0b0f012bf005
                                                                                                                • Opcode Fuzzy Hash: 3243a9616e88c44d7496df093ef204c03e19f444df9bf1332a5cfe5c19237609
                                                                                                                • Instruction Fuzzy Hash: CF2162A2705F8581EB14CF16E9401AAB7A1FB4ABD47198432DB8D47B59EE7CD451C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12719E50 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionLockSharedThrow$AcquireRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 1623387717-0
                                                                                                                • Opcode ID: 821d38cad4e8f632898ec663a9c87fc73b7f9fa64378656b3521347ee09f09fd
                                                                                                                • Instruction ID: 22ef511b669de2485b203173aa2b010eb129d82f1ca6bc2b4f828588f56a83e2
                                                                                                                • Opcode Fuzzy Hash: 821d38cad4e8f632898ec663a9c87fc73b7f9fa64378656b3521347ee09f09fd
                                                                                                                • Instruction Fuzzy Hash: 69014B67A04B4486EB08DB32E55137E23A1EF8ABD5F19D435DE0E0B759EF78D05A8600
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12718850 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionLockSharedThrow$AcquireRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 1623387717-0
                                                                                                                • Opcode ID: c832f7f00a28b77cced1eefa34c85cae082805bf7e02fe3fa8d7180f7810be2b
                                                                                                                • Instruction ID: 4a835137debb2f114698ef49789141e13efc02e6d2940670bb35f6a8cf49f40b
                                                                                                                • Opcode Fuzzy Hash: c832f7f00a28b77cced1eefa34c85cae082805bf7e02fe3fa8d7180f7810be2b
                                                                                                                • Instruction Fuzzy Hash: 4FF0816BA14B0486EB08DF31E90137A13B1EF87BD4F19C435DE4D0B659DF78D05A8600
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12718920 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionLockSharedThrow$AcquireRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 1623387717-0
                                                                                                                • Opcode ID: b30508edd93f378d34823121abbe860d8cef95497a92132c4ce0266ae7febd1f
                                                                                                                • Instruction ID: 8478360cc01cae98b08349960ce6c4e17eb35b36d54275f3c166b8ad5856c0a4
                                                                                                                • Opcode Fuzzy Hash: b30508edd93f378d34823121abbe860d8cef95497a92132c4ce0266ae7febd1f
                                                                                                                • Instruction Fuzzy Hash: C8F081ABA04B4586EB18DF31E50137A53A1FF87BD4F19C435DE4D0B659DF78D11A8600
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA127189D0 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionLockSharedThrow$AcquireRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 1623387717-0
                                                                                                                • Opcode ID: 57b2854b0f65e5e374a08cde8f6c634fec4e12c1195dc384bbd9ce2569a39ea6
                                                                                                                • Instruction ID: 771c9f93ff0f559789f4ab1f18601da4f2e8f58b0c8d4e016561c72a7b1be621
                                                                                                                • Opcode Fuzzy Hash: 57b2854b0f65e5e374a08cde8f6c634fec4e12c1195dc384bbd9ce2569a39ea6
                                                                                                                • Instruction Fuzzy Hash: 62F08167A04B0486EB1CDF32E54037A13A1EF8BBE5F19D435DE4D07649DF78D05A8600
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA1270D940 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FFA1270A323,?,?,00000038,?,00000000,00007FFA1270A52E,?,?,00000008,00007FFA126F8792), ref: 00007FFA1270D950
                                                                                                                • SleepConditionVariableSRW.KERNEL32(?,?,?,00007FFA1270A323,?,?,00000038,?,00000000,00007FFA1270A52E,?,?,00000008,00007FFA126F8792), ref: 00007FFA1270D987
                                                                                                                • ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FFA1270A323,?,?,00000038,?,00000000,00007FFA1270A52E,?,?,00000008,00007FFA126F8792), ref: 00007FFA1270D9A2
                                                                                                                • ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FFA1270A323,?,?,00000038,?,00000000,00007FFA1270A52E,?,?,00000008,00007FFA126F8792), ref: 00007FFA1270D9BA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExclusiveLock$Release$AcquireConditionSleepVariable
                                                                                                                • String ID:
                                                                                                                • API String ID: 3114648011-0
                                                                                                                • Opcode ID: 1028a7427bf02d8bddc8bc0c960c5e31dbe1d0c13ec5fc794dc8297f47e69b9b
                                                                                                                • Instruction ID: 8ce23d046efa4b5ee51c6dab1a68bbf6ddf121d2d24d08c12a070e481bf35649
                                                                                                                • Opcode Fuzzy Hash: 1028a7427bf02d8bddc8bc0c960c5e31dbe1d0c13ec5fc794dc8297f47e69b9b
                                                                                                                • Instruction Fuzzy Hash: F101C061E08D4640EB214721E8542BA27F1DF17B24F8AD071C5AD421ADEE8CD98EDF19
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126F3370 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 157COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E00007FFA7FFA126F3370(long long __rbx, long long __rcx, intOrPtr* __rdx, long long __rdi, intOrPtr* __r8) {
				void* _t39;
				signed long long _t51;
				long long _t53;
				intOrPtr _t78;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t92;

				 *((long long*)(_t87 + 0x10)) = __rbx;
				 *((long long*)(_t87 + 0x18)) = __rdi;
				_t85 = _t87 - 0x57;
				_t51 =  *0x1272ec78; // 0xf623ed34940b
				 *(_t85 + 0x4f) = _t51 ^ _t87 - 0x000000b0;
				 *((long long*)(_t85 - 9)) = __rcx;
				 *((intOrPtr*)(_t85 - 0x29)) = 0;
				 *((long long*)(__rcx)) = __rdi;
				 *((long long*)(__rcx + 0x10)) = __rdi;
				 *((long long*)(__rcx + 0x18)) = 0xf;
				 *((intOrPtr*)(__rcx)) = dil;
				 *((intOrPtr*)(_t85 - 0x29)) = 1;
				_t53 =  *((intOrPtr*)(__rdx + 0x10));
				if (_t53 == 0) goto 0x126f34b5;
				_t92 =  *((intOrPtr*)(__rdx + 0x18));
				if (_t92 - 0x10 < 0) goto 0x126f33d7;
				if ( *((char*)(_t53 +  *((intOrPtr*)(__rdx)) - 1)) != 0x5c) goto 0x126f34b5;
				if (_t92 - 0x10 < 0) goto 0x126f33eb;
				 *((long long*)(_t85 + 0x1f)) =  *((intOrPtr*)(__rdx));
				 *((long long*)(_t85 + 0x27)) = _t53;
				if ( *((long long*)(__r8 + 0x18)) - 0x10 < 0) goto 0x126f3400;
				 *((long long*)(_t85 + 0x2f)) =  *((intOrPtr*)(__r8));
				 *((long long*)(_t85 + 0x37)) =  *((intOrPtr*)(__r8 + 0x10));
				 *((long long*)(_t85 - 0x39)) = 0x1ce;
				 *((long long*)(_t85 - 0x31)) = _t85 + 0x1f;
				asm("movaps xmm0, [ebp-0x39]");
				asm("movdqa [ebp-0x19], xmm0");
				 *((long long*)(_t85 - 0x39)) = 0x1271cf28;
				 *((long long*)(_t85 - 0x31)) = 4;
				E00007FFA7FFA126E49B0(__rcx, _t85 - 1, __rdi, _t83);
				if (__rcx != _t85 - 1) goto 0x126f352a;
				_t78 =  *((intOrPtr*)(_t85 + 0x17));
				if (_t78 - 0x10 < 0) goto 0x126f3491;
				if (_t78 + 1 - 0x1000 < 0) goto 0x126f348c;
				if ( *((intOrPtr*)(_t85 - 1)) -  *((intOrPtr*)( *((intOrPtr*)(_t85 - 1)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x126f35bd;
				return E00007FFA7FFA12705E20(E00007FFA7FFA127056E4(), _t39,  *(_t85 + 0x4f) ^ _t87 - 0x000000b0);
			}











                                                                                                                0x7ffa126f3370
                                                                                                                0x7ffa126f3375
                                                                                                                0x7ffa126f337b
                                                                                                                0x7ffa126f3387
                                                                                                                0x7ffa126f3391
                                                                                                                0x7ffa126f3398
                                                                                                                0x7ffa126f339e
                                                                                                                0x7ffa126f33a1
                                                                                                                0x7ffa126f33a4
                                                                                                                0x7ffa126f33a8
                                                                                                                0x7ffa126f33b0
                                                                                                                0x7ffa126f33b3
                                                                                                                0x7ffa126f33ba
                                                                                                                0x7ffa126f33c1
                                                                                                                0x7ffa126f33ca
                                                                                                                0x7ffa126f33d2
                                                                                                                0x7ffa126f33dc
                                                                                                                0x7ffa126f33e6
                                                                                                                0x7ffa126f33eb
                                                                                                                0x7ffa126f33ef
                                                                                                                0x7ffa126f33fb
                                                                                                                0x7ffa126f3404
                                                                                                                0x7ffa126f3408
                                                                                                                0x7ffa126f340c
                                                                                                                0x7ffa126f3418
                                                                                                                0x7ffa126f341c
                                                                                                                0x7ffa126f3420
                                                                                                                0x7ffa126f342c
                                                                                                                0x7ffa126f3430
                                                                                                                0x7ffa126f3444
                                                                                                                0x7ffa126f3450
                                                                                                                0x7ffa126f3456
                                                                                                                0x7ffa126f345e
                                                                                                                0x7ffa126f3471
                                                                                                                0x7ffa126f3486
                                                                                                                0x7ffa126f34b4

