Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SetupWIService.exe

Overview

General Information

Sample Name:SetupWIService.exe
Analysis ID:763396
MD5:6685bbb6eea96a5bee42ca0379671647
SHA1:ff0dff812260ce80394ca3c228da9d45701cb57d
SHA256:ee426380bbb5a135bc257b15aa32b78f1e21aa25f624e6ac5eb730005bb737b2
Infos:

Detection

GuLoader
Score:57
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:35
Range:0 - 100

Signatures

Yara detected GuLoader
Uses netsh to modify the Windows network and firewall settings
Tries to delay execution (extensive OutputDebugStringW loop)
Modifies the hosts file
DLL side loading technique detected
Sets file extension default program settings to executables
Modifies the windows firewall
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Creates files inside the system directory
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Enables debug privileges
EXE planting / hijacking vulnerabilities found
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
PE file does not import any functions
Drops PE files
Tries to load missing DLLs
Drops PE files to the windows directory (C:\Windows)
Binary contains a suspicious time stamp
Uses taskkill to terminate processes
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • SetupWIService.exe (PID: 4860 cmdline: C:\Users\user\Desktop\SetupWIService.exe MD5: 6685BBB6EEA96A5BEE42CA0379671647)
    • cmd.exe (PID: 5308 cmdline: cmd /C taskkill /F /IM WIService.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 4948 cmdline: taskkill /F /IM WIService.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 2224 cmdline: cmd /C taskkill /F /IM WIui.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 3216 cmdline: taskkill /F /IM WIui.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 3644 cmdline: cmd /C taskkill /F /IM wirtpproxy.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 2264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 5296 cmdline: taskkill /F /IM wirtpproxy.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 6080 cmdline: cmd /C taskkill /F /IM wiservice-ui.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 6056 cmdline: taskkill /F /IM wiservice-ui.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 4616 cmdline: cmd /C taskkill /F /IM vncsrv.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 3096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 5972 cmdline: taskkill /F /IM vncsrv.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 2760 cmdline: cmd /C taskkill /F /IM WildixOutlookIntegration.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 2040 cmdline: taskkill /F /IM WildixOutlookIntegration.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • wiservice.exe (PID: 5732 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --removesvc MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
    • wiservice.exe (PID: 4280 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
    • RegAsm.exe (PID: 2224 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 6072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 3748 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 6112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 1120 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 3052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 3364 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 3428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 2452 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 5184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 4384 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 5200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 4620 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 1900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 2972 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 2104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 2144 cmdline: cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 4852 cmdline: schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
    • cmd.exe (PID: 4120 cmdline: cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 1504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • netsh.exe (PID: 4920 cmdline: netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 98CC37BBF363A38834253E22C80A8F32)
    • cmd.exe (PID: 5288 cmdline: cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 5464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • netsh.exe (PID: 5532 cmdline: netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 98CC37BBF363A38834253E22C80A8F32)
    • wiservice.exe (PID: 5684 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
    • wiservice.exe (PID: 2904 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
    • explorer.exe (PID: 2424 cmdline: C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk MD5: AD5296B280E8F522A8A897C96BAB0E1D)
    • backgroundTaskHost.exe (PID: 2144 cmdline: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca MD5: B7FC4A29431D4F795BBAB1FB182B759A)
    • wiservice.exe (PID: 5520 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineId MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
    • explorer.exe (PID: 2344 cmdline: C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\wiservice.exe MD5: AD5296B280E8F522A8A897C96BAB0E1D)
    • cmd.exe (PID: 1372 cmdline: cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /F MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 4848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 3536 cmdline: schtasks /delete /TN "Wildix\WIService update recovery" /F MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
  • spoolsv.exe (PID: 6036 cmdline: C:\Windows\System32\spoolsv.exe MD5: C05A19A38D7D203B738771FD1854656F)
  • spoolsv.exe (PID: 1708 cmdline: C:\Windows\System32\spoolsv.exe MD5: C05A19A38D7D203B738771FD1854656F)
  • wiservice.exe (PID: 5016 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --update MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
  • wiservice.exe (PID: 240 cmdline: "C:\Program Files\Wildix\WIService\WIService.exe" MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
  • wiservice.exe (PID: 2556 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
    • wiservice.exe (PID: 6064 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
    • wiservice.exe (PID: 972 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
      • wiservice.exe (PID: 5864 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --check_oi_enabled MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
  • explorer.exe (PID: 1920 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: AD5296B280E8F522A8A897C96BAB0E1D)
    • wiservice.exe (PID: 3364 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
  • explorer.exe (PID: 5196 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: AD5296B280E8F522A8A897C96BAB0E1D)
    • wiservice.exe (PID: 5192 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" MD5: BC9438A9AF6E7EEA099BC91557F1FC26)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.607884101.00000000006BD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
    00000000.00000003.606167729.00000000006BD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
      00000000.00000003.605471583.00000000006BD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
        Process Memory Space: SetupWIService.exe PID: 4860JoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results
          Source: wiservice.exe, 00000013.00000000.353195715.00007FF758282000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----
          Source: C:\Users\user\Desktop\SetupWIService.exeEXE: cmd.exeJump to behavior

          Compliance

          barindex
          Uses 32bit PE files
          Source: SetupWIService.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          EXE planting / hijacking vulnerabilities found
          Source: C:\Users\user\Desktop\SetupWIService.exeEXE: cmd.exeJump to behavior
          Creates a software uninstall entry
          Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIServiceJump to behavior
          Uses new MSVCR Dlls
          Source: C:\Users\user\Desktop\SetupWIService.exeFile opened: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
          Creates a directory in C:\Program Files
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\WildixJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIServiceJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xmlJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix.icoJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wiservice.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\faxJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDLJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDNAMES.GPDJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDLJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDLJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.HLPJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\imgprint.gpdJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwaresJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtBase0x5642.dfuJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtHeadset0x5642.dfuJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resourcesJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resources\cdr.dbJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook IntegrationJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Office.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\UC.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\wildix-oi.icoJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dll.manifestJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.vstoJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exe.configJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\proxyex.lnkJump to behavior
          Source: C:\Program Files\Wildix\WIService\wiservice.exeDirectory created: C:\Program Files\Wildix\updates
          PE / OLE file has a valid certificate
          Source: SetupWIService.exeStatic PE information: certificate valid
          Contains modern PE file flags such as dynamic base (ASLR) or NX
          Source: SetupWIService.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Binary contains paths to debug symbols
          Source: Binary string: C:\design\wiservice\deploy\win-x64-release\wiservice.pdb source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp
          Source: Binary string: C:\design\wiservice\deploy\win-x64-release\wiservice.pdbg source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp
          Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp
          Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\rand\randfile.cFilename=RANDFILESYSTEMROOT.rnd` source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp
          Source: Binary string: C:\design\wiservice\deploy\win-x64-release\fax\wfaxport.pdb``. source: spoolsv.exe, 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmp
          Source: Binary string: C:\design\wiservice\deploy\win-x64-release\fax\wfaxport.pdb source: spoolsv.exe, 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmp
          Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00402765 FindFirstFileA,0_2_00402765
          Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00406313 FindFirstFileA,FindClose,0_2_00406313
          Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_004057D8 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004057D8
          Source: C:\Windows\System32\spoolsv.exeCode function: 22_2_00007FF887CB3F10 FindFirstFileW,_invalid_parameter_noinfo_noreturn,FindClose,22_2_00007FF887CB3F10
          Source: global trafficHTTP traffic detected: GET /integrations/integrations.json HTTP/1.1Host: files.wildix.comAccept: */*
          Source: global trafficHTTP traffic detected: GET /integrations/applications.json HTTP/1.1Host: files.wildix.comAccept: */*
          Source: global trafficHTTP traffic detected: GET /integrations/x-beesNativeApp.json HTTP/1.1Host: files.wildix.comAccept: */*
          Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 497Content-Type: application/x-www-form-urlencoded
          Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 429Content-Type: application/x-www-form-urlencoded
          Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
          Source: SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000014.00000003.398562215.00000205DCA09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
          Source: SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000014.00000003.398562215.00000205DCA09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
          Source: SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000014.00000003.398562215.00000205DCA09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
          Source: SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000014.00000003.398562215.00000205DCA09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
          Source: SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000014.00000003.398562215.00000205DCA09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
          Source: SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000014.00000003.398562215.00000205DCA09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
          Source: wiservice.exe, 00000037.00000003.677640708.000002899DDDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
          Source: SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000014.00000003.398562215.00000205DCA09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
          Source: wiservice.exe, 00000013.00000000.353195715.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000013.00000002.359296927.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000000.368161570.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.401511885.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000000.474074049.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.502688150.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.492491078.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000000.480407341.00007FF758282000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://jimmac.musichall.cz
          Source: SetupWIService.exe, SetupWIService.exe, 00000000.00000000.311613339.000000000040A000.00000008.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: SetupWIService.exe, 00000000.00000000.311613339.000000000040A000.00000008.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000014.00000003.398562215.00000205DCA09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
          Source: SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000014.00000003.398562215.00000205DCA09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
          Source: wiservice.exe, 00000037.00000003.677640708.000002899DDDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com09
          Source: wiservice.exe, 00000013.00000000.353195715.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000013.00000002.359296927.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000000.368161570.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.401511885.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000000.474074049.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.502688150.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.492491078.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000000.480407341.00007FF758282000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.gimp.orgg
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000013.00000002.356549392.0000017D97F78000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.399327832.00000205DC989000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.489109659.00000134DAFE8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.484197182.000002CCFD608000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/
          Source: wiservice.exe, 0000002F.00000002.489109659.00000134DAFE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/%VH
          Source: wiservice.exe, 00000014.00000002.399327832.00000205DC989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/dll3kP
          Source: wiservice.exe, 0000002F.00000003.482463245.00000134DB08C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/wildix-collaboration/lobgohp
          Source: wiservice.exe, 0000002F.00000003.482463245.00000134DB08C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.490271193.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482417875.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.484090090.00000134DB05A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487459638.00000134DB058000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482153514.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/wildix-collaboration/lobgohpoobpijgfegnlhdnppegdbomkn
          Source: wiservice.exe, 0000002F.00000002.490271193.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482417875.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.484090090.00000134DB05A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.489109659.00000134DAFE8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487459638.00000134DB058000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482229621.00000134DB08E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482153514.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/x-bees/olejekejjhgimnlliplaiodgmbpcflhi
          Source: wiservice.exe, 00000013.00000000.353195715.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000013.00000002.359296927.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000000.368161570.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.401511885.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000000.474074049.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.502688150.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.492491078.00007FF758282000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Analytics/wiservice
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Analytics/wiserviceext_getsid()
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000013.00000002.356549392.0000017D97F78000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.399327832.00000205DC989000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.489109659.00000134DAFE8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.484197182.000002CCFD608000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservice
          Source: wiservice.exe, 00000014.00000002.399327832.00000205DC989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservice6kU
          Source: wiservice.exe, 0000002F.00000002.489109659.00000134DAFE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservicease.dll
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/WiserviceemailothersendLogssizestypemessagecontextfeedba
          Source: wiservice.exe, 00000013.00000002.356549392.0000017D97F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservicet
          Source: wiservice.exe, 00000033.00000002.484197182.000002CCFD608000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservice~#
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.490006161.00000134DB028000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487793527.00000134DB026000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000003.487713322.00000134DB020000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/
          Source: wiservice.exe, 0000002F.00000003.487713322.00000134DB020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/applications.json
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/applications.jsonintegrations.jsonx-beesNativeApp.jsonC:
          Source: wiservice.exe, 00000033.00000002.484197182.000002CCFD608000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.json
          Source: wiservice.exe, 00000014.00000002.399327832.00000205DC989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.json%kF
          Source: wiservice.exe, 0000002F.00000003.487883533.00000134DB030000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.490124460.00000134DB031000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487793527.00000134DB026000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487713322.00000134DB020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.json4
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonhttps://backtrace.wildix.com/api/v1/Integrati
          Source: wiservice.exe, 00000013.00000002.356549392.0000017D97F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonn
          Source: wiservice.exe, 0000002F.00000002.489109659.00000134DAFE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonse.dll5W
          Source: wiservice.exe, 0000002F.00000003.486272143.00000134DB07F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487031050.00000134DB08F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.483929739.00000134DB093000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.483764013.00000134DB093000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.484090090.00000134DB05A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.485182229.00000134DB07E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486741289.00000134DB08C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkg
          Source: wiservice.exe, 0000002F.00000003.486272143.00000134DB07F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.485182229.00000134DB07E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486741289.00000134DB08C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkgW/N
          Source: wiservice.exe, 0000002F.00000003.486272143.00000134DB07F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487031050.00000134DB08F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.485128523.00000134DB062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.490359781.00000134DB066000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482417875.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.484090090.00000134DB05A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486741289.00000134DB08C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486188695.00000134DB062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487482353.00000134DB066000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482229621.00000134DB08E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.483817688.00000134DB062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.484111367.00000134DB063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482153514.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/wiservice/WIService.pkg
          Source: wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/x-bees/x-bees.pkg
          Source: wiservice.exe, 0000002F.00000002.490271193.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/x-bees/x-bees.pkgs
          Source: wiservice.exe, 0000002F.00000002.490006161.00000134DB028000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487793527.00000134DB026000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487713322.00000134DB020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/rvice
          Source: wiservice.exe, 0000002F.00000003.486272143.00000134DB07F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487031050.00000134DB08F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.483929739.00000134DB093000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.483764013.00000134DB093000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.484090090.00000134DB05A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.485182229.00000134DB07E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486741289.00000134DB08C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/collaboration/Collaboration-x64.exe
          Source: wiservice.exe, 0000002F.00000002.490271193.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482417875.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.484090090.00000134DB05A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482229621.00000134DB08E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482153514.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/tapi/WildixTAPI.exe
          Source: wiservice.exe, 0000002F.00000002.490271193.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/tapi/WildixTAPI.exeO
          Source: wiservice.exe, 0000002F.00000002.490271193.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/tapi/WildixTAPI.exen4
          Source: wiservice.exe, 0000002F.00000003.486272143.00000134DB07F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487031050.00000134DB08F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.485128523.00000134DB062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.490359781.00000134DB066000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482417875.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.484090090.00000134DB05A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486741289.00000134DB08C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486188695.00000134DB062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487482353.00000134DB066000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482229621.00000134DB08E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.483817688.00000134DB062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.484111367.00000134DB063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482153514.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/wiservice/SetupWIService.exe
          Source: wiservice.exe, 0000002F.00000003.486272143.00000134DB07F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487031050.00000134DB08F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486741289.00000134DB08C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/wiservice/SetupWIService.exef3b
          Source: wiservice.exe, 0000002F.00000002.490271193.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.485128523.00000134DB062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.485013171.00000134DB097000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486028018.00000134DB059000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486188695.00000134DB062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/x-bees/x-bees.exe
          Source: wiservice.exe, 0000002F.00000002.490271193.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/x-bees/x-bees.exep
          Source: wiservice.exe, 0000002F.00000002.490271193.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/x-bees/x-bees.exexetesj
          Source: wiservice.exe, 0000002F.00000003.487883533.00000134DB030000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.490124460.00000134DB031000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487793527.00000134DB026000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487713322.00000134DB020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/x-beesNativeApp.json
          Source: wiservice.exe, 0000002F.00000003.487883533.00000134DB030000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.490124460.00000134DB031000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487793527.00000134DB026000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487713322.00000134DB020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/x-beesNativeApp.jsono
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16739
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assign
          Source: SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000014.00000003.398562215.00000205DCA09000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000037.00000003.677640708.000002899DDDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://wildix.atlassian.net/wiki/x/HgfOAQ
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://wildix.atlassian.net/wiki/x/HgfOAQ&Logsuser
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.wildix.com
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.wildix.comext_openfolder()
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://x-bees.biz
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://x-bees.bizisSecureporttype
          Source: unknownHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 497Content-Type: application/x-www-form-urlencoded
          Source: unknownDNS traffic detected: queries for: files.wildix.com
          Source: global trafficHTTP traffic detected: GET /integrations/integrations.json HTTP/1.1Host: files.wildix.comAccept: */*
          Source: global trafficHTTP traffic detected: GET /integrations/applications.json HTTP/1.1Host: files.wildix.comAccept: */*
          Source: global trafficHTTP traffic detected: GET /integrations/x-beesNativeApp.json HTTP/1.1Host: files.wildix.comAccept: */*
          Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00405275 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405275

          Spam, unwanted Advertisements and Ransom Demands

          barindex
          Modifies the hosts file
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
          Source: SetupWIService.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: C:\Windows\System32\spoolsv.exeFile deleted: C:\Windows\System32\spool\drivers\x64\3\Old\1\stddtype.gdlJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_0040326B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326B
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\wfaxport.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00406FC40_2_00406FC4
          Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_004067ED0_2_004067ED
          Source: C:\Windows\System32\spoolsv.exeCode function: 22_2_00007FF887CC9CA022_2_00007FF887CC9CA0
          Source: C:\Windows\System32\spoolsv.exeCode function: 22_2_00007FF887CC482022_2_00007FF887CC4820
          Source: C:\Windows\System32\spoolsv.exeCode function: 22_2_00007FF887CC130022_2_00007FF887CC1300
          Source: C:\Windows\System32\spoolsv.exeCode function: 22_2_00007FF887CBD23022_2_00007FF887CBD230
          Source: C:\Windows\System32\spoolsv.exeCode function: 22_2_00007FF887CC21A022_2_00007FF887CC21A0
          Source: C:\Windows\System32\spoolsv.exeCode function: 22_2_00007FF887CC31A022_2_00007FF887CC31A0
          Source: C:\Windows\System32\spoolsv.exeCode function: 22_2_00007FF887CB6F1022_2_00007FF887CB6F10
          Source: C:\Windows\System32\spoolsv.exeCode function: 22_2_00007FF887CB0CE022_2_00007FF887CB0CE0
          Source: C:\Windows\System32\spoolsv.exeCode function: 22_2_00007FF887CC19D022_2_00007FF887CC19D0
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 23_2_00007FF81A680BD123_2_00007FF81A680BD1
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 29_2_00007FF81A650BD129_2_00007FF81A650BD1
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FF81A670BD131_2_00007FF81A670BD1
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 35_2_00007FF81A680BD135_2_00007FF81A680BD1
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 37_2_00007FF81A670BD137_2_00007FF81A670BD1
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 37_2_00007FF81A6718BC37_2_00007FF81A6718BC
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 39_2_00007FF81A660BD139_2_00007FF81A660BD1
          Source: C:\Windows\System32\spoolsv.exeCode function: String function: 00007FF887CC50C0 appears 48 times
          Source: UC.dll.0.drStatic PE information: No import functions for PE file found
          Source: C:\Windows\System32\spoolsv.exeSection loaded: ualapi.dllJump to behavior
          Source: C:\Windows\System32\spoolsv.exeSection loaded: ualapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeFile read: C:\Users\user\Desktop\SetupWIService.exeJump to behavior
          Source: SetupWIService.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SetupWIService.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\SetupWIService.exe C:\Users\user\Desktop\SetupWIService.exe
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exe
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exe
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exe
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exe
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exe
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exe
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exe
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exe
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exe
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exe
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exe
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exe
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --removesvc
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter
          Source: unknownProcess created: C:\Windows\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe
          Source: unknownProcess created: C:\Windows\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
          Source: unknownProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --update
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
          Source: unknownProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\WIService.exe"
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc
          Source: unknownProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc
          Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
          Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk
          Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
          Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\backgroundTaskHost.exe "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineId
          Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --check_oi_enabled
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\wiservice.exe
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /F
          Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /TN "Wildix\WIService update recovery" /F
          Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe"
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinterJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebaseJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebaseJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebaseJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebaseJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebaseJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebaseJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silentJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /FJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyexJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvcJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnkJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineIdJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\wiservice.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /FJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
          Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
          Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
          Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --check_oi_enabled
          Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /TN "Wildix\WIService update recovery" /F
          Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe"
          Source: C:\Users\user\Desktop\SetupWIService.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_0040326B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326B
          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIService.exe")
          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIui.exe")
          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wirtpproxy.exe")
          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wiservice-ui.exe")
          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vncsrv.exe")
          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookIntegration.exe")
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Users\user\AppData\Roaming\WildixJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsrC855.tmpJump to behavior
          Source: classification engineClassification label: mal57.troj.adwa.evad.winEXE@107/86@5/4
          Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00402138 CoCreateInstance,MultiByteToWideChar,0_2_00402138
          Source: C:\Users\user\Desktop\SetupWIService.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00404530 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404530
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
          Source: Office.dll.0.dr, Office.Core/SharedWorkspaceTask.csTask registration methods: 'get_CreatedDate', 'get_CreatedBy'
          Source: Office.dll.0.dr, Office.Core/WorkflowTask.csTask registration methods: 'get_CreatedDate', 'get_CreatedBy'
          Source: Office.dll.0.dr, Office.Core/ICTPFactory.csTask registration methods: 'CreateCTP'
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5732:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3052:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3428:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2104:120:WilError_01
          Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.desktop-integration.service
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6116:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5200:120:WilError_01
          Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.dispatcher
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3096:120:WilError_01
          Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.watchdog
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2264:120:WilError_01
          Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.updater
          Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WIS
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4848:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6072:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6032:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1504:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6112:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1900:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5184:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5880:120:WilError_01
          Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.svchost
          Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.desktop-integration.proxyex
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5464:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:640:120:WilError_01
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\WildixJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe
          Source: unknownProcess created: C:\Windows\explorer.exe
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe
          Source: unknownProcess created: C:\Windows\explorer.exe
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exeJump to behavior
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\SetupWIService.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\Wildix.AddInJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIServiceJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeFile opened: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
          Source: SetupWIService.exeStatic file information: File size 13876464 > 1048576
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\WildixJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIServiceJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xmlJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix.icoJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wiservice.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\faxJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDLJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDNAMES.GPDJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDLJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDLJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.HLPJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\imgprint.gpdJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwaresJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtBase0x5642.dfuJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtHeadset0x5642.dfuJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resourcesJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resources\cdr.dbJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook IntegrationJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Office.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\UC.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\wildix-oi.icoJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dll.manifestJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dllJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.vstoJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exe.configJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\proxyex.lnkJump to behavior
          Source: C:\Program Files\Wildix\WIService\wiservice.exeDirectory created: C:\Program Files\Wildix\updates
          Source: SetupWIService.exeStatic PE information: certificate valid
          Source: SetupWIService.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: C:\design\wiservice\deploy\win-x64-release\wiservice.pdb source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp
          Source: Binary string: C:\design\wiservice\deploy\win-x64-release\wiservice.pdbg source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp
          Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp
          Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\rand\randfile.cFilename=RANDFILESYSTEMROOT.rnd` source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp
          Source: Binary string: C:\design\wiservice\deploy\win-x64-release\fax\wfaxport.pdb``. source: spoolsv.exe, 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmp
          Source: Binary string: C:\design\wiservice\deploy\win-x64-release\fax\wfaxport.pdb source: spoolsv.exe, 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmp

          Data Obfuscation

          barindex
          Yara detected GuLoader
          Source: Yara matchFile source: 00000000.00000002.607884101.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.606167729.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.605471583.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: SetupWIService.exe PID: 4860, type: MEMORYSTR
          Source: C:\Windows\System32\spoolsv.exeCode function: 22_2_00007FF887CD2885 push rdi; ret 22_2_00007FF887CD2886
          Source: Newtonsoft.Json.dll.0.drStatic PE information: 0xDFF1C7F1 [Fri Jan 21 16:48:49 2089 UTC]
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exeJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\nsDialogs.dllJump to dropped file
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to dropped file
          Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\System.dllJump to dropped file
          Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dllJump to dropped file
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
          Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Office.dllJump to dropped file
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\wfaxport.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Serilog.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exeJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\wiservice.exeJump to dropped file
          Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dllJump to dropped file
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to dropped file
          Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)Jump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\nsExec.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to dropped file
          Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)Jump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\UC.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to dropped file
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to dropped file
          Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
          Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dllJump to dropped file
          Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dllJump to dropped file
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
          Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
          Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)Jump to dropped file
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\wfaxport.dllJump to dropped file
          Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)Jump to dropped file

          Boot Survival

          barindex
          Sets file extension default program settings to executables
          Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\callto\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sip\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wildix\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_CURRENT_USER_Classes\callto\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_CURRENT_USER_Classes\sip\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_CURRENT_USER_Classes\tel\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_CURRENT_USER_Classes\wildix\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tel\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
          Uses schtasks.exe or at.exe to add and modify task schedules
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildixJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIServiceJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnkJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WIServiceJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WIServiceJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX

          Malware Analysis System Evasion

          barindex
          Tries to delay execution (extensive OutputDebugStringW loop)
          Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: OutputDebugStringW count: 240
          Source: C:\Windows\System32\spoolsv.exe TID: 1992Thread sleep count: 383 > 30Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5144Thread sleep time: -922337203685477s >= -30000s
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 3960Thread sleep time: -922337203685477s >= -30000s
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 776Thread sleep time: -922337203685477s >= -30000s
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 160Thread sleep time: -922337203685477s >= -30000s
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 3228Thread sleep time: -922337203685477s >= -30000s
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5140Thread sleep time: -922337203685477s >= -30000s
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 1412Thread sleep time: -922337203685477s >= -30000s
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 624Thread sleep time: -922337203685477s >= -30000s
          Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 4780Thread sleep time: -4611686018427385s >= -30000s
          Source: C:\Windows\System32\spoolsv.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_22-17570
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exeJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to dropped file
          Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to dropped file
          Source: C:\Program Files\Wildix\WIService\wiservice.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
          Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Office.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exeJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Serilog.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\UC.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to dropped file
          Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to dropped file
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
          Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\System32\spoolsv.exeWindow / User API: threadDelayed 383Jump to behavior
          Source: C:\Windows\System32\spoolsv.exeAPI coverage: 3.9 %
          Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information queried: ProcessInformation
          Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00402765 FindFirstFileA,0_2_00402765
          Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00406313 FindFirstFileA,FindClose,0_2_00406313
          Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_004057D8 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004057D8
          Source: C:\Windows\System32\spoolsv.exeCode function: 22_2_00007FF887CB3F10 FindFirstFileW,_invalid_parameter_noinfo_noreturn,FindClose,22_2_00007FF887CB3F10
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
          Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\SetupWIService.exeAPI call chain: ExitProcess graph end nodegraph_0-3237
          Source: wiservice.exe, 00000033.00000003.483326079.000002CCFD637000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000033.00000002.484416639.000002CCFD63A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll8
          Source: spoolsv.exe, 00000016.00000002.705404460.0000000000BD8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll)
          Source: wiservice.exe, 00000013.00000003.355720835.0000017D97FB3000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000013.00000003.355905000.0000017D97FB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllK
          Source: wiservice.exe, 00000014.00000002.399476419.00000205DC9B9000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.398737373.00000205DC9B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW!
          Source: wiservice.exe, 00000014.00000003.398921772.00000205DC9C2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.398737373.00000205DC9B6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 00000015.00000002.374177178.0000000000F4B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487713322.00000134DB020000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Windows\System32\spoolsv.exeCode function: 22_2_00007FF887CC6758 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_00007FF887CC6758
          Source: C:\Windows\System32\spoolsv.exeCode function: 22_2_00007FF887CCA560 GetProcessHeap,HeapAlloc,std::bad_alloc::bad_alloc,22_2_00007FF887CCA560
          Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: page read and write | page guard
          Source: C:\Windows\System32\spoolsv.exeCode function: 22_2_00007FF887CC6758 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_00007FF887CC6758
          Source: C:\Windows\System32\spoolsv.exeCode function: 22_2_00007FF887CC5ED0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_00007FF887CC5ED0