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126F35BD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: {}{}${}{}{}
                                                                                                                • API String ID: 3668304517-2846689003
                                                                                                                • Opcode ID: 0d7b17ab96c54cfedc1e4bcf5ec5a0e7c0eb481e5a7dedd758c77a306ae59aa9
                                                                                                                • Instruction ID: b4bbd9770ac095f9b0fbe0b6d4320150e6715d31cbe739545006323d2b7d607f
                                                                                                                • Opcode Fuzzy Hash: 0d7b17ab96c54cfedc1e4bcf5ec5a0e7c0eb481e5a7dedd758c77a306ae59aa9
                                                                                                                • Instruction Fuzzy Hash: B7615A72B09F8489FB04CF64D4943AC33A6EB49B98F418535DA6D16B98DFB8D1A8C740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126EFE60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 23%
                                                                                                                			E00007FFA7FFA126EFE60(void* __ebp, long long __rbx, void* __rcx, long long __rsi, void* __rbp, long long _a16, long long _a24) {
				void* _v8;
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v74;
				short _v76;
				intOrPtr _v80;
				char _v88;
				signed long long _v96;
				signed long long _v104;
				intOrPtr _t36;
				void* _t46;
				signed long long _t62;
				signed long long _t63;
				signed long long _t75;
				void* _t78;
				intOrPtr _t92;
				intOrPtr _t96;
				void* _t104;
				void* _t107;
				void* _t110;

				_t78 = __rcx;
				_a16 = __rbx;
				_a24 = __rsi;
				_t62 =  *0x1272ec78; // 0xf623ed34940b
				_t63 = _t62 ^ _t104 - 0x00000080;
				_v24 = _t63;
				_t4 = _t78 + 0x60; // 0x60
				E00007FFA7FFA127056A8(E00007FFA7FFA126F3D90(_t46, __rbx,  &_v56, __rsi, __rbp, _t107, _t110), _t63,  &_v56);
				_t75 = _t63;
				_v104 = _t63;
				if (_t63 == 0) goto 0x126eff5a;
				asm("xorps xmm0, xmm0");
				asm("movups [eax], xmm0");
				 *((intOrPtr*)(_t63 + 8)) = 1;
				 *((intOrPtr*)(_t63 + 0xc)) = 1;
				 *_t75 = 0x1271c988;
				_t9 = _t75 + 0x10; // 0x10
				_v64 = 0xf;
				_v72 = 0xe;
				asm("movsd xmm0, [0x2ca17]");
				asm("movsd [esp+0x30], xmm0");
				_t36 = M00007FFA7FFA1271C908; // 0x6f507861
				_v80 = _t36;
				_v76 =  *0x1271c90c & 0x0000ffff;
				_v74 = 0;
				E00007FFA7FFA126ED640(0x1271c988, _t75, _t9,  &_v88, _t63);
				_t92 = _v64;
				if (_t92 - 0x10 < 0) goto 0x126eff5c;
				if (_t92 + 1 - 0x1000 < 0) goto 0x126eff53;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126eff53;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFA7FFA127056E4();
				goto 0x126eff5c;
				_t19 = _t75 + 0x10; // 0x10
				_v104 = _t19;
				_v96 = _t75;
				E00007FFA7FFA126EC830(_t75, _t4,  &_v104, _t63);
				if (_v96 == 0) goto 0x126effb6;
				asm("lock xadd [ecx+0x8], eax");
				if (0xffffffff != 1) goto 0x126effb6;
				 *((intOrPtr*)( *_v96))();
				asm("lock xadd [ebx+0xc], edi");
				if (0xffffffff != 1) goto 0x126effb6;
				 *((intOrPtr*)( *_v96 + 8))();
				_t96 = _v32;
				if (_t96 - 0x10 < 0) goto 0x126efff6;
				if (_t96 + 1 - 0x1000 < 0) goto 0x126efff1;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x126efff1;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFA7FFA12705E20(E00007FFA7FFA127056E4(), 0x118, _v24 ^ _t104 - 0x00000080);
			}


























                                                                                                                0x7ffa126efe60
                                                                                                                0x7ffa126efe60
                                                                                                                0x7ffa126efe65
                                                                                                                0x7ffa126efe72
                                                                                                                0x7ffa126efe79
                                                                                                                0x7ffa126efe7c
                                                                                                                0x7ffa126efe81
                                                                                                                0x7ffa126efe97
                                                                                                                0x7ffa126efe9c
                                                                                                                0x7ffa126efe9f
                                                                                                                0x7ffa126efea7
                                                                                                                0x7ffa126efead
                                                                                                                0x7ffa126efeb0
                                                                                                                0x7ffa126efeb3
                                                                                                                0x7ffa126efeba
                                                                                                                0x7ffa126efec8
                                                                                                                0x7ffa126efecb
                                                                                                                0x7ffa126efecf
                                                                                                                0x7ffa126efed8
                                                                                                                0x7ffa126efee1
                                                                                                                0x7ffa126efee9
                                                                                                                0x7ffa126efeef
                                                                                                                0x7ffa126efef5
                                                                                                                0x7ffa126eff00
                                                                                                                0x7ffa126eff05
                                                                                                                0x7ffa126eff12
                                                                                                                0x7ffa126eff18
                                                                                                                0x7ffa126eff21
                                                                                                                0x7ffa126eff35
                                                                                                                0x7ffa126eff4a
                                                                                                                0x7ffa126eff4c
                                                                                                                0x7ffa126eff52
                                                                                                                0x7ffa126eff53
                                                                                                                0x7ffa126eff58
                                                                                                                0x7ffa126eff5c
                                                                                                                0x7ffa126eff60
                                                                                                                0x7ffa126eff65
                                                                                                                0x7ffa126eff72
                                                                                                                0x7ffa126eff80
                                                                                                                0x7ffa126eff89
                                                                                                                0x7ffa126eff91
                                                                                                                0x7ffa126eff9e
                                                                                                                0x7ffa126effa0
                                                                                                                0x7ffa126effa8
                                                                                                                0x7ffa126effb2
                                                                                                                0x7ffa126effb6
                                                                                                                0x7ffa126effbf
                                                                                                                0x7ffa126effd3
                                                                                                                0x7ffa126effe8
                                                                                                                0x7ffa126effea
                                                                                                                0x7ffa126efff0
                                                                                                                0x7ffa126f0017

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA126F3D90: GetTempPathW.KERNEL32 ref: 00007FFA126F3DDA
                                                                                                                  • Part of subcall function 00007FFA126F3D90: GetLastError.KERNEL32 ref: 00007FFA126F3DE4
                                                                                                                  • Part of subcall function 00007FFA126F3D90: WideCharToMultiByte.KERNEL32 ref: 00007FFA126F3E63
                                                                                                                  • Part of subcall function 00007FFA126F3D90: WideCharToMultiByte.KERNEL32 ref: 00007FFA126F3E9C
                                                                                                                  • Part of subcall function 00007FFA127056A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA126E8F4E), ref: 00007FFA127056C2
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA126EFF4C
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFA126EE1CA), ref: 00007FFA126EFFEA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide_invalid_parameter_noinfo_noreturn$ErrorLastPathTempmalloc
                                                                                                                • String ID: axPort
                                                                                                                • API String ID: 2109269352-2033187772
                                                                                                                • Opcode ID: 1cfa57f71fc9394ea72515f09181dbc67d2662ae52532e7dd95c9f3fdc505fcb
                                                                                                                • Instruction ID: 15f6eaff8b24b11807358766db062cbd5fe2d94c0e7e3bac3bc1e437640bbe7a
                                                                                                                • Opcode Fuzzy Hash: 1cfa57f71fc9394ea72515f09181dbc67d2662ae52532e7dd95c9f3fdc505fcb
                                                                                                                • Instruction Fuzzy Hash: 90416072A19F4582EA50CB25E44036A63A1FB87BB4F158235EAAD477DCDFBCD485CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA1270FF10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 16%
                                                                                                                			E00007FFA7FFA1270FF10(void* __edx, long long __rbx, signed char* __rcx, unsigned int __rdx, long long __rsi, long long __rbp, intOrPtr* __r8, void* __r9, long long _a8, long long _a16, long long _a32) {
				void* _v24;
				signed int _v40;
				char _v1572;
				void* _v1574;
				char _v1576;
				unsigned long long _t45;
				signed long long _t49;
				char* _t53;
				unsigned long long _t54;
				unsigned long long _t55;
				unsigned long long _t71;
				void* _t74;
				void* _t82;
				intOrPtr* _t89;