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Modifies the hosts file
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
          DLL side loading technique detected
          Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\wfaxport.dllJump to behavior
          Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to behavior
          Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to behavior
          Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\3\unidrvui.dllJump to behavior
          Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\3\unidrv.dllJump to behavior
          Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\3\unidrvui.dllJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebaseJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebaseJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebaseJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebaseJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebaseJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebaseJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silentJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /FJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /FJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /TN "Wildix\WIService update recovery" /F
          Source: wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: couldn't join streamer iteration threadjoin streamer iteration threadstreamerc:\design\wiservice\wiservice\integrations\screen-sharing\Streamer.cppcouldn't create streamer iteration threadinvalid wildix auth replywildix auth reply '{}' receivedwildix auth marker '{}' sentXWD_REFM_OKWD_REFM_01streamer's pending connection couldn't complete in {}mswaiting for all connections to resolvexinvalid peer '{}'%dserver connectedauth failedcouldn't create socketconnecting to {}:{}seqid {:#x} does not match last sent PING request ({:#x})couldn't reconnectE_SCREEN_SHARINGdisplaysconfigprimaryheightwidthysetting 'app' parameter to '{}'setting 'control' parameter to '{}'setting 'display' parameter to '{}'put message on hold because user does not allow remote controlpongR_SCREEN_SHARINGSHUTDOWNdisconnectedgetconfigsetparameterspinginvalid commandseqidinvalid msgdatacouldn't parse message JSONlaunching system process toolfirst lock took {}mslast iteration took {}ms{}:{}recreating desktop objectdesktop recording is restrictedprocess pending parameters change requestunrecognized command '{}'showprocesstoolsize: {}x{}, desktop size: {}x{}sleep took {}msthird lock took {}msframebuffer update took {}msdesktop resize took {}mssecond lock took {}msdesktop update took {}msdesktop target check took {}msexit loopreconnecting due to error, {} attempts left{}ms without PONG replies from clientconnection goneconnectedserver screenupdate took {} msclosing server due to screen resizeFinishing desktop notifications loopDesktop configuration changedCouldn't create desktop notification window. CreateWindowExW() failed with error {}WIService.DesktopNotifyc:\design\wiservice\wiservice\integrations\screen-sharing\utils\win\WinDesktopConfiguration.cppStarting desktop notifications loopNo HMONITOR found for supplied device index {}Generic PnP MonitorRefreshing desktop configurationRefreshing window configurationButtonProgmanX
          Source: C:\Users\user\Desktop\SetupWIService.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SetupWIService.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
          Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\System32\spoolsv.exeCode function: 22_2_00007FF887CA14A0 cpuid 22_2_00007FF887CA14A0
          Source: C:\Program Files\Wildix\WIService\wiservice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
          Source: C:\Windows\System32\spoolsv.exeCode function: 22_2_00007FF887CC68A4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,22_2_00007FF887CC68A4
          Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_0040326B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326B

          Lowering of HIPS / PFW / Operating System Security Settings

          barindex
          Uses netsh to modify the Windows network and firewall settings
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
          Modifies the hosts file
          Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
          Modifies the windows firewall
          Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Windows Management Instrumentation          		11
          DLL Side-Loading          		11
          DLL Side-Loading          		1
          File and Directory Permissions Modification          		OS Credential Dumping1
          System Time Discovery          		Remote Services11
          Archive Collected Data          		Exfiltration Over Other Network Medium1
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default Accounts1
          Native API          		1
          DLL Search Order Hijacking          		1
          DLL Search Order Hijacking          		211
          Disable or Modify Tools          		LSASS Memory2
          File and Directory Discovery          		Remote Desktop Protocol1
          Clipboard Data          		Exfiltration Over Bluetooth11
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain Accounts11
          Scheduled Task/Job          		1
          Windows Service          		1
          Access Token Manipulation          		1
          Deobfuscate/Decode Files or Information          		Security Account Manager27
          System Information Discovery          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)11
          Scheduled Task/Job          		1
          Windows Service          		2
          Obfuscated Files or Information          		NTDS21
          Security Software Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer4
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCron11
          Registry Run Keys / Startup Folder          		12
          Process Injection          		1
          Timestomp          		LSA Secrets2
          Process Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.common11
          Scheduled Task/Job          		11
          DLL Side-Loading          		Cached Domain Credentials121
          Virtualization/Sandbox Evasion          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup Items11
          Registry Run Keys / Startup Folder          		1
          DLL Search Order Hijacking          		DCSync1
          Application Window Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
          File Deletion          		Proc Filesystem1
          Remote System Discovery          		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)123
          Masquerading          		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)121
          Virtualization/Sandbox Evasion          		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
          Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
          Access Token Manipulation          		Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
          Compromise Software Supply ChainUnix ShellLaunchdLaunchd12
          Process Injection          		KeyloggingLocal GroupsComponent Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 763396 Sample: SetupWIService.exe Startdate: 08/12/2022 Architecture: WINDOWS Score: 57 82 Yara detected GuLoader 2->82 84 Tries to delay execution (extensive OutputDebugStringW loop) 2->84 7 SetupWIService.exe 43 86 2->7         started        11 spoolsv.exe 110 46 2->11         started        13 wiservice.exe 2->13         started        15 5 other processes 2->15 process3 dnsIp4 60 C:\Program Files\Wildix\...\wiservice.exe, PE32+ 7->60 dropped 62 C:\...\WisUpdateCheckerTaskX64.xml, XML 7->62 dropped 64 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 7->64 dropped 72 29 other files (none is malicious) 7->72 dropped 92 Sets file extension default program settings to executables 7->92 94 Modifies the windows firewall 7->94 18 wiservice.exe 2 19 7->18         started        21 cmd.exe 7->21         started        24 wiservice.exe 7->24         started        34 23 other processes 7->34 66 C:\Windows\system32\...\unires.dll (copy), PE32+ 11->66 dropped 68 C:\Windows\system32\...\unidrvui.dll (copy), PE32+ 11->68 dropped 70 C:\Windows\system32\...\unidrv.dll (copy), PE32+ 11->70 dropped 74 3 other files (none is malicious) 11->74 dropped 96 DLL side loading technique detected 11->96 26 wiservice.exe 13->26         started        28 wiservice.exe 13->28         started        76 files.wildix.com 52.213.62.3, 443, 49702, 49704 AMAZON-02US United States 15->76 78 feedback.wildix.com 54.93.167.246, 443, 49706, 49707 AMAZON-02US United States 15->78 80 2 other IPs or domains 15->80 30 wiservice.exe 15->30         started        32 wiservice.exe 15->32         started        file5 signatures6 process7 file8 50 C:\Windows\System32\wfaxport.dll, PE32+ 18->50 dropped 52 C:\Windows\System32\spool\...\unidrvui.dll, PE32+ 18->52 dropped 54 C:\Windows\System32\spool\...\unidrv.dll, PE32+ 18->54 dropped 56 C:\Windows\System32\spool\...\unires.dll, PE32+ 18->56 dropped 86 Uses schtasks.exe or at.exe to add and modify task schedules 21->86 88 Uses netsh to modify the Windows network and firewall settings 21->88 36 conhost.exe 21->36         started        38 schtasks.exe 21->38         started        58 C:\Windows\System32\drivers\etc\hosts, ASCII 24->58 dropped 90 Modifies the hosts file 24->90 40 wiservice.exe 26->40         started        42 taskkill.exe 1 34->42         started        44 taskkill.exe 1 34->44         started        46 taskkill.exe 1 34->46         started        48 23 other processes 34->48 signatures9 process10

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SetupWIService.exe0%ReversingLabs
          SetupWIService.exe0%VirustotalBrowse

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dll0%ReversingLabs
          C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dll0%ReversingLabs
          C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dll0%ReversingLabs
          C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dll0%ReversingLabs
          C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dll0%ReversingLabs
          C:\Program Files\Wildix\Outlook Integration\Office.dll0%ReversingLabs
          C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dll0%ReversingLabs
          C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dll0%ReversingLabs
          C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dll0%ReversingLabs
          C:\Program Files\Wildix\Outlook Integration\Serilog.dll0%ReversingLabs
          C:\Program Files\Wildix\Outlook Integration\UC.dll0%ReversingLabs
          C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dll0%ReversingLabs
          C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dll0%ReversingLabs
          C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exe0%ReversingLabs
          C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exe0%ReversingLabs
          C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dll0%ReversingLabs
          C:\Program Files\Wildix\WIService\UninstallWIService.exe0%ReversingLabs
          C:\Program Files\Wildix\WIService\fax\UNIDRV.DLL0%ReversingLabs
          C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLL0%ReversingLabs
          C:\Program Files\Wildix\WIService\fax\UNIRES.DLL0%ReversingLabs
          C:\Program Files\Wildix\WIService\fax\wfaxport.dll0%ReversingLabs
          C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dll0%ReversingLabs
          C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exe0%ReversingLabs
          C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dll0%ReversingLabs
          C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dll0%ReversingLabs
          C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dll0%ReversingLabs
          C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dll0%ReversingLabs
          C:\Program Files\Wildix\WIService\wiservice.exe0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\System.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\nsDialogs.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\nsExec.dll0%ReversingLabs
          C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dll0%ReversingLabs
          C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dll0%ReversingLabs
          C:\Windows\System32\spool\drivers\x64\3\New\unires.dll0%ReversingLabs
          C:\Windows\System32\spool\drivers\x64\unidrv.dll0%ReversingLabs
          C:\Windows\System32\spool\drivers\x64\unidrvui.dll0%ReversingLabs
          C:\Windows\System32\spool\drivers\x64\unires.dll0%ReversingLabs
          C:\Windows\System32\wfaxport.dll0%ReversingLabs
          C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)0%ReversingLabs
          C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)0%ReversingLabs
          C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)0%ReversingLabs

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          0.2.SetupWIService.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
          0.0.SetupWIService.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
          http://ocsp.sectigo.com00%URL Reputationsafe
          http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
          https://www.wildix.comext_openfolder()0%Avira URL Cloudsafe
          http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
          https://x-bees.biz2%VirustotalBrowse
          https://sectigo.com/CPS00%URL Reputationsafe
          https://x-bees.biz0%Avira URL Cloudsafe
          http://www.gimp.orgg0%URL Reputationsafe
          http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%URL Reputationsafe
          http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
          http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%URL Reputationsafe
          http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
          http://jimmac.musichall.cz0%URL Reputationsafe
          http://ocsp.sectigo.com090%Avira URL Cloudsafe
          https://x-bees.bizisSecureporttype0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          files.wildix.com
          		52.213.62.3
          		truefalse
            		high
            feedback.wildix.com
            		54.93.167.246
            		truefalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://files.wildix.com/integrations/applications.jsonfalse
                		high
                https://files.wildix.com/integrations/integrations.jsonfalse
                  		high
                  https://files.wildix.com/integrations/x-beesNativeApp.jsonfalse
                    		high
                    https://feedback.wildix.com/api/v1/Analytics/wiservicefalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://wildix.atlassian.net/wiki/x/HgfOAQ&Logsuserwiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpfalse
                        		high
                        https://www.wildix.comext_openfolder()wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000014.00000003.398562215.00000205DCA09000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://ocsp.sectigo.com0SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000014.00000003.398562215.00000205DCA09000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://files.wildix.com/integrations/win/x-bees/x-bees.exexetesjwiservice.exe, 0000002F.00000002.490271193.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://www.wildix.comwiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpfalse
                            		high
                            http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000014.00000003.398562215.00000205DCA09000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://files.wildix.com/integrations/integrations.jsonnwiservice.exe, 00000013.00000002.356549392.0000017D97F78000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://files.wildix.com/integrations/x-beesNativeApp.jsonowiservice.exe, 0000002F.00000003.487883533.00000134DB030000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.490124460.00000134DB031000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487793527.00000134DB026000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487713322.00000134DB020000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://feedback.wildix.com/api/v1/Feedback/Wiservicewiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000013.00000002.356549392.0000017D97F78000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.399327832.00000205DC989000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.489109659.00000134DAFE8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.484197182.000002CCFD608000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpfalse
                                  		high
                                  https://files.wildix.com/integrations/wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.490006161.00000134DB028000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487793527.00000134DB026000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000003.487713322.00000134DB020000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpfalse
                                    		high
                                    https://x-bees.bizwiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpfalse
                                    • 2%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/opencv/opencv/issues/16739wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpfalse
                                      		high
                                      https://curl.haxx.se/docs/http-cookies.htmlwiservice.exe, 00000013.00000000.353195715.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000013.00000002.359296927.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000000.368161570.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.401511885.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000000.474074049.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.502688150.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.492491078.00007FF758282000.00000002.00000001.01000000.00000006.sdmpfalse
                                        		high
                                        https://files.wildix.com/integrations/integrations.jsonse.dll5Wwiservice.exe, 0000002F.00000002.489109659.00000134DAFE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://feedback.wildix.com/api/v1/Feedback/Wiservice6kUwiservice.exe, 00000014.00000002.399327832.00000205DC989000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://wildix.atlassian.net/wiki/x/HgfOAQwiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpfalse
                                              		high
                                              https://files.wildix.com/integrations/osx/x-bees/x-bees.pkgwiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://files.wildix.com/integrations/win/x-bees/x-bees.exewiservice.exe, 0000002F.00000002.490271193.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.485128523.00000134DB062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.485013171.00000134DB097000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486028018.00000134DB059000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486188695.00000134DB062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://files.wildix.com/integrations/win/collaboration/Collaboration-x64.exewiservice.exe, 0000002F.00000003.486272143.00000134DB07F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487031050.00000134DB08F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.483929739.00000134DB093000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.483764013.00000134DB093000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.484090090.00000134DB05A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.485182229.00000134DB07E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486741289.00000134DB08C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://files.wildix.com/integrations/win/tapi/WildixTAPI.exen4wiservice.exe, 0000002F.00000002.490271193.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://chrome.google.com/webstore/detail/x-bees/olejekejjhgimnlliplaiodgmbpcflhiwiservice.exe, 0000002F.00000002.490271193.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482417875.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.484090090.00000134DB05A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.489109659.00000134DAFE8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487459638.00000134DB058000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482229621.00000134DB08E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482153514.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://files.wildix.com/integrations/osx/wiservice/WIService.pkgwiservice.exe, 0000002F.00000003.486272143.00000134DB07F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487031050.00000134DB08F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.485128523.00000134DB062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.490359781.00000134DB066000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482417875.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.484090090.00000134DB05A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486741289.00000134DB08C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486188695.00000134DB062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487482353.00000134DB066000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482229621.00000134DB08E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.483817688.00000134DB062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.484111367.00000134DB063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482153514.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://feedback.wildix.com/api/v1/Feedback/Wiservice~#wiservice.exe, 00000033.00000002.484197182.000002CCFD608000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://files.wildix.com/integrations/integrations.json%kFwiservice.exe, 00000014.00000002.399327832.00000205DC989000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://feedback.wildix.com/api/v1/Analytics/wiserviceext_getsid()wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                		high
                                                                https://files.wildix.com/integrations/win/wiservice/SetupWIService.exewiservice.exe, 0000002F.00000003.486272143.00000134DB07F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487031050.00000134DB08F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.485128523.00000134DB062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.490359781.00000134DB066000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482417875.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.484090090.00000134DB05A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486741289.00000134DB08C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486188695.00000134DB062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487482353.00000134DB066000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482229621.00000134DB08E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.483817688.00000134DB062000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.484111367.00000134DB063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482153514.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://chrome.google.com/webstore/detail/wildix-collaboration/lobgohpwiservice.exe, 0000002F.00000003.482463245.00000134DB08C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://files.wildix.com/integrations/applications.jsonintegrations.jsonx-beesNativeApp.jsonC:wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                      		high
                                                                      https://backtrace.wildix.com/api/v1/IntegrationService/Trace/wiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000013.00000002.356549392.0000017D97F78000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.399327832.00000205DC989000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.489109659.00000134DAFE8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.484197182.000002CCFD608000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                        		high
                                                                        http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#wiservice.exe, 00000037.00000003.677640708.000002899DDDF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://files.wildix.com/integrations/win/x-bees/x-bees.exepwiservice.exe, 0000002F.00000002.490271193.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://files.wildix.com/integrations/integrations.json4wiservice.exe, 0000002F.00000003.487883533.00000134DB030000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.490124460.00000134DB031000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487793527.00000134DB026000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487713322.00000134DB020000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://files.wildix.com/integrations/integrations.jsonhttps://backtrace.wildix.com/api/v1/Integratiwiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                              		high
                                                                              https://sectigo.com/CPS0SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000014.00000003.398562215.00000205DCA09000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000037.00000003.677640708.000002899DDDF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://feedback.wildix.com/api/v1/Feedback/WiserviceemailothersendLogssizestypemessagecontextfeedbawiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                		high
                                                                                https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkgW/Nwiservice.exe, 0000002F.00000003.486272143.00000134DB07F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.485182229.00000134DB07E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486741289.00000134DB08C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://ocsp.sectigo.com09wiservice.exe, 00000037.00000003.677640708.000002899DDDF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.gimp.orggwiservice.exe, 00000013.00000000.353195715.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000013.00000002.359296927.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000000.368161570.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.401511885.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000000.474074049.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.502688150.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.492491078.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000000.480407341.00007FF758282000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://files.wildix.com/integrations/win/wiservice/SetupWIService.exef3bwiservice.exe, 0000002F.00000003.486272143.00000134DB07F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487031050.00000134DB08F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486741289.00000134DB08C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://files.wildix.com/integrations/win/tapi/WildixTAPI.exeOwiservice.exe, 0000002F.00000002.490271193.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://backtrace.wildix.com/api/v1/IntegrationService/Trace/dll3kPwiservice.exe, 00000014.00000002.399327832.00000205DC989000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000014.00000003.398562215.00000205DCA09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://x-bees.bizisSecureporttypewiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://nsis.sf.net/NSIS_ErrorErrorSetupWIService.exe, 00000000.00000000.311613339.000000000040A000.00000008.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                          		high
                                                                                          https://chrome.google.com/webstore/detail/wildix-collaboration/lobgohpoobpijgfegnlhdnppegdbomknwiservice.exe, 0000002F.00000003.482463245.00000134DB08C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000002.490271193.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482417875.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.484090090.00000134DB05A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487459638.00000134DB058000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482153514.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://files.wildix.com/integrations/rvicewiservice.exe, 0000002F.00000002.490006161.00000134DB028000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487793527.00000134DB026000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487713322.00000134DB020000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://backtrace.wildix.com/api/v1/IntegrationService/Trace/%VHwiservice.exe, 0000002F.00000002.489109659.00000134DAFE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tSetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000014.00000003.398562215.00000205DCA09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://feedback.wildix.com/api/v1/Feedback/Wiservicetwiservice.exe, 00000013.00000002.356549392.0000017D97F78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://nsis.sf.net/NSIS_ErrorSetupWIService.exe, SetupWIService.exe, 00000000.00000000.311613339.000000000040A000.00000008.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                    		high
                                                                                                    http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0ySetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000014.00000003.398562215.00000205DCA09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://files.wildix.com/integrations/win/tapi/WildixTAPI.exewiservice.exe, 0000002F.00000002.490271193.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482417875.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.484090090.00000134DB05A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482229621.00000134DB08E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.482153514.00000134DB0B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#SetupWIService.exe, 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000014.00000003.398562215.00000205DCA09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://jimmac.musichall.czwiservice.exe, 00000013.00000000.353195715.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000013.00000002.359296927.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000000.368161570.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.401511885.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000000.474074049.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.502688150.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.492491078.00007FF758282000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000000.480407341.00007FF758282000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://files.wildix.com/integrations/osx/x-bees/x-bees.pkgswiservice.exe, 0000002F.00000002.490271193.00000134DB051000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487393834.00000134DB051000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkgwiservice.exe, 0000002F.00000003.486272143.00000134DB07F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.487031050.00000134DB08F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.483929739.00000134DB093000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.483764013.00000134DB093000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.484090090.00000134DB05A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.485182229.00000134DB07E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000002F.00000003.486741289.00000134DB08C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assignwiservice.exe, 00000013.00000000.353835045.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.403497663.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000002F.00000002.503967075.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000033.00000002.493426808.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.565436508.00007FF7583D6000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                            		high
                                                                                                            https://feedback.wildix.com/api/v1/Feedback/Wiservicease.dllwiservice.exe, 0000002F.00000002.489109659.00000134DAFE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high

                                                                                                              World Map of Contacted IPs

                                                                                                              • No. of IPs < 25%
                                                                                                              • 25% < No. of IPs < 50%
                                                                                                              • 50% < No. of IPs < 75%
                                                                                                              • 75% < No. of IPs

                                                                                                              Public IPs

                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                              54.93.167.246
                                                                                                              		feedback.wildix.comUnited States
                                                                                                              		16509AMAZON-02USfalse
                                                                                                              52.213.62.3
                                                                                                              		files.wildix.comUnited States
                                                                                                              		16509AMAZON-02USfalse

                                                                                                              Private

                                                                                                              IP
                                                                                                              192.168.2.1
                                                                                                              127.0.0.1

                                                                                                              General Information

                                                                                                              Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                              Analysis ID:763396
                                                                                                              Start date and time:2022-12-08 13:01:50 +01:00
                                                                                                              Joe Sandbox Product:CloudBasic
                                                                                                              Overall analysis duration:0h 16m 22s
                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                              Report type:full
                                                                                                              Sample file name:SetupWIService.exe
                                                                                                              Cookbook file name:default.jbs
                                                                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                              Run name:Run with higher sleep bypass
                                                                                                              Number of analysed new started processes analysed:71
                                                                                                              Number of new started drivers analysed:0
                                                                                                              Number of existing processes analysed:0
                                                                                                              Number of existing drivers analysed:0
                                                                                                              Number of injected processes analysed:0
                                                                                                              Technologies:
                                                                                                              • HCA enabled
                                                                                                              • EGA enabled
                                                                                                              • HDC enabled
                                                                                                              • AMSI enabled
                                                                                                              Analysis Mode:default
                                                                                                              Analysis stop reason:Timeout
                                                                                                              Detection:MAL
                                                                                                              Classification:mal57.troj.adwa.evad.winEXE@107/86@5/4
                                                                                                              EGA Information:
                                                                                                              • Successful, ratio: 100%
                                                                                                              HDC Information:
                                                                                                              • Successful, ratio: 100% (good quality ratio 68.6%)
                                                                                                              • Quality average: 50.5%
                                                                                                              • Quality standard deviation: 41.8%
                                                                                                              HCA Information:
                                                                                                              • Successful, ratio: 100%
                                                                                                              • Number of executed functions: 90
                                                                                                              • Number of non-executed functions: 132
                                                                                                              Cookbook Comments:
                                                                                                              • Found application associated with file extension: .exe
                                                                                                              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                              Warnings

                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe
                                                                                                              • Excluded domains from analysis (whitelisted): crl.comodoca.com, ctldl.windowsupdate.com
                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                              Simulations

                                                                                                              Behavior and APIs

                                                                                                              TimeTypeDescription
                                                                                                              13:03:56AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run WIService C:\Program Files\Wildix\WIService\WIService.exe
                                                                                                              13:03:58Task SchedulerRun new task: WIService update checker path: C:\Program Files\Wildix\WIService\wiservice.exe s>--update

                                                                                                              Joe Sandbox View / Context

                                                                                                              IPs

                                                                                                              No context

                                                                                                              Domains

                                                                                                              No context

                                                                                                              ASNs

                                                                                                              No context

                                                                                                              JA3 Fingerprints

                                                                                                              No context

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):985392
                                                                                                              Entropy (8bit):5.550542405629574
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24576:hmPj0ZKH4lODcxSgo5Gn8WuMRIn+N3gN+zs5KPIVmkXiGzcJy3gt2LER6GvK9HwK:hmb0ZKH4lODcxSgo5Gn8WuMRIn+N3gNj
                                                                                                              MD5:F669B20C330254249CB110E19708F4F7
                                                                                                              SHA1:8DC3588BF18F9E5C72E214DA7BA79ACA4908D0D6
                                                                                                              SHA-256:184033CD4DC43E73A06345947A01BA7A83EAE72A3721DC0A4E20A9831DE3F898
                                                                                                              SHA-512:D64AC85C2F55DA13C8FE5AAD2F4700EFDD619E7ED7336E2CB58416B4506D4DD2000386EE11A5C899BFF9B147D1F9FE8706654D35018C8322E435F80EE061C436
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2.V...........!......... ........... ........@.. ....................... ......./....@.....................................K.......................0)........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):37168
                                                                                                              Entropy (8bit):6.392736842289952
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:GWw7k8otmBsHC+w4TEn4jo+qMzEeBoOR/VEPY+GQ4A4agQS6Lc7DQWgyxmYi/Tjk:LwJTwYB4E5n/xe5arDkTC8PpyiRF
                                                                                                              MD5:512F3F6B243FE82C741BF14261ACDB99
                                                                                                              SHA1:5241EF31980F6FBF7DDC248A932AFCA7851AC21A
                                                                                                              SHA-256:D3FB4CD4E99C07302880571C04D55942FEB323F892CA0758BF39A214FACC88F3
                                                                                                              SHA-512:4C1D9CDC2AFF1220A8FA42AAFEA5632E8D2A71C03E80B59E8FD6706ED83364553B269BCF94351E0F4D2DA3D0C46ADFF53BC7F8785A4C121CFE5AC335CBC26012
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..K...........!.....X..........nv... ........... .............................._.....@..................................v..O.......d............h..0)..........tu............................................... ............... ..H............text...tV... ...X.................. ..`.rsrc...d............Z..............@..@.reloc...............f..............@..B................Pv......H....... &..TO..................P .......................................2...B..5....vO{:R.G.._(P%+.....|cn.A..@.E.#.....w.....?o......."[......6...|..z...:,.L.......A..|.T^k.A....R-...N.......(/............o~...}......{....op...}....*..{....*v.{....ox.....o....u.........*2.{....ov...*2.{....ow...*2.{....ox...*6.{.....or...*6.{.....os...*6.{.....ot...*6.{.....ou...*2.{....on...*2.{....oe...*2.{....of...*2.{....oo...*2.{....ok...*2.{....oi...*2.{....oj...*2.{....om...

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):53552
                                                                                                              Entropy (8bit):6.185009091374916
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:q7vV5z3+6KTqUPtLnPDiQ0fWST41mocNAwkEGjhl2BOBaBnD/4xFsOKkTGyiRJw:8Vs6c3dKkTGyio
                                                                                                              MD5:6AE79ACCFFE1B283F3912211F7BC415B
                                                                                                              SHA1:72B9F7C854DE4DFB887E34FAE7BA391918652DEA
                                                                                                              SHA-256:646E6ECABC1EDAEE0AEF80087A1EA09DD960E0F531DB2E1E1478CA47812BC048
                                                                                                              SHA-512:34A809235FE46718C2A0394E2075ADC5F1340070D7165D0C9BC4DC1EC9BFA061A31D37E94B2C088027B83ADA2672C23BCF83127573421575DAC3AB644BE2B09C
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S..K...........!................~.... ........... ....................................@.................................0...K.......@...............0)........................................................... ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B................`.......H........#......................P ......................................oM.?~!...g.h+...$.w....6]...3.U.9.8.!..d)r<....wV...OE!..NB...W.....k..,....h...@.......K.\6.<......6.<d.Y.A`.S..J.Q?..*..((.......oI...}......{....t....}....*..{....*N.{....o*.....(+...*..{....*2.{....oB...*6.{.....oC...*2.{....oD...*6.{.....oE...*2.{....oF...*2.{....oG...*6.{.....o>...*6.{.....o?...*6.{.....o@...*6.{.....oA...*2.{....o:...*2.{....o;...*:.(6.....}....*..{....*..{....*6.{.....o...

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):483120
                                                                                                              Entropy (8bit):5.885150764081547
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:da9ps9y+hl8hyfItfqNWtkT4yzIDUCEheLQta3spminCi5W3EKjWFY4A7+BkvCZP:da9ps9y+hl8hyfItfqNWtkT4yzIDUCEv
                                                                                                              MD5:3FFCBBC48ECEF85F000BE1571894A314
                                                                                                              SHA1:E9EE40AC445C0BD4CD2DAC455C7C2EA590F15D7C
                                                                                                              SHA-256:CE9511F053E04E00D5C7EB41DC4B6116C3EC76703D2F8E5216CA66F5789BEE3C
                                                                                                              SHA-512:256C5624186DC12969709A3989667B8F1F2A7D1CAEE82DF17B6AC01015B46E0D88D73A9EE56083BE297AE8B3C3A9D39FF50EB8AA3DEDC5241FF7C81CAC74FF2C
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!................~L... ...`....@.. ..............................u.....@.................................(L..S....`...............6..0)........................................................... ............... ..H............text....,... ...................... ..`.rsrc........`.......0..............@..@.reloc...............4..............@..B................`L......H........^..(....................].......................................0..&...........{....9........{............o....**...0..&...........{....9........{............o....**...0..&...........{....9........{............o....**...0..6...........(........ ....}.........}.........}.........}....*...0............ ....."..... .... ...... .... n..... .... ...... .... P..... .... ...... .... (..... .... ...... .... D..... .... ...... .... D..... .... i..... .... ...... .... ...... .