				_a8 = __rbx;
				_a16 = __rbp;
				_a32 = __rsi;
				_t83 = _t82 - 0x630;
				_t49 =  *0x1272ec78; // 0xf623ed34940b
				_v40 = _t49 ^ _t82 - 0x00000630;
				r15d = 0x20;
				_t74 = (_t71 >> 2 << 4) + "0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures";
				_t45 = __rdx >> 8;
				if (_t45 == 0) goto 0x1270ffe7;
				_t53 =  &_v1572;
				r9d = 0x100;
				r8d =  *__rcx & 0x000000ff;
				 *((intOrPtr*)(_t53 - 4)) = r15w;
				_t54 = _t53 + 6;
				r8d = r8d & 0x0000000f;
				 *((short*)(_t54 - 8)) =  *((char*)(( *( *__r8 + 4) >> 4) + _t74));
				 *((short*)(_t54 - 6)) =  *((char*)(__r8 + _t74));
				if (_t45 != 0) goto 0x1270ff90;
				__imp__?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEB_W_J@Z();
				if (_t45 != 0) goto 0x1270ff80;
				if (__rbp == 0) goto 0x12710038;
				_t89 =  &_v1576;
				 *_t89 = r15w;
				_t55 = _t54 >> 4;
				 *((short*)(_t89 + 2)) =  *((char*)(_t55 + _t74));
				 *((short*)(_t89 + 4)) =  *((char*)(__r8 + _t74));
				if (_t55 - __rbp < 0) goto 0x1270fff3;
				__imp__?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEB_W_J@Z();
				return E00007FFA7FFA12705E20(1, __rcx[1] & 0xf, _v40 ^ _t83);
			}

















                                                                                                                0x7ffa1270ff10
                                                                                                                0x7ffa1270ff15
                                                                                                                0x7ffa1270ff1a
                                                                                                                0x7ffa1270ff24
                                                                                                                0x7ffa1270ff2b
                                                                                                                0x7ffa1270ff35
                                                                                                                0x7ffa1270ff55
                                                                                                                0x7ffa1270ff76
                                                                                                                0x7ffa1270ff79
                                                                                                                0x7ffa1270ff7c
                                                                                                                0x7ffa1270ff80
                                                                                                                0x7ffa1270ff85
                                                                                                                0x7ffa1270ff90
                                                                                                                0x7ffa1270ff97
                                                                                                                0x7ffa1270ff9c
                                                                                                                0x7ffa1270ffa3
                                                                                                                0x7ffa1270ffaf
                                                                                                                0x7ffa1270ffb8
                                                                                                                0x7ffa1270ffc0
                                                                                                                0x7ffa1270ffd6
                                                                                                                0x7ffa1270ffe5
                                                                                                                0x7ffa1270ffea
                                                                                                                0x7ffa1270ffec
                                                                                                                0x7ffa1270fffc
                                                                                                                0x7ffa12710000
                                                                                                                0x7ffa1271000d
                                                                                                                0x7ffa12710016
                                                                                                                0x7ffa12710024
                                                                                                                0x7ffa12710032
                                                                                                                0x7ffa12710064

                                                                                                                APIs
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFA1270FFD6
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFA12710032
                                                                                                                Strings
                                                                                                                • 0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures, xrefs: 00007FFA1270FF5F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ?write@?$basic_ostream@D@std@@@std@@U?$char_traits@V12@
                                                                                                                • String ID: 0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures
                                                                                                                • API String ID: 2277189856-1814974510
                                                                                                                • Opcode ID: f674925d5cb3c8ad1a760e8ed63a0811590771809a40d4119573242e45484e6b
                                                                                                                • Instruction ID: dd38352fc27d6afc46374700c4b13f1ab36e88eca5ccc5ac7a57feb1a56e9f97
                                                                                                                • Opcode Fuzzy Hash: f674925d5cb3c8ad1a760e8ed63a0811590771809a40d4119573242e45484e6b
                                                                                                                • Instruction Fuzzy Hash: 0031E627715ED586E720CB21E4501AAB7F0FB8AB94F8AD032DA5D17718DE3CD60ACB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126E3040 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00007FFA7FFA126E3040() {
				void* _t12;
				signed long long _t17;
				long long _t20;
				long long _t24;
				long long _t25;
				void* _t28;

				 *((long long*)(_t28 + 8)) = _t20;
				 *((long long*)(_t28 + 0x18)) = _t25;
				 *((long long*)(_t28 + 0x20)) = _t24;
				_t17 =  *0x1272ec78; // 0xf623ed34940b
				 *(_t28 - 0x57 + 0x4f) = _t17 ^ _t28 - 0x000000b0;
				if (_t12 - 0x78 > 0) goto 0x126e3414;
				goto __rdx;
			}









                                                                                                                0x7ffa126e3040
                                                                                                                0x7ffa126e3045
                                                                                                                0x7ffa126e304a
                                                                                                                0x7ffa126e305c
                                                                                                                0x7ffa126e3066
                                                                                                                0x7ffa126e3074
                                                                                                                0x7ffa126e3093

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionThrow__std_exception_copy
                                                                                                                • String ID: invalid type specifier
                                                                                                                • API String ID: 1552479455-1382033351
                                                                                                                • Opcode ID: 9162a276d7ee1a2c3fcd049e53fe64bbb14d32fab991226d0c814b129e95dbb4
                                                                                                                • Instruction ID: af5366cf52029e6691270cacf4a8c34f5d20fbf71303c319a7cbb9add807399c
                                                                                                                • Opcode Fuzzy Hash: 9162a276d7ee1a2c3fcd049e53fe64bbb14d32fab991226d0c814b129e95dbb4
                                                                                                                • Instruction Fuzzy Hash: D8319863A08B81CAE701CBA0E8A53AF77B4D716358F479032DA4C92796FE6CD119C701
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA1270FDC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFA1270FE80
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFA1270FEDC
                                                                                                                Strings
                                                                                                                • 0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures, xrefs: 00007FFA1270FE03
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ?write@?$basic_ostream@D@std@@@std@@U?$char_traits@V12@
                                                                                                                • String ID: 0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures
                                                                                                                • API String ID: 2277189856-1814974510
                                                                                                                • Opcode ID: 4d7f9d0057c90d1fc27c6ac1c5151411231a43c20386cb2dde4277619377d6a4
                                                                                                                • Instruction ID: 378209fca1c7274d7b15c2dc44d2d94b681793cc7ae988913d6ae1afb9433574
                                                                                                                • Opcode Fuzzy Hash: 4d7f9d0057c90d1fc27c6ac1c5151411231a43c20386cb2dde4277619377d6a4
                                                                                                                • Instruction Fuzzy Hash: 2731C837B19AD586D7118B21A4056AABFA4F79BB94F4AC032DB8D03745CE7CD20DCB10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12706A70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFA127075D0: InitializeSRWLock.KERNEL32(?,?,?,?,00000000,00000038,00000000,00007FFA127077FE,?,?,?,00007FFA1270A349,?,?,00000038,?), ref: 00007FFA1270766E
                                                                                                                • AcquireSRWLockShared.KERNEL32 ref: 00007FFA12706A94
                                                                                                                • ReleaseSRWLockShared.KERNEL32 ref: 00007FFA12706AB9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Lock$Shared$AcquireInitializeRelease
                                                                                                                • String ID: [uninitialized]
                                                                                                                • API String ID: 2537410636-2099769388
                                                                                                                • Opcode ID: dbbc3890cb9868c4dacf77921bd243b255cfbd6f5ac2ca3803326c1c02756e1c
                                                                                                                • Instruction ID: 5b76c19cbb3043189b97eeb1ddf48d33011030898c8653ca1332bcff213a519d
                                                                                                                • Opcode Fuzzy Hash: dbbc3890cb9868c4dacf77921bd243b255cfbd6f5ac2ca3803326c1c02756e1c
                                                                                                                • Instruction Fuzzy Hash: D7015E66B18E4182EB049B16A54006E63B1EB8BFF0B16D131DE1E0779CCF78E4998B44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA126FF080 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00007FFA7FFA126FF080(void* __eax, long long __rbx, char* __r8, void* __r9, long long _a8) {

				_a8 = __rbx;
				if (__r9 == 0) goto 0x126ff0e1;
				if (__r9 != 1) goto 0x126ff0ad;
				 *__r8 = 0;
				return __eax;
			}



                                                                                                                0x7ffa126ff080
                                                                                                                0x7ffa126ff093
                                                                                                                0x7ffa126ff099
                                                                                                                0x7ffa126ff09b
                                                                                                                0x7ffa126ff0ac