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):702768
                                                                                                              Entropy (8bit):5.942507507591287
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:wf9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cHDj:uXNL2PVh6B+Bzjmcjj
                                                                                                              MD5:6F5A358C5671C7758465A2CAA4797D03
                                                                                                              SHA1:CCDBA787447BD22401228E08B17E73D95CEED22E
                                                                                                              SHA-256:80ED76321FF84B3FF06ABD60D431CE4EDEF424480A6B0A1AC28E7308A7095A24
                                                                                                              SHA-512:047E5AB0993A552E7AE07666D89BF3CABDDE8EF38F7A1317182403212D89A6B73B3A13F54DE1444D0D26AA27FD427AB4EC3E25773F219C2D1674C8959565C94E
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ...............................$....`.....................................O.......................0)..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........z..<&..................<.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{[....3...{Z......(....,...{Z...*..{\.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Office.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):420144
                                                                                                              Entropy (8bit):5.8566127281795115
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:To4vyP2a+zKZsxgkE0PTpFh/2f7rvmcyjlSjnqbp:To4vyP2a+zKZsDr52f7rvkp
                                                                                                              MD5:1097D8DEF9E3BD16B3D775AE4E12A36C
                                                                                                              SHA1:049BEB6B3CC2978AD3CC1D61631EAF25C1304BDC
                                                                                                              SHA-256:99B354D8051A9ABBA806B26D44D3046CAED06D234FEAB8D38BFA8CA185BD2EB1
                                                                                                              SHA-512:271D8C801EF6D81DA7282E8D97A516FBA4BB64E8B6ABCE990BB506FDBF54429762FBB743AA1CF09F5093D5E018EFB53C709D21B1B41F11E7D542FC4838108361
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....oAE...........!......... ......."... ...@....@.. ..............................^........................................!..W....@..L............@..0)...`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...L....@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):42800
                                                                                                              Entropy (8bit):6.289183757541825
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:3bd/GivDfRbUqX+pMA84UfYN7hzWrJ7HFjA7Avraq9E6ZAlJrKanrLCyaz/JllAZ:rx+pe4L10ajxHJl7u4WHjWPkToyiRHx
                                                                                                              MD5:EC08A81A39498767269F717B3E39C882
                                                                                                              SHA1:792346DEEEFF42DFE4F086090C1450DE01AEEF87
                                                                                                              SHA-256:DEBFEA0039B372385E5F7CADFCE05119417562F68D841DDF00FA4772EDDE472B
                                                                                                              SHA-512:B33C2BF9A5910F6A72B749E50CE67C35C35E6B36A58CD814BBB6B5A9720A8BB3BC2278D25D341F319107BB063C69BB0DA3DB756AF8667D265D72BA3203189110
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.P..........." ..0..t..........z.... ........... ...............................J....`.................................(...O.......L............~..0)..........p...8............................................ ............... ..H............text....s... ...t.................. ..`.rsrc...L............v..............@..@.reloc...............|..............@..B................\.......H.......|R..t?..........................................................0..Y........-.r...ps....z.-.r%..ps....z(....-.(....-...%-.&(-...+.(........sN.........s.......o....*..-.r...ps....z.-.rC..ps....z.(.......s......o....*.(<...*..s....}.....(......}......%-.&rW..ps....z}......}....*...0............o....(......{....o....,L ....s....s......{......o.....{..........(......o....o.....o.....:.,..(......{..........(.....{......o.....o.......,..(.....*.......@..\........o.........

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):17200
                                                                                                              Entropy (8bit):6.79924936197757
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:PrDJKl99Xk8jr8VypwKNsP6vThU3GmGovy8ZpHj8jaQ:Pr20tkT4yiRwR
                                                                                                              MD5:0EFE71C8C8DA2691BFA960E8EB7551A0
                                                                                                              SHA1:B2094C2D81E19A9D917666675E924394FDDF4626
                                                                                                              SHA-256:C994654DF38AE1CD8AE2629242717EFCFEE0B69EB5F4E36DB5405E5840EF8856
                                                                                                              SHA-512:449689BC93D8740038242AC8C2DCE332C82833DA32841816AD9A6B111B70AD7116F126DC59766BBBB59377EA3E9398452888ACC3075BB7EB5F31D6A4B14C72D9
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............^/... ...@....... ...............................J....`................................../..O....@..@...............0)...`......X...8............................................ ............... ..H............text...d.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................>/......H....... !.......................-.......................................0../........-.r...ps....z.-.r%..ps....z..s..........(....*..-.r...ps....z.-.rC..ps....z..s......o....*v.(......%-.&rC..ps....z}....*....0..+.......s......{......o.....o....(.......,..o.....*.......... ......BSJB............v4.0.30319......l...0...#~......\...#Strings........X...#US.P.......#GUID...`...X...#Blob...........W..........3........................................................................

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):36656
                                                                                                              Entropy (8bit):6.395961413955473
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:P2IVwX/kpnTXMcTWpHdD2JRrcfwcynkTCyiRw:lwXcpnTXMwWmJRXVnkTCyim
                                                                                                              MD5:56204AFED9C779829A1A2A60BDF4B06D
                                                                                                              SHA1:0682B73276B3CF39888A2595BC76A9CE51D1096E
                                                                                                              SHA-256:5F57A7AD4AD230217329D4F8FD608B421E0EB1A979D42A5200A5BF71293A9980
                                                                                                              SHA-512:B323E72216EFCE9EFAB76AB5780F1D68BAB0672F0FA2C6C1E1496D4968671EEF7D6AF11E12711074A637DF0B75046522525234CC268612AA61FA06D53157C412
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%>^..........." ..0..\...........{... ........... ....................................`.................................O{..O.......4............f..0)...........z..8............................................ ............... ..H............text....[... ...\.................. ..`.rsrc...4............^..............@..@.reloc...............d..............@..B.................{......H........8..XA.................. z.......................................0.."...................................(....*...0.. .................................(....*.0..O........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s...........................(....*..0..(..............s..........................(....*.0..?........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s...........(....*..0..8.......... ...s..........................................(....*.0..9........-.rM..ps....z.-

                                                                                                              C:\Program Files\Wildix\Outlook Integration\Serilog.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):130352
                                                                                                              Entropy (8bit):6.174667452059595
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:by8BcjSMkNtSR4rkA4Nqnv/BZ8OQNZMpWovqQk0h:ePSMkNtS6rzH7H+wkw
                                                                                                              MD5:4E06BC1C9AB0066FE1653292C372A50F
                                                                                                              SHA1:7E39344AD9813D3A5A463DC4670CFC9C0DFACE6E
                                                                                                              SHA-256:119961966326B123DDFE5C3F21A4DD86966FC5755A9CC37FDE3B9C50A80A2CDB
                                                                                                              SHA-512:8E0016968819CC04FE69B3807ACB8A3BC59A6771F921AA0CAC75205CB052F9D8B1ADA0CDEC5AEC9D04A9B230FA9A8E39D4EB438FBB8ED17E11225AC706482129
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T<..........." ..0.............:.... ........... .......................@.......7....`.....................................O.......................0)... ......X...8............................................ ............... ..H............text...@.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......x...`A............................................................{(...*..{)...*V.(*.....}(.....})...*...0..;........u......,/(+....{(....{(...o,...,.(-....{)....{)...o....*.*. .... )UU.Z(+....{(...o/...X )UU.Z(-....{)...o0...X*.0...........r...p......%..{(....................-.q.............-.&.+.......o1....%..{)....................-.q.............-.&.+.......o1....(2...*..{3...*..{4...*V.(*.....}3.....}4...*...0..;........u......,/(+....{3....{3...o,...,.(-....{4..

                                                                                                              C:\Program Files\Wildix\Outlook Integration\UC.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):461104
                                                                                                              Entropy (8bit):5.252656640961585
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:3w/0k3XAYWQuyOGiUpXWFgXFQIY0EH7+0BJmmDAvQNRplhxy6woW0nFTF9YvORIh:g8KXAy7qy6EOd3w
                                                                                                              MD5:79D7E4A090FE8985FC33199BE3A4DB08
                                                                                                              SHA1:F0609E5FDE08A5F1030737408F9864F88635E229
                                                                                                              SHA-256:945489CCB9456EBF0C12DB2F13DEA7637D78D203812B4F293BC569B57C08A93A
                                                                                                              SHA-512:FAE85698D2E8179125AD658778935A3388124D33A9437D09BFCF1619B9732C68F9B4EE6D1C9275A5001427A541D2534983EB12D0966F93196FC3ED5B5F9A19D7
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......mj..)...)...)....~~.(...)...(....~..(...Rich)...........PE..L...O.|c...........!......................................................................@.......................................... ..................0)..............p............................................................................rdata..P...........................@..@.rsrc........ ......................@..@....O.|c........E...............O.|c........................O.|c........l...............O.|c............................................RSDS^P..=L.E..wf'.......C:\design\wiservice\deploy\oi_release\UC.pdb........................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02............................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):297776
                                                                                                              Entropy (8bit):5.4855843663254555
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:Yi1Aj3zXHQ4WxeuoFlzeytxjQ9XA53HW15xqGODsKWUgCDrP+CbmE3k6vt:UHXnKKjQ9w53HW1fhAgCGCbmgky
                                                                                                              MD5:22A3F5674F8DBB3F5887581DB354708D
                                                                                                              SHA1:2639353F0133A3ABCD5DB358A91265D1B31D4E37
                                                                                                              SHA-256:17FBB039AEEF29EB860CB9E253422C8770DC329033EE1942AF994BA8786BA981
                                                                                                              SHA-512:D093FF8FC64D96FA079E11EB61C9A851CEF20D83B576CF7F31868D5EE8AD476A5FAD08EB8876D13B46D5FD524A01CDE791CA115CB3A1959B28FE380DEDAD59D8
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....|c.........." ..0..X...........v... ........... ..............................R.....`..................................v..O.......@............b..0)..........hu............................................... ............... ..H............text....V... ...X.................. ..`.rsrc...@............Z..............@..@.reloc...............`..............@..B.................v......H........M..4............................................................0...........(......(9...}....(....o ...o!...o".....r...%....o#....($.....s%...}.....{....r...p(...+('...o(....{.......{....(:...o)....{.... .....{....(:...o*....{.... .....{....(:...o+....{.....".{....(:...o,....{.....o-..."...A.s....o/....s%...}.....{....r7..p.........(0...o(....{.....2.{....(:...o)....{.... .....{....(:...o*....{.... .....{....(:...o+....{.......{....(:...o,....{.....o-..."..PA.s....o/

                                                                                                              C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dll.manifest

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (3755)
                                                                                                              Category:dropped
                                                                                                              Size (bytes):18476
                                                                                                              Entropy (8bit):5.397065848692913
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:2yw5tUebz1qEr5M5Q92rbYQujYSQxrjfTr+RLX8uy3i/yI72yWU89fTvkX6F:tw5tUebz1qEr5M5Q92fYQKYSQxrrWtMF
                                                                                                              MD5:A02FED591EF78DB745625FAF3EF406BB
                                                                                                              SHA1:35331F26506B1832CBDD3D336F83C56839B6358D
                                                                                                              SHA-256:329844D8BAAE1D4C585791198A3CAAAA299EE489BE4350BBA5883EC977AF48E8
                                                                                                              SHA-512:F30DAB421C48EBC477A54B84BC75EB1A5398C9FD40A308297AEDE20D0663F085AE93CFED5CB27F5A912508DBFCF15292C3D74728B4AC9996B728E925D0D9E76D
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>.<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">. <asmv1:assemblyIdentity name="WildixOutlookAddin.dll" version="1.0.0.0" publicKeyToken="ba03c384a1328835" language="neutral" processorArchitecture="msil" type="win32" />. <description xmlns="urn:schemas-microsoft-com:asm.v1">WildixOutlookAddin</description>. <application />. <entryPoint>. <co.v1:customHostSpecified />. </entryPoint>. <trustInfo>. <security>. <applicationRequestMinimum>. <PermissionSet Unrestricted="true" ID=

                                                                                                              C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.vsto

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (3784)
                                                                                                              Category:dropped
                                                                                                              Size (bytes):5593
                                                                                                              Entropy (8bit):5.810393629764666
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:0WLwO9Zc9SHnPk+7kV6F8YmOVDZalUEakF8YxzFodo9bBDA:fo+7h4Q7dEA
                                                                                                              MD5:F3D5C6F74B185A807815F8366DD11FA4
                                                                                                              SHA1:04072683620293354ECE85166FFCE26962B2A401
                                                                                                              SHA-256:80D1AC58F60E8292824B205C8B11A181FB8AC6C3E0D1D2C47921A14BA37149F6
                                                                                                              SHA-512:8942C32CE8DF38415750B81C05BCF7B4237BB38CC349FE6144A0C81C693651FAA7D8A25CE9B0D149A92915C01F82C2FEF29A1FB4644FA01909E1426FEF72DB67
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>.<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">. <assemblyIdentity name="WildixOutlookAddin.vsto" version="1.0.0.0" publicKeyToken="ba03c384a1328835" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />. <description asmv2:publisher="WildixOutlookAddin" asmv2:product="WildixOutlookAddin" xmlns="urn:schemas-microsoft-com:asm.v1" />. <deployment install="false" />. <compatibleFrameworks xmlns="urn:schemas-micro

                                                                                                              C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):17200
                                                                                                              Entropy (8bit):6.8020122939637275
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:EMs9ldT8jZ+e2pwKNsP6vTOC56b0VGmGovy8ZpH4s:EH9ldYjfTkTaEyiRR
                                                                                                              MD5:574E8DB307A8CD324BB8FA483C1E0CDE
                                                                                                              SHA1:408794DE58E1FD5C97CEC1807CB70128EB6BF784
                                                                                                              SHA-256:0F7330DE55998BE55DA37CA1ABA05C255EF741A5C332193C4A6177B53892A89A
                                                                                                              SHA-512:F908EBBFA60301CCE46AF6E7451D6E964C7083DA4BEC796C9D0565BE4A6BFE19C19EBF297A41C85120029B572721F7C44195E43701BA8EE187AE49A419C79883
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Zz..........." ..0..............1... ...@....... ...............................]....`..................................1..O....@..................0)...`.......0..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H........!..8.............................................................(....*..{....*"..}....*..(....*..(....*..(....*..{....*"..}....*..(....*..{....*"..}....*..(....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(......( ....r...p("....s....($.....(&...*.BSJB............v4.0.30319......l...P...#~..

                                                                                                              C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):655664
                                                                                                              Entropy (8bit):5.223686849848326
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:BDGMf4+qwS40kwvnNwzlbue9nUpEJY8KKjQ9w53HW1fV/OGKjQte5mHWC0nmkCW:BDGaqx47w/NvwtCKdU3KpH/BCW
                                                                                                              MD5:3F16EF4E86371AAD0B0A40170D0C9A40
                                                                                                              SHA1:FFBEEAD6CDF6A125049C8BD2C0ACF757577A0AD5
                                                                                                              SHA-256:33A469359AB892760148BA0081DB7E6A788EB4BD1764AC8FC665EFE233DC2A5B
                                                                                                              SHA-512:4A8B6CB89712563745727D5B2EAE4DAB1ACD50A27CF5AC69F8C59C1EF8E8AB4B267D8CE2A854AA9421ACA91C4C33DE93591D538A78A3A1E4742D77F07E788160
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....|c..............0..............:... ...@....@.. ....................... ............`.................................h:..O....@..................0)..........09............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc..............................@..B.................:......H........0..@.......H....... +...........................................0..H.........}......s'...}.....((...........s)...s*...}.....{.....o+....{....o,...*.0..........s.......}r...r...p(-....s....%.o/...(0....(1....o2......}s.....s'...}t....{r.......i.......s3....o4...&......%..{t....%..{..... ....(5...&.{s...,..{s...z*...0...........u....,Es.....r#..p(-....s6...%s7...o8...}u..........s+...(.......{u...(....*.u$...,<s....rW..p(-...%.t$...}v.........s+...(....(......s9...(...