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: strerror
                                                                                                                • String ID: Unknown error
                                                                                                                • API String ID: 2194627204-83687255
                                                                                                                • Opcode ID: bafc78c85978e829d371cb662a2bc500d72ac259c6d8f698591c9a58c6c7372c
                                                                                                                • Instruction ID: 858dd6c6329e09aff6b04c6ee89b70c8b2304999b7f5546a8624955b6327b7d3
                                                                                                                • Opcode Fuzzy Hash: bafc78c85978e829d371cb662a2bc500d72ac259c6d8f698591c9a58c6c7372c
                                                                                                                • Instruction Fuzzy Hash: 8CF0C811B18A8181EF444B16F55077922A0EB5AB94F8D9031DA1D0778DDE6CD4944B40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFA12716E20 Relevance: 5.1, APIs: 4, Instructions: 140COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 56%
                                                                                                                			E00007FFA7FFA12716E20(void* __edx, long long __rax, long long __rbx, long long __rcx, long long __rdx, long long __rdi, long long __rsi, long long __rbp, long long __r8, long long __r9, void* __r11, long long _a8, long long _a16, long long _a24, long long _a32, char _a40) {
				void* _v8;
				long long _v24;
				long long _v32;
				long long _v40;
				intOrPtr _v64;
				long long _v72;
				long long _v80;
				char _v88;
				void* _t53;
				void* _t54;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				long long _t84;
				long long _t85;
				long long _t86;
				intOrPtr* _t87;
				long long _t93;
				intOrPtr* _t100;
				long long _t108;
				long long _t111;
				long long _t112;
				long long _t115;
				long long _t116;
				long long _t126;

				_t84 = __rax;
				_t63 = __edx;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = __rdi;
				_t111 = __r9;
				_t115 = __r8;
				_t126 = __rdx;
				_t108 = __rcx;
				E00007FFA7FFA12716600(__rax, __rcx);
				if (_t84 == 0) goto 0x12716eee;
				if (_a40 == 0) goto 0x12716e75;
				if ( *((intOrPtr*)(_t84 + 8)) == 0) goto 0x12716e75;
				if ( *((intOrPtr*)(_t84 + 0x10)) == 0) goto 0x12716e75;
				 *_t84();
				if (__r8 != 0) goto 0x12716ede;
				if (__r9 != 0) goto 0x12716ede;
				_v88 = __rcx;
				_t58 =  *0x1272ecd0; // 0x27
				if (_t58 == 0xffffffff) goto 0x12716e9d;
				TlsGetValue(??);
				_t92 = _t84;
				if (_t84 != 0) goto 0x12716ecb;
				E00007FFA7FFA12716750(_t58, _t84, _t84,  *((intOrPtr*)(_t84 + 8)),  *((intOrPtr*)(_t84 + 0x10)), __r9);
				_t59 =  *0x1272ecd0; // 0x27
				if (_t59 != 0xffffffff) goto 0x12716ec2;
				_t9 = _t92 + 0x28; // 0x28
				E00007FFA7FFA127163D0(__edx, _t84, _t9,  &_v88, _t108, __r9);
				goto 0x12716ffb;
				TlsGetValue(??);
				_t93 = _t84;
				_t11 = _t93 + 0x28; // 0x28
				E00007FFA7FFA127163D0(_t63, _t93, _t11,  &_v88, _t108, _t111);
				goto 0x12716ffb;
				 *_t93 = _t126;
				 *((long long*)(_t93 + 8)) = _t115;
				 *((long long*)(_t93 + 0x10)) = _t111;
				goto 0x12716ffb;
				if (_t115 != 0) goto 0x12716efc;
				if (_t111 == 0) goto 0x12716ffb;
				_t60 =  *0x1272ecd0; // 0x27
				if (_t60 == 0xffffffff) goto 0x12716f14;
				TlsGetValue(??);
				if (_t84 != 0) goto 0x12716f2f;
				E00007FFA7FFA12716750(_t60, _t84, _t84, _t11,  &_v88, _t111);
				_t61 =  *0x1272ecd0; // 0x27
				if (_t61 != 0xffffffff) goto 0x12716f29;
				_t85 = _t93;
				goto 0x12716f2f;
				_t53 = TlsGetValue(??);
				_v40 = _t126;
				_v32 = _t115;
				_v24 = _t111;
				_t18 = _t85 + 0x28; // 0x28
				_t112 = _t18;
				_t116 =  *_t112;
				_t86 = _a8;
				_v72 = _t86;
				_v64 = 0;
				if ( *((intOrPtr*)(_t86 + 0x19)) != 0) goto 0x12716f88;
				asm("o16 nop [eax+eax]");
				_v72 = _t86;
				if ( *((intOrPtr*)(_t86 + 0x20)) - _t108 >= 0) goto 0x12716f75;
				_v64 = 0;
				_t87 =  *((intOrPtr*)(_t86 + 0x10));
				goto 0x12716f83;
				_v64 = 1;
				_t100 = _t87;
				if ( *((intOrPtr*)( *_t87 + 0x19)) == 0) goto 0x12716f60;
				if ( *((intOrPtr*)(_t100 + 0x19)) != 0) goto 0x12716f93;
				if (_t108 -  *((intOrPtr*)(_t100 + 0x20)) >= 0) goto 0x12716ffb;
				if ( *((intOrPtr*)(_t112 + 8)) == 0xffffffff) goto 0x12717016;
				_v88 = _t112;
				_v80 = _t93;
				_t54 = E00007FFA7FFA127056A8(_t53, 0xffffffff, _t100);
				 *0x40000000000001F = _t108;
				asm("movups xmm0, [esp+0x50]");
				asm("movups [eax+0x28], xmm0");
				asm("movsd xmm1, [esp+0x60]");
				asm("movsd [eax+0x38], xmm1");
				 *0xffffffff = _t116;
				 *0x400000000000007 = _t116;
				 *0x40000000000000F = _t116;
				 *0x400000000000017 = 0;
				asm("movups xmm0, [esp+0x30]");
				asm("movaps [esp+0x20], xmm0");
				return E00007FFA7FFA1270C920(_t54, _t93, _t112,  &_v88, _t108, 0xffffffff);
			}





























                                                                                                                0x7ffa12716e20
                                                                                                                0x7ffa12716e20
                                                                                                                0x7ffa12716e20
                                                                                                                0x7ffa12716e25
                                                                                                                0x7ffa12716e2a
                                                                                                                0x7ffa12716e2f
                                                                                                                0x7ffa12716e3a
                                                                                                                0x7ffa12716e3d
                                                                                                                0x7ffa12716e40
                                                                                                                0x7ffa12716e43
                                                                                                                0x7ffa12716e46
                                                                                                                0x7ffa12716e51
                                                                                                                0x7ffa12716e5f
                                                                                                                0x7ffa12716e68
                                                                                                                0x7ffa12716e71
                                                                                                                0x7ffa12716e73
                                                                                                                0x7ffa12716e78
                                                                                                                0x7ffa12716e7d
                                                                                                                0x7ffa12716e7f
                                                                                                                0x7ffa12716e84
                                                                                                                0x7ffa12716e8d
                                                                                                                0x7ffa12716e8f
                                                                                                                0x7ffa12716e95
                                                                                                                0x7ffa12716e9b
                                                                                                                0x7ffa12716e9d
                                                                                                                0x7ffa12716ea2
                                                                                                                0x7ffa12716eab
                                                                                                                0x7ffa12716eaf
                                                                                                                0x7ffa12716eb8
                                                                                                                0x7ffa12716ebd
                                                                                                                0x7ffa12716ec2
                                                                                                                0x7ffa12716ec8
                                                                                                                0x7ffa12716ecb
                                                                                                                0x7ffa12716ed4
                                                                                                                0x7ffa12716ed9
                                                                                                                0x7ffa12716ede
                                                                                                                0x7ffa12716ee1
                                                                                                                0x7ffa12716ee5
                                                                                                                0x7ffa12716ee9
                                                                                                                0x7ffa12716ef1
                                                                                                                0x7ffa12716ef6
                                                                                                                0x7ffa12716efe
                                                                                                                0x7ffa12716f07
                                                                                                                0x7ffa12716f09
                                                                                                                0x7ffa12716f12
                                                                                                                0x7ffa12716f14
                                                                                                                0x7ffa12716f19
                                                                                                                0x7ffa12716f22
                                                                                                                0x7ffa12716f24
                                                                                                                0x7ffa12716f27
                                                                                                                0x7ffa12716f29
                                                                                                                0x7ffa12716f2f
                                                                                                                0x7ffa12716f34
                                                                                                                0x7ffa12716f39
                                                                                                                0x7ffa12716f3e
                                                                                                                0x7ffa12716f3e
                                                                                                                0x7ffa12716f42
                                                                                                                0x7ffa12716f45
                                                                                                                0x7ffa12716f49
                                                                                                                0x7ffa12716f4e
                                                                                                                0x7ffa12716f58
                                                                                                                0x7ffa12716f5a
                                                                                                                0x7ffa12716f60
                                                                                                                0x7ffa12716f69
                                                                                                                0x7ffa12716f6b
                                                                                                                0x7ffa12716f6f
                                                                                                                0x7ffa12716f73
                                                                                                                0x7ffa12716f75
                                                                                                                0x7ffa12716f7d
                                                                                                                0x7ffa12716f86
                                                                                                                0x7ffa12716f8b
                                                                                                                0x7ffa12716f91
                                                                                                                0x7ffa12716fa1
                                                                                                                0x7ffa12716fa3
                                                                                                                0x7ffa12716fa8
                                                                                                                0x7ffa12716fb2
                                                                                                                0x7ffa12716fb8
                                                                                                                0x7ffa12716fbc
                                                                                                                0x7ffa12716fc1
                                                                                                                0x7ffa12716fc5
                                                                                                                0x7ffa12716fcb
                                                                                                                0x7ffa12716fd0
                                                                                                                0x7ffa12716fd3
                                                                                                                0x7ffa12716fd7
                                                                                                                0x7ffa12716fdb
                                                                                                                0x7ffa12716fe1
                                                                                                                0x7ffa12716fe6
                                                                                                                0x7ffa12717015