                                                                                                              C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exe.config

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):146
                                                                                                              Entropy (8bit):4.983767070197417
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:vFWWMNHUz/cIMOodBQV7VKXRAmIRMNHjFHr0lUfEyhTRLe86AEDDQIMOov:TMV0kInV7VQ7VJdfEyFRLehAqDQIm
                                                                                                              MD5:05BD64DBD44CF1C95236670D3842562F
                                                                                                              SHA1:824B16AD66771809D9BB32001875AA3C372C7C9C
                                                                                                              SHA-256:40859DA4B6DE7510504DD13877345D92B4DF66EA09C6C4F4E72C7AE3610974AA
                                                                                                              SHA-512:85FD03363DCDEF8B2A45C74605E0009249ADCA8BEABE06CBB90F6B1B00761C02B6BEB02B8BBD3DDC6965E98CEA820D5023705584D5B7DA5CD2FA3CB9AAF66E9D
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:<?xml version="1.0"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1"/></startup></configuration>..

                                                                                                              C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):5319464
                                                                                                              Entropy (8bit):6.624309344595477
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:49152:rDTNbgZbsK5pM9TJFppvgKnkt21tgJEyacq0+W3Ua+zxn1OqK:vJbNFF/gV/17sOt
                                                                                                              MD5:F6662D11B70906CBB8181F0CDA7AF70C
                                                                                                              SHA1:8420DB4E552277FEC1E3C96D9C674AB96CCFFC8C
                                                                                                              SHA-256:FC0D9B95F7A20A6D2409560B64025547D4CA1F95EB40AC3DBA6A93C59C0A0546
                                                                                                              SHA-512:78469A9B1D6610BC39AE59B93A8D8512785DEB79F141A657DFFECEA26590910FA3F88193E96C557EA78FA87F2144482D941FCEE148204841A6A4F0E05AD005BF
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........V...V...V.......[.......k.......v..._.W.D...9..._...V..........[......W...RichV...........PE..L......`.................P...................`....@..........................P......3gQ...@.......................................... ................Q.0)...0......p...T...................h...........@............`..(............................text....N.......P.................. ..`.rdata.......`.......T..............@..@.data... ...........................@....rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):260912
                                                                                                              Entropy (8bit):5.833527593287059
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:xLixO6zz8t4OXDegbQy058MP2pZrCmrrDse0ecdfF7b2gqEiyDvSmqtNlVusC517:Kn8nDenoRXoJF3bqEiyzZ5m1FsgUvkq
                                                                                                              MD5:0E7A8B8816B0455898A184052544DEBC
                                                                                                              SHA1:FC9A0D7F4C2106B5C8C0A36AA5EA000FD21BF6E8
                                                                                                              SHA-256:24FA344ECE4912DB4F8AC4B3190C8A02E84F5D730B0761A4F9394F9EC257CC6F
                                                                                                              SHA-512:E7A1AFC5730F253550D76D25F8DD06E145CF4354C6C2371EBB254FEE17E23512A8C095C054B85BBF991AB8ECD682028BDB4CF018D3FC4CF983746160246142C8
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....xW...........!................~.... ........... .......................@......e.....@.................................,...O.......................0)... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................`.......H...........H...................P ...........................................)....[.W......Ok.I.....&.R..m.....I}.t...kf..b!.g....$..C....H..R.:,.L..0.3.....L.R#YP.....IL1.i(...A../G..%........0..9.........o.....j.......-...+ .s......(.............-..o........*............&.......0..q........s......o.....j.......-...+R..jo........s........ ....(......o......~......o.......jo...............-..o........*...........0^.......0..,.........(.......o......o.............-..o.

                                                                                                              C:\Program Files\Wildix\Outlook Integration\wildix-oi.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:MS Windows icon resource - 13 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):175221
                                                                                                              Entropy (8bit):3.6057445859805903
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:Fpznextut/yGjfT8nUa/XIHlbeA5yN6zHW156G6:vzeytxjQ9XA53HW15x6
                                                                                                              MD5:CE4C0FAC424ECDAFD490544CF10593B6
                                                                                                              SHA1:96B32682A928D5A9229B93586478A31E08B423F4
                                                                                                              SHA-256:A9BAE457E58D8BAB5FB10A3A6AE67D4453CECCECBE81C5AD066E86AAFD11A45A
                                                                                                              SHA-512:0F1BBF2C115CB9128594647FB9138B876E896B01CC86237EB00A695E38671955D718C4F9A712B4C0DD6CD40C99ABBC00B0442E5B192562B622EB3B9A660B228F
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:......00.............. ..........~...........h...&......... ..J............ .(....h..``.... .....Ep..@@.... .(B......00.... ..%...G..((.... .h....l.. .... .....%......... .............. .....U......... .h.......(...0...`...................................K...]8..d;..f>..^4!.g@..jD..nH!.rM'.sO*.vR-.pN>.yV2.{X5.|Z6.~\9..^<..Q...V...\...Y...]...^...b...a...e...e...i...h...l...g...j...j...m...f...i...n...n...n...o...u...q...s...u...q...t...u...x...r...t...v...q...u...y...x...|...{...~...}...w...x...y...}.......y...x#..a@..fF..iJ..oP..pR..sV..vX..z^..~c.................!..!..+..+..,.....1..6..3..5..=..7...9..=...g...j...m...l...r...w...|..D..K..I..L..L..@..I..O..T.._..p..u..v......................................................p[...t...................1...Q...q.................../...P"..p0...>...M...[...i...y....1...Q...q..................../...P...p.................... ...>1..\Q..zq...................../...P...p.!...+...6...@...I...Z..1p..Q

                                                                                                              C:\Program Files\Wildix\WIService\UninstallWIService.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                              Category:dropped
                                                                                                              Size (bytes):158960
                                                                                                              Entropy (8bit):7.07208789237512
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:8omnzVincQDKgc27G1GFkTvQnKKjRCCDgqqAuKF5s34FY7nk8O:8tZqi1GF9n6fqjup34Kjk3
                                                                                                              MD5:649ECEE52923712B53DAB4107860D891
                                                                                                              SHA1:3FAF02659C3BE5D3B0AE5BB2FA0239145CFE00A4
                                                                                                              SHA-256:011DB7DC135BFABD8713915D36BB66839975B9A467E8E8F72071748A2FCC63BD
                                                                                                              SHA-512:E7ADC635185FC17E5390E1FD53A683360422B9F563A05D12519A31FDCB9CC3EC6B3346A6C5AF6632842440EE340BA110920FBA9E7BC7E1E76A2571DE6AC09DCE
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..F..F..F.*....F..G.w.F.*....F..v..F...@..F.Rich.F.........PE..L......].................d...|......k2............@..................................h....@.................................<........................C..0)...........................................................................................text....b.......d.................. ..`.rdata..J............h..............@..@.data....U...........|..............@....ndata...................................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):3430
                                                                                                              Entropy (8bit):3.577875788113156
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:yei1q97/qlLaq4i77cMUF39Qg9c9V9Lvara+iaiusupRCRf9ufAuRa7T5XhPsV8n:t2ll4i77h4iGdiaipV9ll7dhFF6+
                                                                                                              MD5:9E02EAF2592DE18E8058FD254C89FAD5
                                                                                                              SHA1:EB5FCE36FC938929D27348CA9B0040CFED0FF8B4
                                                                                                              SHA-256:870D3C739BEB158446DEEED2B5C92854C2726A92B3294F0C07C52AE65CD51ED1
                                                                                                              SHA-512:5C82E7D21BA6D828EED7BF9F313C864AB59DE695DF4B62D31DD2CCB838B60E65C7EEAB56606CBBBE8FBB11A4D70ED42D1D10F3EA9834B5203BBD5B6067648226
                                                                                                              Malicious:true
                                                                                                              Reputation:unknown
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.T.a.s.k. .v.e.r.s.i.o.n.=.".1...2.". .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s./.2.0.0.4./.0.2./.m.i.t./.t.a.s.k.".>..... . .<.R.e.g.i.s.t.r.a.t.i.o.n.I.n.f.o.>..... . . . .<.D.a.t.e.>.2.0.2.0.-.1.1.-.0.4.T.1.1.:.5.9.:.4.6.<./.D.a.t.e.>..... . . . .<.A.u.t.h.o.r.>.W.i.l.d.i.x. .s...r...l...<./.A.u.t.h.o.r.>..... . . . .<.U.R.I.>.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e. .u.p.d.a.t.e. .c.h.e.c.k.e.r.<./.U.R.I.>..... . .<./.R.e.g.i.s.t.r.a.t.i.o.n.I.n.f.o.>..... . .<.T.r.i.g.g.e.r.s.>..... . . . .<.C.a.l.e.n.d.a.r.T.r.i.g.g.e.r.>..... . . . . . .<.S.t.a.r.t.B.o.u.n.d.a.r.y.>.2.0.2.0.-.1.1.-.0.4.T.0.1.:.0.0.:.0.0.<./.S.t.a.r.t.B.o.u.n.d.a.r.y.>..... . . . . . .<.E.n.a.b.l.e.d.>.t.r.u.e.<./.E.n.a.b.l.e.d.>..... . . . . . .<.R.a.n.d.o.m.D.e.l.a.y.>.P.T.5.H.<./.R.a.n.d.o.m.D.e.l.a.y.>..... . . . . . .<.S.c.h.e.d.u.l.e.B.y.D.a.y.>..... . . . . . . . .<.D.a.y.s.I.n.t.e.r.

                                                                                                              C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDL

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):23812
                                                                                                              Entropy (8bit):5.102231290969022
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                              MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                              SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                              SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                              SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                              C:\Program Files\Wildix\WIService\fax\STDNAMES.GPD

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14362
                                                                                                              Entropy (8bit):4.18034476253744
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                              MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                              SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                              SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                              SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                              C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDL

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):59116
                                                                                                              Entropy (8bit):5.051886370413466
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                              MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                              SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                              SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                              SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                              C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDL

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2278
                                                                                                              Entropy (8bit):4.581866117244519
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                              MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                              SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                              SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                              SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                              C:\Program Files\Wildix\WIService\fax\UNIDRV.DLL

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):531760
                                                                                                              Entropy (8bit):6.367894640776266
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:GTIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzIGH:GUJ/Cq2IT/PiP4dapV7LDU+
                                                                                                              MD5:FD8F8764FF7C181B9C4F125C7866E186
                                                                                                              SHA1:A95845BD24863735A63C2BD4EEBD07B24001046B
                                                                                                              SHA-256:B2124E894640CE7F440B2DC2CD4B095BDC1213806FA37BDB13068650654395B8
                                                                                                              SHA-512:AACD85BC9889A3AF116640A1F06F3D85F9844CFDBECC5F29364568B7DBA0F6BC96B7CC42FC4EF10E78AFEB9B44B38ED1F038E337D1F638C31CCF9EE4BF4B4846
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0.......$....`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\fax\UNIDRV.HLP

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:MS Windows 3.1 help, Tue Apr 17 13:11:56 2001, 21225 bytes
                                                                                                              Category:dropped
                                                                                                              Size (bytes):21225
                                                                                                              Entropy (8bit):3.9923245636306675
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:g8qo9MqLEGX9WkaNWvbAsmrEGckkwy95/HLQdu:g8rMqLwkW8AsqEHkkwy7N
                                                                                                              MD5:6798F64959C913673BD66CD4E47F4A65
                                                                                                              SHA1:C50FAA64C8267AC7106401E69DA5C15FC3F2034C
                                                                                                              SHA-256:0C02B226BE4E7397F8C98799E58B0A512515E462CCDAAC04EDC10E3E1091C011
                                                                                                              SHA-512:8D208306B6D0F892A2F16F8070A89D8EDB968589896CB70CF46F43BF4BEFB7C4CA6A278C35FE8A2685CC784505EFB77C32B0AABF80D13BCC0D10A39AE8AFB55A
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:?_...........R..r...i.....(),.aabo.utadvanc.edAllows.andareas.assigned.availabl.ebebookl.etc-.hang.e..racter@Clickc. o.de..sColo.rc.0..scon.taindefa.ultdepth.directlyi.0or..sh..PD.isplaysd.ocument.P.sdraftse.n, ex..nal.featuref.ilesfl.....PrFor..m..-.to-trayf.romgraph$ic.@sh@.to.neH.@dhig.herIfima.gesininE..atio..sta.ll.@..itLe.t..Listsl.o..*.nualm.em..meta..2mS.tM!...enhoto..Oy.w.o.per\.ngop.timizh ...@.nsor..p.......spa3.Pri.ntp.0..ed.0..0er.@-spe.cific.@s1 .m.q..ityQ.0.relaB.RET.k.ghseese.l..edsets.oftSomes0ourc}.P ed.S.@sb.'.poo...gsuchsu.pporttak.est..tha...eT..'.oTo...TrueType...l.usevie@wWhenw. e.1.rw..hwil.lyouyour.;bynewof.fs/...&....;)....z4..............................N.......|CF0.lR..|CF1..R..|CF2..R..|CF4..R..|CF5..R..|CONTEXT..)..|CTXOMAP.. ..|FONT.. ..|Petra..2..|PhrImage.....|PhrIndex.....|SYSTEM.2...|TOPIC.....|TTLBTREE..!..|TopicId.=J.......................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLL

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):919344
                                                                                                              Entropy (8bit):5.989957262549423
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:1H0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+MU:17Hdv3DyfhP2QgYPwo3ArgU
                                                                                                              MD5:109D6635D97BD3755BBC17A39FA2A00E
                                                                                                              SHA1:A1BA018129134A5B7889CCBB9F822DF97F142C81
                                                                                                              SHA-256:EF69FD07E02C7D8CB3ECF31836440264E0D81C22753D1666B7818D9EC46FD060
                                                                                                              SHA-512:EF99293116CC75749BF136F50EA8410ACC4474FAE354C66D17A884EC6519319B9BCD05F14AFE4CE66E1DB1419149355E413E0795EE440E3B9FC6575E18381024
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ .......J....`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\fax\UNIRES.DLL