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000018.00000002.567581363.00007FFA126E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFA126E0000, based on PE: true
                                                                                                                • Associated: 00000018.00000002.567563602.00007FFA126E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.567937326.00007FFA1271B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568061504.00007FFA1272E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568076473.00007FFA1272F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568096558.00007FFA12731000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000018.00000002.568118885.00007FFA12733000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_24_2_7ffa126e0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value
                                                                                                                • String ID:
                                                                                                                • API String ID: 3702945584-0
                                                                                                                • Opcode ID: b9705a5fbed9707da95cff90ddb13ae494628979f2e0285fa450c06ece247afa
                                                                                                                • Instruction ID: 5fd777bd5c3d4babb6e5e8bf863b4f31e571a03ec0af98ffb4e0fb8c1b28cb91
                                                                                                                • Opcode Fuzzy Hash: b9705a5fbed9707da95cff90ddb13ae494628979f2e0285fa450c06ece247afa
                                                                                                                • Instruction Fuzzy Hash: C4515032909F8189E6658F14E04016A77F5FF87B64F168239EA9D03798EFBCE459CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:12.1%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:4
                                                                                                                Total number of Limit Nodes:0
                                                                                                                execution_graph 1212 7ff9a5612149 1214 7ff9a5612157 1212->1214 1213 7ff9a5612385 SearchPathW 1215 7ff9a56123ec 1213->1215 1214->1213 1214->1214

                                                                                                                Callgraph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                • Opacity -> Relevance
                                                                                                                • Disassembly available
                                                                                                                callgraph 0 Function_00007FF9A5612149 42 Function_00007FF9A561247A 0->42 1 Function_00007FF9A56124CA 28 Function_00007FF9A56101A0 1->28 2 Function_00007FF9A56104CC 13 Function_00007FF9A56100C0 2->13 22 Function_00007FF9A56100B8 2->22 27 Function_00007FF9A56100A0 2->27 3 Function_00007FF9A5610BD1 8 Function_00007FF9A56101D8 3->8 57 Function_00007FF9A5610178 3->57 60 Function_00007FF9A56101E0 3->60 4 Function_00007FF9A56106D6 5 Function_00007FF9A5610AD6 5->28 6 Function_00007FF9A5610158 7 Function_00007FF9A5610758 9 Function_00007FF9A56107BA 9->13 17 Function_00007FF9A56100C8 9->17 26 Function_00007FF9A5610120 9->26 32 Function_00007FF9A5610128 9->32 49 Function_00007FF9A5610108 9->49 10 Function_00007FF9A56106BC 11 Function_00007FF9A561073E 12 Function_00007FF9A561203E 13->6 63 Function_00007FF9A5610168 13->63 14 Function_00007FF9A5611443 14->57 15 Function_00007FF9A5610B44 15->28 16 Function_00007FF9A5611247 16->57 17->6 17->63 18 Function_00007FF9A5611748 18->6 19 Function_00007FF9A5610A2A 20 Function_00007FF9A56116B0 20->6 20->63 21 Function_00007FF9A56100B0 23 Function_00007FF9A56120B8 23->20 23->21 54 Function_00007FF9A56101F0 23->54 24 Function_00007FF9A5610B1A 25 Function_00007FF9A5611E9C 25->20 25->21 25->54 26->6 26->63 29 Function_00007FF9A5610724 30 Function_00007FF9A56106A5 31 Function_00007FF9A56100A8 33 Function_00007FF9A5610609 34 Function_00007FF9A561210A 35 Function_00007FF9A561070A 36 Function_00007FF9A561078C 37 Function_00007FF9A561258D 38 Function_00007FF9A5611911 38->20 38->21 50 Function_00007FF9A5610208 38->50 38->54 39 Function_00007FF9A5610A92 39->28 59 Function_00007FF9A5610160 39->59 40 Function_00007FF9A5611815 41 Function_00007FF9A5610B79 43 Function_00007FF9A56115FD 44 Function_00007FF9A5611901 45 Function_00007FF9A5611F81 45->20 45->21 45->54 46 Function_00007FF9A5611605 46->59 47 Function_00007FF9A5611785 48 Function_00007FF9A5610B88 48->13 51 Function_00007FF9A56105E9 52 Function_00007FF9A5610669 53 Function_00007FF9A56106F0 55 Function_00007FF9A56104F1 56 Function_00007FF9A5610772 58 Function_00007FF9A56101DF 59->6 59->63 60->57 61 Function_00007FF9A5611062 61->57 62 Function_00007FF9A56111E5 62->57 63->6

                                                                                                                Executed Functions

                                                                                                                Function 00007FF9A5612149 Relevance: 1.8, APIs: 1, Instructions: 332COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001A.00000002.391643637.00007FF9A5610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5610000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_26_2_7ff9a5610000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PathSearch
                                                                                                                • String ID:
                                                                                                                • API String ID: 2203818243-0
                                                                                                                • Opcode ID: b0d82624b6791e531e5a53a6366787fa0b5d54bc57dedecbb08b46c7c6133a02
                                                                                                                • Instruction ID: 752f31c67edb450cd33480e1c7f0f0221c423b77ec9dd296f685c32252e79bc0
                                                                                                                • Opcode Fuzzy Hash: b0d82624b6791e531e5a53a6366787fa0b5d54bc57dedecbb08b46c7c6133a02
                                                                                                                • Instruction Fuzzy Hash: 3EB17E30A18A8D8FDBA9DF28D8457F977D1FF5A310F10426AE88DC7281CF74A9458B81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:12.2%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:3
                                                                                                                Total number of Limit Nodes:0
                                                                                                                execution_graph 1252 7ff9a55f2149 1253 7ff9a55f2157 SearchPathW 1252->1253 1255 7ff9a55f23ec 1253->1255

                                                                                                                Callgraph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                • Opacity -> Relevance
                                                                                                                • Disassembly available
                                                                                                                callgraph 0 Function_00007FF9A55F1247 57 Function_00007FF9A55F0178 0->57 1 Function_00007FF9A55F00C8 9 Function_00007FF9A55F0158 1->9 51 Function_00007FF9A55F0168 1->51 2 Function_00007FF9A55F1748 2->9 3 Function_00007FF9A55F1443 3->57 4 Function_00007FF9A55F0B44 24 Function_00007FF9A55F01A0 4->24 5 Function_00007FF9A55F00C0 5->9 5->51 6 Function_00007FF9A55F073E 7 Function_00007FF9A55F06BC 8 Function_00007FF9A55F07BA 8->1 8->5 19 Function_00007FF9A55F0128 8->19 22 Function_00007FF9A55F0120 8->22 33 Function_00007FF9A55F0108 8->33 10 Function_00007FF9A55F0758 11 Function_00007FF9A55F01D8 12 Function_00007FF9A55F06D6 13 Function_00007FF9A55F0AD6 13->24 14 Function_00007FF9A55F0BD1 14->11 56 Function_00007FF9A55F01E0 14->56 14->57 15 Function_00007FF9A55F04D1 15->5 23 Function_00007FF9A55F00A0 15->23 16 Function_00007FF9A55F2149 41 Function_00007FF9A55F247A 16->41 17 Function_00007FF9A55F24CA 17->24 18 Function_00007FF9A55F00A8 20 Function_00007FF9A55F06A5 21 Function_00007FF9A55F0724 22->9 22->51 25 Function_00007FF9A55F1E9C 29 Function_00007FF9A55F16B0 25->29 30 Function_00007FF9A55F00B0 25->30 61 Function_00007FF9A55F01F0 25->61 26 Function_00007FF9A55F0B1A 27 Function_00007FF9A55F20B8 27->29 27->30 27->61 28 Function_00007FF9A55F2036 29->9 29->51 31 Function_00007FF9A55F0A2A 32 Function_00007FF9A55F0B88 32->5 33->9 33->51 34 Function_00007FF9A55F0208 35 Function_00007FF9A55F1605 55 Function_00007FF9A55F0160 35->55 36 Function_00007FF9A55F1785 37 Function_00007FF9A55F1901 38 Function_00007FF9A55F1F81 38->29 38->30 38->61 39 Function_00007FF9A55F15FD 40 Function_00007FF9A55F0B79 42 Function_00007FF9A55F1815 43 Function_00007FF9A55F048D 43->18 44 Function_00007FF9A55F258D 45 Function_00007FF9A55F0A8B 45->24 45->55 46 Function_00007FF9A55F078C 47 Function_00007FF9A55F1909 47->29 47->30 47->34 47->61 48 Function_00007FF9A55F0609 49 Function_00007FF9A55F210A 50 Function_00007FF9A55F070A 51->9 52 Function_00007FF9A55F11E5 52->57 53 Function_00007FF9A55F1062 53->57 54 Function_00007FF9A55F01DF 55->9 55->51 56->57 58 Function_00007FF9A55F04F1 59 Function_00007FF9A55F0772 60 Function_00007FF9A55F06F0 62 Function_00007FF9A55F05E9 63 Function_00007FF9A55F0669