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):856368
                                                                                                              Entropy (8bit):5.595352052416589
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:79aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhZ:5aBEGbL4Np84TQazCSiRhZ
                                                                                                              MD5:E53389EF9A73C1B212A8D0C202E561BD
                                                                                                              SHA1:0F84190B8FF18D07490E38FC46567F81D66D32D7
                                                                                                              SHA-256:88F7FCF7C2EE6DC91A689F689C24214D9D6371E593B609E85B2117D46055C77E
                                                                                                              SHA-512:956598397F95DD1CC84E27A4DBE09F8C8D35F3FE6EE3FF333AFE94A700385D47A4439D45599035B7EF0646ACBCEA660CB7B96452D9524C331AAB97CFD1D6C7A4
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." .................................................................*....`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                              C:\Program Files\Wildix\WIService\fax\imgprint.gpd

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):7996
                                                                                                              Entropy (8bit):5.128824009655858
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                              MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                              SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                              SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                              SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                              C:\Program Files\Wildix\WIService\fax\wfaxport.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):357680
                                                                                                              Entropy (8bit):6.335690120350878
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:oVCKF+tmU+nEcmcW3Ke3+Lr+3fqKqfn4v4VC6n8VfcYkQ:zPDcW3R3Mq3ET8huQ
                                                                                                              MD5:D42FAA306B39E5B1F2980958FFC6A908
                                                                                                              SHA1:388B4A883610937D35090969DF2C5A2194767740
                                                                                                              SHA-256:F202C94086527E8F077C23A3079CD951511E89ACB95B1E6360D948066336D63B
                                                                                                              SHA-512:90477DE265E5019DA97EF711D5CC14B888D08E8848125F5F2DDD095797E6BE6622CC4A1787FCA0542096F4BA5CEEB9B630111AC37AD72627B3F0EAC43305407B
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........^N~.? -.? -.? -.G.-.? -_N%,.? -.J$,.? -.J#,.? -.J%,.? -.J!,.? -.T$,.? -.T&,.? -.T!,.? -.?!-.> -&J%,.? -%J$,.? -%J%,.? -%J ,.? -%J.-.? -%J",.? -Rich.? -........................PE..d.....|c.........." .................e..............................................m.....`.............................................p......|....p..p....0...8...L..0)......x...t...T.......................(.......8............................................text............................... ..`.rdata..R'.......(..................@..@.data....D.......<..................@....pdata...8...0...:..................@..@.rsrc...p....p.......@..............@..@.reloc..x............D..............@..B................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtBase0x5642.dfu

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):306068
                                                                                                              Entropy (8bit):6.142744579594501
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:UgwRUnZJgqtQ4pVbo2Vpm0Uf0iTVemM7EV5bg9B7092m9k4bG36F8IhJK/:VzZD0X15NuI29B709O446iIC/
                                                                                                              MD5:4D653E2BE456AFB979BEFF9FE2A26669
                                                                                                              SHA1:F1FD636F7BECC64A21F7FB9DDD2A32ABE1D43899
                                                                                                              SHA-256:4C0CFB74E6A67DEB2D8F8AE035CFAAF77D5D9317C9EF5937A9B8F5EBC9E65C8C
                                                                                                              SHA-512:6ADF70916CEB9942F9554A8176444CC6ECD43A63248C1C0225C29608D189765699BC91350017741EFF280B160D30171140D1E59DD6ED166351B02D606D9D39FF
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:CSR-dfu2........signed stack+app ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................2C...........................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtHeadset0x5642.dfu

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):891182
                                                                                                              Entropy (8bit):6.411281805519251
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24576:Qr1E+JMycGniyGAdpK0I7LxcKixm76NHu7:QrrJMy0xJ76No
                                                                                                              MD5:D10B5335C00810B5FFA708831C784B2F
                                                                                                              SHA1:8F2414F23E998D59EC9E8AEAD39423FB79748B5C
                                                                                                              SHA-256:4697C9DEA70D0B5AC4212F55E305C1C0A30BAD05DB88B2E30D5DD7480BA8F984
                                                                                                              SHA-512:1728BD1AF1777C7F99797A07303C2B2D4E03113383418DAC40820DB69E17E3481CD8A72D83FC8674F63C6AF86459CBA3EA52D9FF75DEE50C9FC18064649367F1
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:CSR-dfu2........signed stack+app ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................2G...N...0...................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):71984
                                                                                                              Entropy (8bit):5.533620998311782
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:v8rk/UsobMzpgZtkh8jZvCwjSa5BOgUVpj1MwolkTuFyiRNa:vm17Ztk6tdWavOgwfMwolkT6yim
                                                                                                              MD5:CA019F98278672B47A8B5109C2F5810D
                                                                                                              SHA1:77F12C0ADA4029903F8EBAE9EBB59F135BE3EFE4
                                                                                                              SHA-256:15DA9607F195F43F8644B72C54BF81E697FF69FDA254EAAB5F54D2F8618D7F19
                                                                                                              SHA-512:0E48291099E118F5EF6DB490D360B92975F4118873DAEEF89A6C6A9614AD5EFC2EC982C2D72F4FE5281B490984584AA3E9361BE56354692DD2BD9C707E196160
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........G...&...&...&......&......&......&...^;..&...&...&......&......&......&......&......&......&..Rich.&..........PE..L.....kQ...........!.....P...........Q.......`......................................z...................................;...pu..x.......d<..............0)..........................................0k..@............`...............................text....M.......P.................. ..`.rdata...%...`...0...`..............@..@.data...(...........................@....rsrc...d<.......@..................@..@.reloc..2...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):24368
                                                                                                              Entropy (8bit):6.897697414157765
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:F47QrEnds+4wmIm0SRAMTJs65jaRpwKNsP6vTvAw2hYrGmGovy8ZpHxZ:FjEds+4wmIm0eAkfkT+4yiRj
                                                                                                              MD5:75054B2FE6C28D1C5F493BCBE3E945EF
                                                                                                              SHA1:6E446580F4FAFF6CCD891D8394904BAB20DF652F
                                                                                                              SHA-256:A909F17705B91FCD9A79FF5DFEEBEBF7C5087E214A7E4D2920B5BDE6EAFF48A9
                                                                                                              SHA-512:787F1C051BD44F8DA94FB67C411077C24578C1146D31E6B8D6D6C248323D98B3AAC62B80EDC3961A47DE7223FB529C8DC3147AD1BD502FE5CF2EBCB170D05943
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P......]...]...]3$.]...]3$.]...]..]...]3$.]...]...]I..]3$.]...]3$.]...]3$.]...]3$.]...]Rich...]........PE..L.....kQ.....................................0....@..........................p...............................................6..d....`...............6..0)..........................................85..@............0..0............................text............................... ..`.rdata.......0......................@..@.data........P......................@....rsrc........`.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):489776
                                                                                                              Entropy (8bit):6.081789325534871
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:D6KTZsHDwx0TCAQpFTfnPyFVrCqq/KrnahQ+Nnq0B/aNOjMQpynTkD+:RsHDG0TM6sKGhQ2nq0iQPD+
                                                                                                              MD5:4163D15279D0582AAE8D984FFB45B09A
                                                                                                              SHA1:5642BCA61CA24FE66FECB5CD45BD8CEA3345D5B9
                                                                                                              SHA-256:0A150846A56EB684D356F6FC8DD1D4F9DC7A117B9817F63B506E03842E176458
                                                                                                              SHA-512:8AA8D6C2AF3252BC832DF801E12A8FD384A5A18764E06C0F50F5DAB39BC31F355990EAA4A9123FE9A64A42913D95C235BAEE0A79EDE893B21B21EEA8460E37F7
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-9/.iXA.iXA.iXA..W..mXA.iX@..XA.N.:.lXA...?.hXA.N.<.hXA.N.,.fXA.N./..XA.N.;.hXA.N.=.hXA.N.9.hXA.RichiXA.........PE..L...I..M...........!.........@......DT............L|................................n.....@.............................c ..d...d....................P..0).............................................@...............................H............text....x.......................... ..`.rdata..cX.......`..................@..@.data............ ..................@....rsrc...............................@..@.reloc..N$.......0... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):559408
                                                                                                              Entropy (8bit):6.450110743059533
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:UZY4lOHMwLwXBt+iaKst/Ua/hUgiW6QR7t5j3Ooc8NHkC2eWeFU:UZY4lOHMM8wifstjj3Ooc8NHkC2e1FU
                                                                                                              MD5:44C00F10695DCE37B0C9F1FC3D52A846
                                                                                                              SHA1:EACD49EE07C98056BC40FA3B38BC8B110BEEBDCA
                                                                                                              SHA-256:3355A92255D18968091A949C5140E2E886B57568683526B45DC7E79532887613
                                                                                                              SHA-512:DC3E66090644BB622DA56B2984A1482C89821B7E2F842E908F62BC88FF3A97F50B9BC132265E8E5216A03794E942E503A8266A02038DED2A6B9F858C61CD28DB
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............y..y..y..fv..y..y..#y.....y..2...y.....y.....y......y.....y.....y.....y..Rich.y..........PE..L...l..M...........!.....@... ...............P....B|.........................p......Pa....@.............................L...T...<....................`..0)... ..H2...S..............................Pe..@............P.. ............................text...V>.......@.................. ..`.rdata......P.......P..............@..@.data...l&....... ..................@....rsrc...............................@..@.reloc..NA... ...P..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):637232
                                                                                                              Entropy (8bit):6.867016686229303
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:nxzh9hH5RVKTp0G+vphr46CIFt0yZmGyYGWihK:nph9hHzVKOpRFHmGyYRi8
                                                                                                              MD5:AD6FC17CA927B04C08FB07FD853AB3B4
                                                                                                              SHA1:93D331740E4D0F34C102679816175BD4BC29F027
                                                                                                              SHA-256:1F04378A078678204A8CEFD830F03E48B9469D2D3D3182BCDC7FB87ED45A63CB
                                                                                                              SHA-512:3C1FCC00A9328FF11318EB69D0D7BC33A86B4F67F4A4EFCDAD5066891196D69E0E53881658B3CF16EA57CB7AB888EA50CBCB647A2127283176108FEA05979F1D
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L.........@................!......;.............d.......................Rich...................PE..L......M...........!.....0...p......+#.......@.....x................................2.....@..........................q...~..Pc..<....`..................0)...p..P3...B...............................F..@............@...............................text....'.......0.................. ..`.rdata......@.......@..............@..@.data...Li.......P..................@....rsrc........`.......@..............@..@.reloc...7...p...@...P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):701232
                                                                                                              Entropy (8bit):6.834556330937822
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:Kh1wtmDyLuDTFn3nLjTwDFbT82hs8mVY/P3WaNi6nS4zAEgMWPznF9SHanvlJ:k1wtmDyLghn3nLjYFbIv8d/fs6S4zA/5
                                                                                                              MD5:69C11383B75918D25F1AADC24436133F
                                                                                                              SHA1:98DA8B221F713312813C4CF10A5DB5F47598F277
                                                                                                              SHA-256:3FD38CB07B9B656CF917936B9453895E4CD0215A132F173A0D2EFD6D2A71CF3D
                                                                                                              SHA-512:12590039CABE1E1FA83597CC9E5138260E17431B6926CFD011C908492ACC771B9C1A77FC4A741F6FF7165DA6BC8EAEB447E6F23232A630EC1328CE466F17EB2C
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........gR.......................W.............#.............u.................Rich............PE..L..."..N...........!................r..............o.................................\....@.........................H ...t...........p..................0).......2..X...8...........................p...@...x........................................text............................... ..`.data....h.......d..................@....rsrc........p.......R..............@..@.reloc...2.......4...V..............@..Bb..N.......N....a..N....a..N$...b..NH...a..Ni...b..N....a..N....a..N....b..N.......N....b..N....b..N=...b..Ne...b..N....b..N....b..N....b..N....a..N#......N....b..NM......N....b..Np...a..N.......N....b..N....a..N.......N............KERNELBASE.dll.ntdll.dll.API-MS-Win-Core-Console-L1-1-0.dll.API-MS-Win-Core-DateTime-L1-1-0.dll.API-MS-Win-Core-Debug-L1-1-0.dll.API-MS-

                                                                                                              C:\Program Files\Wildix\WIService\proxyex.lnk

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Tue Nov 22 10:48:36 2022, mtime=Thu Dec 8 11:04:30 2022, atime=Tue Nov 22 10:48:36 2022, length=14791984, window=hide
                                                                                                              Category:dropped
                                                                                                              Size (bytes):928
                                                                                                              Entropy (8bit):4.629091268147739
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:8SEtl6C0YXWhPoKwdpF44D67IEeKTdy3wp/jAlT53lPDRbbdpo8VUmnREWjZeuEl:8Sc/d/6ndYYAlnBdnnpZeOZeMBm
                                                                                                              MD5:C776525C98782E6440C39B5E84DEAF0E
                                                                                                              SHA1:32D859ECF58FF458B80AC55D6BC921B425077816
                                                                                                              SHA-256:B942EE06E0FDCA51E46784C1E81B7125CC8F4AE0A707599889AFC042E3620DE9
                                                                                                              SHA-512:B7F8356BFDA5B4231FA6FCC8589B555D5101F172690B2A09B32233D63C021613212DE0F2DE7D571B04FC4597A9DDABA838D8558CCEAB8114E1DCCCDBEB54EA3A
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:L..................F.... .....Zh.....X:......Zh...0............................P.O. .:i.....+00.../C:\.....................1......UY`..PROGRA~1..t......L..UY`....E...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1......U.`..Wildix..>......UY`.U.`..............................W.i.l.d.i.x.....\.1......U|`..WISERV~1..D......UY`.U|`............................M.W.I.S.e.r.v.i.c.e.....h.2.0...vU.^ .WISERV~1.EXE..L......vU.^.U]`..............................w.i.s.e.r.v.i.c.e...e.x.e.......^...............-.......]..................C:\Program Files\Wildix\WIService\wiservice.exe......\.w.i.s.e.r.v.i.c.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e...-.-.p.r.o.x.y.e.x.`.......X.......141700...........!a..%.H.VZAj....3r.h............!a..%.H.VZAj....3r.h...........E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............