                                                                                                                Executed Functions

                                                                                                                Function 00007FF9A55F2149 Relevance: 1.8, APIs: 1, Instructions: 332COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001C.00000002.398217633.00007FF9A55F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A55F0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_28_2_7ff9a55f0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PathSearch
                                                                                                                • String ID:
                                                                                                                • API String ID: 2203818243-0
                                                                                                                • Opcode ID: 370250b2600bfb333ca67da2f3514a0c35e6240e5d4b44106585c45d3baabc72
                                                                                                                • Instruction ID: e904baa6a3c20ba79fa54930dac507c0be134e40a722d1f28c02d93703926ea3
                                                                                                                • Opcode Fuzzy Hash: 370250b2600bfb333ca67da2f3514a0c35e6240e5d4b44106585c45d3baabc72
                                                                                                                • Instruction Fuzzy Hash: 90B1A170618A8D8FDBA9DF18D8457E977D1FF5A310F00822EE84DC7281CE75A945CB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:12.7%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:3
                                                                                                                Total number of Limit Nodes:0
                                                                                                                execution_graph 1317 7ff9a55f2149 1319 7ff9a55f2157 SearchPathW 1317->1319 1320 7ff9a55f23ec 1319->1320

                                                                                                                Callgraph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                • Opacity -> Relevance
                                                                                                                • Disassembly available
                                                                                                                callgraph 0 Function_00007FF9A55F1748 7 Function_00007FF9A55F0158 0->7 1 Function_00007FF9A55F00C8 1->7 44 Function_00007FF9A55F0168 1->44 2 Function_00007FF9A55F1443 21 Function_00007FF9A55F01B8 2->21 3 Function_00007FF9A55F00C0 3->7 3->44 4 Function_00007FF9A55F18BC 19 Function_00007FF9A55F1620 4->19 25 Function_00007FF9A55F16B0 4->25 26 Function_00007FF9A55F00B0 4->26 29 Function_00007FF9A55F0208 4->29 53 Function_00007FF9A55F01F0 4->53 5 Function_00007FF9A55F07BA 5->1 5->3 14 Function_00007FF9A55F0128 5->14 16 Function_00007FF9A55F01A0 5->16 17 Function_00007FF9A55F0120 5->17 28 Function_00007FF9A55F0108 5->28 49 Function_00007FF9A55F0160 5->49 6 Function_00007FF9A55F01D8 6->21 8 Function_00007FF9A55F0BD1 8->6 8->21 50 Function_00007FF9A55F01E0 8->50 9 Function_00007FF9A55F074B 10 Function_00007FF9A55F06C9 11 Function_00007FF9A55F2149 35 Function_00007FF9A55F247A 11->35 12 Function_00007FF9A55F24CA 12->16 13 Function_00007FF9A55F01A8 13->21 14->21 15 Function_00007FF9A55F00A8 16->21 17->7 17->44 18 Function_00007FF9A55F00A0 19->49 20 Function_00007FF9A55F00B8 21->21 22 Function_00007FF9A55F15B8 22->21 23 Function_00007FF9A55F0731 24 Function_00007FF9A55F06AF 25->7 25->44 27 Function_00007FF9A55F0B88 27->3 27->13 28->7 28->44 30 Function_00007FF9A55F1605 30->49 31 Function_00007FF9A55F1785 32 Function_00007FF9A55F06FD 33 Function_00007FF9A55F077E 34 Function_00007FF9A55F0B79 36 Function_00007FF9A55F0717 37 Function_00007FF9A55F0798 38 Function_00007FF9A55F0698 39 Function_00007FF9A55F1815 40 Function_00007FF9A55F048D 40->3 40->15 40->18 40->20 41 Function_00007FF9A55F258D 42 Function_00007FF9A55F0609 43 Function_00007FF9A55F210A 43->13 44->7 45 Function_00007FF9A55F01E5 46 Function_00007FF9A55F06E3 47 Function_00007FF9A55F0764 48 Function_00007FF9A55F1062 48->21 49->7 49->44 50->21 51 Function_00007FF9A55F12D9 51->21 52 Function_00007FF9A55F04F1

                                                                                                                Executed Functions

                                                                                                                Function 00007FF9A55F2149 Relevance: 1.8, APIs: 1, Instructions: 336COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000020.00000002.404593293.00007FF9A55F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A55F0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_32_2_7ff9a55f0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PathSearch
                                                                                                                • String ID:
                                                                                                                • API String ID: 2203818243-0
                                                                                                                • Opcode ID: 8e3256de96115533190dadeff96ee41ef5d0c5d88dd942f873cdde01db948f8d
                                                                                                                • Instruction ID: 3748a77e17e54436ddc6d657970f7c4a81af0820287efce1b192f515c9aa731a
                                                                                                                • Opcode Fuzzy Hash: 8e3256de96115533190dadeff96ee41ef5d0c5d88dd942f873cdde01db948f8d
                                                                                                                • Instruction Fuzzy Hash: 67B1A070619A8D8FDBA9DF18D8457E977D1FF5A310F00426EE88DC7282CE74A949CB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Callgraph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                • Opacity -> Relevance
                                                                                                                • Disassembly available
                                                                                                                callgraph 0 Function_00007FF9A56000C8 10 Function_00007FF9A5600158 0->10 51 Function_00007FF9A5600168 0->51 1 Function_00007FF9A5601748 1->10 2 Function_00007FF9A5601247 57 Function_00007FF9A5600178 2->57 3 Function_00007FF9A5600B44 25 Function_00007FF9A56001A0 3->25 4 Function_00007FF9A5601443 4->57 5 Function_00007FF9A56000C0 5->10 5->51 6 Function_00007FF9A560073E 7 Function_00007FF9A560203E 8 Function_00007FF9A56006BC 9 Function_00007FF9A56007BA 9->0 9->5 20 Function_00007FF9A5600128 9->20 23 Function_00007FF9A5600120 9->23 34 Function_00007FF9A5600108 9->34 11 Function_00007FF9A5600758 12 Function_00007FF9A56001D8 13 Function_00007FF9A56006D6 14 Function_00007FF9A5600AD6 14->25 15 Function_00007FF9A5600BD1 15->12 55 Function_00007FF9A56001E0 15->55 15->57 16 Function_00007FF9A56004CC 16->5 24 Function_00007FF9A56000A0 16->24 28 Function_00007FF9A56000B8 16->28 17 Function_00007FF9A56024CA 17->25 18 Function_00007FF9A5602149 41 Function_00007FF9A560247A 18->41 19 Function_00007FF9A56000A8 21 Function_00007FF9A56006A5 22 Function_00007FF9A5600724 23->10 23->51 26 Function_00007FF9A5601E9C 30 Function_00007FF9A56016B0 26->30 31 Function_00007FF9A56000B0 26->31 61 Function_00007FF9A56001F0 26->61 27 Function_00007FF9A5600B1A 29 Function_00007FF9A56020B8 29->30 29->31 29->61 30->10 30->51 32 Function_00007FF9A5600A2A 33 Function_00007FF9A5600B88 33->5 34->10 34->51 35 Function_00007FF9A5600208 36 Function_00007FF9A5601605 54 Function_00007FF9A5600160 36->54 37 Function_00007FF9A5601785 38 Function_00007FF9A5601901 39 Function_00007FF9A5601F81 39->30 39->31 39->61 40 Function_00007FF9A56015FD 42 Function_00007FF9A5600B79 43 Function_00007FF9A5601815 44 Function_00007FF9A5600A92 44->25 44->54 45 Function_00007FF9A5601911 45->30 45->31 45->35 45->61 46 Function_00007FF9A560258D 47 Function_00007FF9A560078C 48 Function_00007FF9A560210A 49 Function_00007FF9A560070A 50 Function_00007FF9A5600609 51->10 52 Function_00007FF9A56011E5 52->57 53 Function_00007FF9A5601062 53->57 54->10 54->51 55->57 56 Function_00007FF9A56001DF 58 Function_00007FF9A5600772 59 Function_00007FF9A56004F1 60 Function_00007FF9A56006F0 62 Function_00007FF9A56005E9 63 Function_00007FF9A5600669

                                                                                                                Executed Functions

                                                                                                                Function 00007FF9A5602149 Relevance: 1.8, APIs: 1, Instructions: 330COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000023.00000002.417226709.00007FF9A5600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5600000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_35_2_7ff9a5600000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PathSearch
                                                                                                                • String ID:
                                                                                                                • API String ID: 2203818243-0
                                                                                                                • Opcode ID: 62d479a1c6663b02c3aac864f6474d8dd0b2d19ea6b0c5f2ba5453cca3ee9a59
                                                                                                                • Instruction ID: 46f5b61b2f8d1f581231dcf1618bfe03f903080efd6e817134f6edc197812afd
                                                                                                                • Opcode Fuzzy Hash: 62d479a1c6663b02c3aac864f6474d8dd0b2d19ea6b0c5f2ba5453cca3ee9a59
                                                                                                                • Instruction Fuzzy Hash: D8B19F30A19A8D8FDBA9DF28D8457E977D1FF5A310F00826EE84DC7285CE74A945CB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Callgraph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                • Opacity -> Relevance
                                                                                                                • Disassembly available
                                                                                                                callgraph 0 Function_00007FF9A5612149 42 Function_00007FF9A561247A 0->42 1 Function_00007FF9A56124CA 28 Function_00007FF9A56101A0 1->28 2 Function_00007FF9A5610BD1 7 Function_00007FF9A56101D8 2->7 57 Function_00007FF9A5610178 2->57 60 Function_00007FF9A56101E0 2->60 3 Function_00007FF9A56106D6 4 Function_00007FF9A5610AD6 4->28 5 Function_00007FF9A5610158 6 Function_00007FF9A5610758 8 Function_00007FF9A5612039 9 Function_00007FF9A56107BA 12 Function_00007FF9A56100C0 9->12 17 Function_00007FF9A56100C8 9->17 26 Function_00007FF9A5610120 9->26 32 Function_00007FF9A5610128 9->32 49 Function_00007FF9A5610108 9->49 10 Function_00007FF9A56106BC 11 Function_00007FF9A561073E 12->5 63 Function_00007FF9A5610168 12->63 13 Function_00007FF9A5611443 13->57 14 Function_00007FF9A5610B44 14->28 15 Function_00007FF9A56104C7 15->12 22 Function_00007FF9A56100B8 15->22 27 Function_00007FF9A56100A0 15->27 16 Function_00007FF9A5611247 16->57 17->5 17->63 18 Function_00007FF9A5611748 18->5 19 Function_00007FF9A5610A2A 20 Function_00007FF9A56116B0 20->5 20->63 21 Function_00007FF9A56100B0 23 Function_00007FF9A56120B8 23->20 23->21 54 Function_00007FF9A56101F0 23->54 24 Function_00007FF9A5610B1A 25 Function_00007FF9A5611E9C 25->20 25->21 25->54 26->5 26->63 29 Function_00007FF9A5610724 30 Function_00007FF9A56106A5 31 Function_00007FF9A56100A8 33 Function_00007FF9A5610609 34 Function_00007FF9A561210A 35 Function_00007FF9A561070A 36 Function_00007FF9A561190C 36->20 36->21 50 Function_00007FF9A5610208 36->50 36->54 37 Function_00007FF9A561078C 38 Function_00007FF9A561258D 39 Function_00007FF9A5610A8D 39->28 59 Function_00007FF9A5610160 39->59 40 Function_00007FF9A5611815 41 Function_00007FF9A5610B79 43 Function_00007FF9A56115FD 44 Function_00007FF9A5611901 45 Function_00007FF9A5611F81 45->20 45->21 45->54 46 Function_00007FF9A5611605 46->59 47 Function_00007FF9A5611785 48 Function_00007FF9A5610B88 48->12 51 Function_00007FF9A56105E9 52 Function_00007FF9A5610669 53 Function_00007FF9A56106F0 55 Function_00007FF9A56104F1 56 Function_00007FF9A5610772 58 Function_00007FF9A56101DF 59->5 59->63 60->57 61 Function_00007FF9A5611062 61->57 62 Function_00007FF9A56111E5 62->57 63->5

                                                                                                                Executed Functions

                                                                                                                Function 00007FF9A5612149 Relevance: 1.8, APIs: 1, Instructions: 336COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000027.00000002.422011584.00007FF9A5610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5610000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_39_2_7ff9a5610000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PathSearch
                                                                                                                • String ID:
                                                                                                                • API String ID: 2203818243-0
                                                                                                                • Opcode ID: 71d648f31cdeaae3438ee98f5cae3a4c985f2885d2a2d7a18d771f460153dcb7
                                                                                                                • Instruction ID: 2cf2d814e2f17a9312a40bf9b1410addd72f218faf50a97c1ca9caaa896b9b06
                                                                                                                • Opcode Fuzzy Hash: 71d648f31cdeaae3438ee98f5cae3a4c985f2885d2a2d7a18d771f460153dcb7
                                                                                                                • Instruction Fuzzy Hash: 5AB18F30A19A8D8FDBA9DF28D8457F977D1FF5A310F00426AE84DC7251CB74A9458B81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Callgraph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                • Opacity -> Relevance
                                                                                                                • Disassembly available
                                                                                                                callgraph 0 Function_00007FF9A56224CA 29 Function_00007FF9A56201A0 0->29 1 Function_00007FF9A5622149 2 Function_00007FF9A56221C9 43 Function_00007FF9A562247A 2->43 3 Function_00007FF9A5620BD1 8 Function_00007FF9A56201D8 3->8 59 Function_00007FF9A5620178 3->59 62 Function_00007FF9A56201E0 3->62 4 Function_00007FF9A56206D6 5 Function_00007FF9A5620AD6 5->29 6 Function_00007FF9A5620158 7 Function_00007FF9A5620758 9 Function_00007FF9A56207BA 12 Function_00007FF9A56200C0 9->12 16 Function_00007FF9A56200C8 9->16 27 Function_00007FF9A5620120 9->27 33 Function_00007FF9A5620128 9->33 51 Function_00007FF9A5620108 9->51 10 Function_00007FF9A56206BC 11 Function_00007FF9A562073E 12->6 66 Function_00007FF9A5620168 12->66 13 Function_00007FF9A56204C4 13->12 23 Function_00007FF9A56200B8 13->23 28 Function_00007FF9A56200A0 13->28 14 Function_00007FF9A5620B44 14->29 15 Function_00007FF9A5621443 15->59 16->6 16->66 17 Function_00007FF9A5621748 17->6 18 Function_00007FF9A5621247 18->59 19 Function_00007FF9A5620A2A 20 Function_00007FF9A56216B0 20->6 20->66 21 Function_00007FF9A56200B0 22 Function_00007FF9A5622036 24 Function_00007FF9A56220B8 24->20 24->21 56 Function_00007FF9A56201F0 24->56 25 Function_00007FF9A5620B1A 26 Function_00007FF9A5621E9C 26->20 26->21 26->56 27->6 27->66 30 Function_00007FF9A5620724 31 Function_00007FF9A56206A5 32 Function_00007FF9A56200A8 34 Function_00007FF9A562210A 35 Function_00007FF9A562000A 36 Function_00007FF9A562070A 37 Function_00007FF9A5621909 37->20 37->21 52 Function_00007FF9A5620208 37->52 37->56 38 Function_00007FF9A5620609 39 Function_00007FF9A562078C 40 Function_00007FF9A562258D 41 Function_00007FF9A5620A92 41->29 61 Function_00007FF9A5620160 41->61 42 Function_00007FF9A5621815 44 Function_00007FF9A5620B79 45 Function_00007FF9A56215FD 46 Function_00007FF9A5621901 47 Function_00007FF9A5621F81 47->20 47->21 47->56 48 Function_00007FF9A5621605 48->61 49 Function_00007FF9A5621785 50 Function_00007FF9A5620B88 50->12 53 Function_00007FF9A56205E9 54 Function_00007FF9A5620669 55 Function_00007FF9A56206F0 57 Function_00007FF9A5620772 58 Function_00007FF9A56204F1 60 Function_00007FF9A562245C 61->6 61->66 62->59 63 Function_00007FF9A56201DF 64 Function_00007FF9A5621062 64->59 65 Function_00007FF9A56211E5 65->59 66->6

                                                                                                                Executed Functions

                                                                                                                Function 00007FF9A56221C9 Relevance: 1.8, APIs: 1, Instructions: 254COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002A.00000002.427415899.00007FF9A5620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5620000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_42_2_7ff9a5620000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PathSearch
                                                                                                                • String ID:
                                                                                                                • API String ID: 2203818243-0
                                                                                                                • Opcode ID: 54600ba28a42b96d64483589d0ad197d6aae91bdfce7bb7829dae23c953a6ca9
                                                                                                                • Instruction ID: a2022af8e184ad7f3a77e23488084b6b556365efc9c31062a3d91fe8ab6968ae
                                                                                                                • Opcode Fuzzy Hash: 54600ba28a42b96d64483589d0ad197d6aae91bdfce7bb7829dae23c953a6ca9
                                                                                                                • Instruction Fuzzy Hash: 42815930A18A4D8FDBA8DF18D8857E977E1FF59700F10822AE84EC7281CF74A945CB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Callgraph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                • Opacity -> Relevance
                                                                                                                • Disassembly available
                                                                                                                callgraph 0 Function_00007FF9A5612149 42 Function_00007FF9A561247A 0->42 1 Function_00007FF9A56124CA 28 Function_00007FF9A56101A0 1->28 2 Function_00007FF9A5610BD1 7 Function_00007FF9A56101D8 2->7 57 Function_00007FF9A5610178 2->57 60 Function_00007FF9A56101E0 2->60 3 Function_00007FF9A56106D6 4 Function_00007FF9A5610AD6 4->28 5 Function_00007FF9A5610158 6 Function_00007FF9A5610758 8 Function_00007FF9A5612039 9 Function_00007FF9A56107BA 12 Function_00007FF9A56100C0 9->12 17 Function_00007FF9A56100C8 9->17 26 Function_00007FF9A5610120 9->26 32 Function_00007FF9A5610128 9->32 49 Function_00007FF9A5610108 9->49 10 Function_00007FF9A56106BC 11 Function_00007FF9A561073E 12->5 63 Function_00007FF9A5610168 12->63 13 Function_00007FF9A5611443 13->57 14 Function_00007FF9A5610B44 14->28 15 Function_00007FF9A56104C7 15->12 22 Function_00007FF9A56100B8 15->22 27 Function_00007FF9A56100A0 15->27 16 Function_00007FF9A5611247 16->57 17->5 17->63 18 Function_00007FF9A5611748 18->5 19 Function_00007FF9A5610A2A 20 Function_00007FF9A56116B0 20->5 20->63 21 Function_00007FF9A56100B0 23 Function_00007FF9A56120B8 23->20 23->21 54 Function_00007FF9A56101F0 23->54 24 Function_00007FF9A5610B1A 25 Function_00007FF9A5611E9C 25->20 25->21 25->54 26->5 26->63 29 Function_00007FF9A5610724 30 Function_00007FF9A56106A5 31 Function_00007FF9A56100A8 33 Function_00007FF9A5610609 34 Function_00007FF9A561210A 35 Function_00007FF9A561070A 36 Function_00007FF9A561190C 36->20 36->21 50 Function_00007FF9A5610208 36->50 36->54 37 Function_00007FF9A561078C 38 Function_00007FF9A561258D 39 Function_00007FF9A5610A8D 39->28 59 Function_00007FF9A5610160 39->59 40 Function_00007FF9A5611815 41 Function_00007FF9A5610B79 43 Function_00007FF9A56115FD 44 Function_00007FF9A5611901 45 Function_00007FF9A5611F81 45->20 45->21 45->54 46 Function_00007FF9A5611605 46->59 47 Function_00007FF9A5611785 48 Function_00007FF9A5610B88 48->12 51 Function_00007FF9A56105E9 52 Function_00007FF9A5610669 53 Function_00007FF9A56106F0 55 Function_00007FF9A56104F1 56 Function_00007FF9A5610772 58 Function_00007FF9A56101DF 59->5 59->63 60->57 61 Function_00007FF9A5611062 61->57 62 Function_00007FF9A56111E5 62->57 63->5

                                                                                                                Executed Functions

                                                                                                                Function 00007FF9A5612149 Relevance: 1.8, APIs: 1, Instructions: 330COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002D.00000002.433099800.00007FF9A5610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5610000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_45_2_7ff9a5610000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PathSearch
                                                                                                                • String ID:
                                                                                                                • API String ID: 2203818243-0
                                                                                                                • Opcode ID: 78d2eb1c4b9dd2ca60c055e0cfac80d1a6cdc481c6af33b2473465393644bedb
                                                                                                                • Instruction ID: 9b55c2ce16466b3aac2ddc6e009611c67d1addfa69e493a05bff15f5be042faa
                                                                                                                • Opcode Fuzzy Hash: 78d2eb1c4b9dd2ca60c055e0cfac80d1a6cdc481c6af33b2473465393644bedb
                                                                                                                • Instruction Fuzzy Hash: DDB17D30A19A8D8FDBA9DF28D8457F977D1FB5A310F10426AE84EC7281CF74A9458B81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Callgraph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                • Opacity -> Relevance
                                                                                                                • Disassembly available
                                                                                                                callgraph 0 Function_00007FF9A5601748 10 Function_00007FF9A5600158 0->10 1 Function_00007FF9A56000C8 1->10 52 Function_00007FF9A5600168 1->52 2 Function_00007FF9A5601247 3 Function_00007FF9A5600B44 24 Function_00007FF9A56001A0 3->24 4 Function_00007FF9A5601443 5 Function_00007FF9A56000C0 5->10 5->52 6 Function_00007FF9A560073E 7 Function_00007FF9A560203E 8 Function_00007FF9A56006BC 9 Function_00007FF9A56007BA 9->1 9->5 20 Function_00007FF9A5600128 9->20 25 Function_00007FF9A5600120 9->25 33 Function_00007FF9A5600108 9->33 11 Function_00007FF9A5600758 12 Function_00007FF9A56001D8 13 Function_00007FF9A56006D6 14 Function_00007FF9A5600AD6 14->24 15 Function_00007FF9A5600BD1 15->12 56 Function_00007FF9A56001E0 15->56 16 Function_00007FF9A56004D1 16->5 26 Function_00007FF9A56000A0 16->26 17 Function_00007FF9A56024CA 17->24 18 Function_00007FF9A5602149 41 Function_00007FF9A560247A 18->41 19 Function_00007FF9A56000A8 21 Function_00007FF9A56001A8 22 Function_00007FF9A56006A5 23 Function_00007FF9A5600724 25->10 25->52 27 Function_00007FF9A5601E9C 30 Function_00007FF9A56016B0 27->30 31 Function_00007FF9A56000B0 27->31 60 Function_00007FF9A56001F0 27->60 28 Function_00007FF9A5600B1A 29 Function_00007FF9A56020B8 29->30 29->31 29->60 30->10 30->52 32 Function_00007FF9A5600A2A 33->10 33->52 34 Function_00007FF9A5600B88 34->5 34->21 35 Function_00007FF9A5600208 36 Function_00007FF9A5601605 55 Function_00007FF9A5600160 36->55 37 Function_00007FF9A5601785 38 Function_00007FF9A5601901 39 Function_00007FF9A5601F81 39->30 39->31 39->60 40 Function_00007FF9A56015FD 42 Function_00007FF9A5600B79 43 Function_00007FF9A5601815 44 Function_00007FF9A5600A92 44->24 44->55 45 Function_00007FF9A5601911 45->30 45->31 45->35 45->60 46 Function_00007FF9A560048D 46->19 47 Function_00007FF9A560258D 48 Function_00007FF9A560078C 49 Function_00007FF9A560210A 49->21 50 Function_00007FF9A560070A 51 Function_00007FF9A5600609 52->10 53 Function_00007FF9A56011E5 54 Function_00007FF9A5601062 55->10 55->52 57 Function_00007FF9A5600772 58 Function_00007FF9A56004F1 59 Function_00007FF9A56006F0 61 Function_00007FF9A56005E9 62 Function_00007FF9A5600669

                                                                                                                Executed Functions

                                                                                                                Function 00007FF9A5602149 Relevance: 1.8, APIs: 1, Instructions: 334COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 188 7ff9a5602149-7ff9a5602155 189 7ff9a5602158-7ff9a5602169 188->189 190 7ff9a5602157 188->190 191 7ff9a560216c-7ff9a5602226 189->191 192 7ff9a560216b 189->192 190->189 196 7ff9a5602228-7ff9a5602230 191->196 197 7ff9a5602233-7ff9a5602238 191->197 192->191 196->197 198 7ff9a5602245-7ff9a560224a 197->198 199 7ff9a560223a-7ff9a5602242 197->199 200 7ff9a5602257-7ff9a5602266 198->200 201 7ff9a560224c-7ff9a5602254 198->201 199->198 202 7ff9a560230e-7ff9a5602316 200->202 203 7ff9a560226c-7ff9a560229d 200->203 201->200 204 7ff9a5602318-7ff9a5602357 202->204 205 7ff9a560235d-7ff9a560236c 202->205 210 7ff9a56022f6 203->210 211 7ff9a560229f-7ff9a56022a1 203->211 204->205 207 7ff9a5602372-7ff9a560237f 205->207 208 7ff9a56022ea-7ff9a56022f1 205->208 212 7ff9a5602385-7ff9a56023ea SearchPathW 207->212 208->212 217 7ff9a56022fb-7ff9a56022fc 210->217 213 7ff9a56022a3-7ff9a56022b5 211->213 214 7ff9a56022da-7ff9a56022e8 211->214 215 7ff9a56023f2-7ff9a5602407 212->215 216 7ff9a56023ec 212->216 219 7ff9a56022b7 213->219 220 7ff9a56022b9-7ff9a56022cc 213->220 221 7ff9a56022fe-7ff9a5602308 214->221 224 7ff9a560242c-7ff9a560245e call 7ff9a560247a 215->224 225 7ff9a5602409-7ff9a560242b 215->225 216->215 217->221 219->220 220->220 223 7ff9a56022ce-7ff9a56022d6 220->223 221->202 223->214 229 7ff9a5602465-7ff9a5602479 224->229 230 7ff9a5602460 224->230 225->224 230->229
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002F.00000002.439235180.00007FF9A5600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5600000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_47_2_7ff9a5600000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PathSearch
                                                                                                                • String ID:
                                                                                                                • API String ID: 2203818243-0
                                                                                                                • Opcode ID: e356d427423aa309d2be7e9c1fe9e4e970638ff59134bbfcfd7bd9dce94c5a88
                                                                                                                • Instruction ID: 82cc19f773405d19864341bc20e86deddc3852527d82d666623a52b385272e48
                                                                                                                • Opcode Fuzzy Hash: e356d427423aa309d2be7e9c1fe9e4e970638ff59134bbfcfd7bd9dce94c5a88
                                                                                                                • Instruction Fuzzy Hash: 7BB1B030A18A8D8FDBA9DF28D8457E977D1FF5A310F00826EE84DC7285CA74A945CB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%