                                                                                                              C:\Program Files\Wildix\WIService\resources\cdr.db

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3027002, page size 1024, file counter 3239, database pages 1083, cookie 0x1c0, schema 4, UTF-8, version-valid-for 3239
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1108992
                                                                                                              Entropy (8bit):6.239420122827104
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:s012KYTfqBoW+X3wUfJ0HORmsi18vFZrutsPdBx5G59IdYb6Vb38sZOOdFkUtetp:STSoW+68Wkdl3CcbsROdF2w8dfvqJY/
                                                                                                              MD5:D4604E2E0D76A101BECAE84ECD1EF720
                                                                                                              SHA1:27843D4C2FCF94BBDFDC9CF4057E25F523665D24
                                                                                                              SHA-256:76D199BBE65D4DBBDD614C0336D2C1164E3221B7C10FCA840901152CC5C79B42
                                                                                                              SHA-512:925CB8D08A4FD7815882BE21AC908B21099309F2EE41A47AF86954F4412E1949E4E65B0CAB1453C98F9EDAF92A7001949C5134275EEF0B9AA6D73E3E825DAF83
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:SQLite format 3......@ .......;..................................................................0:...........9...............................................................................................................n...%%...tableEVENTS_STATSEVENTS_STATS.CREATE TABLE EVENTS_STATS (...ID INTEGER NOT NULL,...DAY INTEGER NOT NULL,...DATE DATE NOT NULL,...MIN_ID INTEGER NOT NULL,...MAX_ID INTEGER NOT NULL,...COMPLETE TINYINT NOT NULL,...PRIMARY KEY (ID)..).f...++...tableCOUNTRIES_AREASCOUNTRIES_AREAS.CREATE TABLE COUNTRIES_AREAS (...ID INTEGER NOT NULL,...COUNTRY_ID SMALLINT NOT NULL,...NAME VARCHAR(255) NOT NULL,...NUMBER VARCHAR(255) NOT NULL,...LENGTH TINYINT,...PRIMARY KEY (ID)..)."........tableCOUNTRIESCOUNTRIES.CREATE TABLE COUNTRIES (...ID INTEGER NOT NULL,...NAME VARCHAR(255) NOT NULL,...NUMBER VARCHAR(255) NOT NULL,...PRIMARY KEY (ID)..). ........tableCLASSESCLASSES.CREATE TABLE CLASSES (...ID INTEGER NOT NULL,...NAME VARCHAR(255) NOT NULL,...NAME_LOWER VARC...D;...87...+,.

                                                                                                              C:\Program Files\Wildix\WIService\wildix.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:MS Windows icon resource - 13 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):99667
                                                                                                              Entropy (8bit):6.776502745804188
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:RcfWrQG1GFkTvQnKKjRCFpgqmKN5+x3pJY:ufct1GF9n6FKqmrx3pi
                                                                                                              MD5:8F898251C85EE83FE4CEF753AD127FEE
                                                                                                              SHA1:965419910C1929CF695C530456950616B85596C5
                                                                                                              SHA-256:31DEE18EA1C5E7723DB0C13C630517963E79930474B275322A0CDE686C5953B5
                                                                                                              SHA-512:4397158E3EBA45B7CD27E931F353D72042B154416036874824CC1469FA9D533C4E67B7ED81A0A9EDB480F667A9716AE999D54B3F36EA1375344BB0E944AC8102
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:...... ......................(.......00.............. ......................h...6......... .-....!..@@.... .(B......00.... ..%......((.... .h....E.. .... ......`........ ......p........ .....3z........ .h......(... ...@...........................................................................................................................................................................`....o...................o...l..........lo....................o..........................................h....h....................................o...o...........o...............o...............o...........................o..........................l.......................`...............o.....h....|.....................................o..........................`......................h................h.................|g......................?...................................................................................................?............(....... .................................

                                                                                                              C:\Program Files\Wildix\WIService\wiservice.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14791984
                                                                                                              Entropy (8bit):6.674413304708405
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:196608:7EiLijFt+7kVFR0sB9/glCEwqA383xcu7rgxdTn5LH:7cT+6F/glCEwob7OnVH
                                                                                                              MD5:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              SHA1:D8E2ABDDE81B050261A9635B52D9E3288E4EA43E
                                                                                                              SHA-256:4BBE3EFA982ADDC1066745441C1C31B62993836C843C7E0AF6712DE9858DE2DC
                                                                                                              SHA-512:0033AA07CF96D52F80120553EA4EC93C6D6061717DB173FC921D8E20E0854A75B7455815AFA1E6CF4BD310B98165D59A91F5C98A1E992F1462FC16C0EDE3B160
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........@..........................*.......-....R.+......+....../......*....../...../...........+.*.....(.*....(.+.....+.+.....(.'.w...(..........(.,....Rich...........................PE..d.....|c.........."...........J.....`H.........@.....................................e....`..................................................u..p....0..h....p..........0)........... ..p....................#..(...P!..8............ ...$...........................text............................... ..`.rdata....4.. ....4.................@..@.data....R.......B..................@....pdata.......p.......>..............@..@.rsrc...h....0......................@..@.reloc..............................@..B........................................................................................................................................................................

                                                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnk

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Nov 22 10:48:46 2022, mtime=Thu Dec 8 11:03:55 2022, atime=Tue Nov 22 10:48:46 2022, length=158960, window=hide
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1955
                                                                                                              Entropy (8bit):3.4277230035394726
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:8OdTH5IGm1ERshdahidVdahB2dahVORu:8sH5IGm1dGhThBXhVOR
                                                                                                              MD5:144232D98EED6D38848DF6438453A0A5
                                                                                                              SHA1:4BB00847FFA5DA8A64D6514A6C52FEECBEA133EC
                                                                                                              SHA-256:A948F3712F4F45CCC013E233518B7B3D9067D3EB881853DB9C5397D47E7043A2
                                                                                                              SHA-512:B44C9FC73478F0297E2C54CB030628904390136048011A59EFD0B748DB396B7EDF2E279DECDFAF3F4074F1A24BD48D82867D6DD6DCFB3BCCE644DE8FD27C85F7
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:L..................F.@.. ......`h...7.k%.......`h....l...........................P.O. .:i.....+00.../C:\.....................1......UY`..PROGRA~1..t......L..UY`....E...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1......Up`..Wildix..>......UY`.Uq`............................w.W.i.l.d.i.x.....\.1......U|`..WISERV~1..D......UY`.U|`............................M.W.I.S.e.r.v.i.c.e.....z.2..l..vU.^ .UNINST~1.EXE..^......vU.^.U|`....^.........................U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e.......g...............-.......f..................C:\Program Files\Wildix\WIService\UninstallWIService.exe..J.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.8.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e...

                                                                                                              C:\ProgramData\Wildix\WIService\dissettings.json

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):56
                                                                                                              Entropy (8bit):4.355851127144314
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                                                              MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                                                              SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                                                              SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                                                              SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                                                              C:\ProgramData\Wildix\WIService\dissettings.json.backup

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):56
                                                                                                              Entropy (8bit):4.355851127144314
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                                                              MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                                                              SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                                                              SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                                                              SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                                                              C:\ProgramData\Wildix\WIService\updater.txt

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1118
                                                                                                              Entropy (8bit):4.857823067050348
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:6+5t0Ge+NuNxDYUyWyNuNxTYDNuNxLxGYnZuEt8nxNp6JGWgCn9OXOn38UW:b0tApWgTDx
                                                                                                              MD5:50CC194838E173E51D2C454701E4CB30
                                                                                                              SHA1:1BC0A2033E0794C128AE096ED3D4EC119996D08B
                                                                                                              SHA-256:393421F8C3C7FAE348B7ED0A7B8EAC298ECD8F554090362B50A66A3CDD328391
                                                                                                              SHA-512:6574DFF71251488750B6BAE20B7E8C118319E002381B99476FCEFCED37EA6747EF65B35574ED798BA2146C806CD28F880808586B7D15F82218A97EA183571A4E
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:08/12/2022 13:04:06.546684|00001|info |Updater.cpp:31 (Updater) Starting updater... Update dir: C:\Program Files\Wildix\updates..08/12/2022 13:04:06.546684|00001|info |Updater.cpp:112 (Updater) Checking update data https://files.wildix.com/integrations/integrations.json..08/12/2022 13:04:07.484193|00001|info |Updater.cpp:112 (Updater) Checking update data https://files.wildix.com/integrations/applications.json..08/12/2022 13:04:08.046701|00001|info |Updater.cpp:112 (Updater) Checking update data https://files.wildix.com/integrations/x-beesNativeApp.json..08/12/2022 13:04:08.484202|00001|info |Updater.cpp:40 (Updater) Checking is update available. isAutoUpdateAllowed=false..08/12/2022 13:04:08.484202|00001|info |WisUpdate.cpp:74 (Updater) Wiservice installed version: 3.11.3, available version: 3.11.3..08/12/2022 13:04:08.484202|00001|info |Updater.cpp:45 (Updater) The

                                                                                                              C:\ProgramData\Wildix\WIService\wwdsettings.json

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):56
                                                                                                              Entropy (8bit):4.355851127144314
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                                                              MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                                                              SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                                                              SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                                                              SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                                                              C:\ProgramData\Wildix\WIService\wwdsettings.json.backup

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):56
                                                                                                              Entropy (8bit):4.355851127144314
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                                                              MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                                                              SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                                                              SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                                                              SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RegAsm.exe.log

                                                                                                              Download File
                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):42
                                                                                                              Entropy (8bit):4.0050635535766075
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                                                              MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                                                              SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                                                              SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                                                              SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                                                              C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\System.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):11776
                                                                                                              Entropy (8bit):5.854901984552606
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:qPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4U:F7VpNo8gmOyRsVc4
                                                                                                              MD5:0063D48AFE5A0CDC02833145667B6641
                                                                                                              SHA1:E7EB614805D183ECB1127C62DECB1A6BE1B4F7A8
                                                                                                              SHA-256:AC9DFE3B35EA4B8932536ED7406C29A432976B685CC5322F94EF93DF920FEDE7
                                                                                                              SHA-512:71CBBCAEB345E09306E368717EA0503FE8DF485BE2E95200FEBC61BCD8BA74FB4211CD263C232F148C0123F6C6F2E3FD4EA20BDECC4070F5208C35C6920240F0
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L......]...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\modern-header.bmp

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PC bitmap, Windows 3.x format, 165 x 57 x 24, image size 28272, resolution 2835 x 2835 px/m, cbSize 28326, bits offset 54
                                                                                                              Category:dropped
                                                                                                              Size (bytes):28326
                                                                                                              Entropy (8bit):2.5710862958427496
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:R5ZzmIhanXqiRFlbiRoXt7m4ju119MiieiK35JW0U1JIhuauz3A:R5Zz5QX1FtiRytSEu9Miiq5JW9IhuBQ
                                                                                                              MD5:EE5DCD5040C0616D92FA8E7A3344D455
                                                                                                              SHA1:D2A13B9E9965C99E9637FFE0CFDC54A791B0944D
                                                                                                              SHA-256:DAA94974E168B4D92C281BA0B774390C9E052833926E22929CD5A4569A0ECB97
                                                                                                              SHA-512:23CB22368B444E00EE5EAC5D86427801312550A1ACDF5652756A88205A32E862D9D636877323AA6503DA660107305036AFE7E7C79B9586160362E50AD138DB68
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:BM.n......6...(.......9...........pn....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\modern-wizard.bmp

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
                                                                                                              Category:dropped
                                                                                                              Size (bytes):26494
                                                                                                              Entropy (8bit):1.9568109962493656
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
                                                                                                              MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                                                                              SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                                                                              SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                                                                              SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                                                                              C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\nsDialogs.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):9728
                                                                                                              Entropy (8bit):5.127431636878203
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:oWW4JlD3c151V1gQoE8cxM2DjDf3GEst+Nt+jvcx4P8qndYv0PLE:oWp3ggQF8REskpx8dO0PLE
                                                                                                              MD5:6E64E5D5F9498058A300B26B8741D9D5
                                                                                                              SHA1:837CE28E5E02788DA63A7F1D8F20207D2B0BF523
                                                                                                              SHA-256:8D4B1C275FD1CD0782A265080B56D1AEC8D1C93EDCA5EF3B050D1D20D7B61F33
                                                                                                              SHA-512:F53514D36021D79F85DF2494D403F03589B3AD848889B9224F962CC932EF740F127131A914C7171AD8136CA1EF631285EA1C80576DB18CCF8EA56940EB00EA1E
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L......]...........!......... ......Y........0............................................@..........................6..k....0.......`.......................p.......................................................0...............................text............................... ..`.rdata..{....0......................@..@.data........@......................@....rsrc........`....... ..............@..@.reloc..t....p......."..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\nsExec.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):6656
                                                                                                              Entropy (8bit):5.150852446596736
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:4BNbUVOFvfcxEAxxxJzxLp+eELeoMEskzYzeHd0+uoyVeNSsX4:EUVOFvf9ABJFHE+FkEad0PLVeN
                                                                                                              MD5:293165DB1E46070410B4209519E67494
                                                                                                              SHA1:777B96A4F74B6C34D43A4E7C7E656757D1C97F01
                                                                                                              SHA-256:49B7477DB8DD22F8CF2D41EE2D79CE57797F02E8C7B9E799951A6C710384349A
                                                                                                              SHA-512:97012139F2DA5868FE8731C0B0BCB3CFDA29ED10C2E6E2336B504480C9CD9FB8F4728CCA23F1E0BD577D75DAA542E59F94D1D341F4E8AAEEBC7134BF61288C19
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........PE..L......]...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Roaming\Wildix\WIService\wiscfg.txt

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):38
                                                                                                              Entropy (8bit):3.8924071185928772
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:z0Nc4Ac+q:wNcLc+q
                                                                                                              MD5:79BC2DAD2D6C0232998EF454D71C4DBD
                                                                                                              SHA1:6A026317AC5B65340BA4F744E7DE9631EA25D504
                                                                                                              SHA-256:19C594461EC7DE3526592D1666788F41B5286995BD1BCAE55D05E84714531E1A
                                                                                                              SHA-512:E8BDEF565DB12684DEAC6E98875419056A7BA790228720D87338913C2D871187493AAAC1F8267CC91EE43102419EB8A7792D256C2E89703707C4F0AC89248B78
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:websocket:8888;lotus:9901;oiwss:8888..

                                                                                                              C:\Users\user\AppData\Roaming\Wildix\WIService\wissettings.json

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):398
                                                                                                              Entropy (8bit):4.797747370783272
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:Jh0tW4pUUig/gJE5SpWUUEzBkYtHJdkQbL0KN0p4olUDsVK+A6VfrJWlnKFnBFin:Jh0vpUU2JEGtUwXzkQvoW4VKuf9OK5i
                                                                                                              MD5:606B5FE3365F06C7EDA33DC031535D34
                                                                                                              SHA1:05DE0202B600B27C83BDA15C0747A7B30A06620C
                                                                                                              SHA-256:DFC0BD2C59CAA33AEA46A14F6D1DF5E498F22909AEFDE94CDD58F1B1CA34E0D0
                                                                                                              SHA-512:B3CAB59A40F97FCA9278E72E1EA75D3B0278CDD8164613E1D371225E91135193F9444DDEB147CE4A55AB594B3F53525B0013A881F15ADC78C32F49D56866649F
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:{. "activityDetection": {. "enable": false,. "interval": 0. },. "activity_detection_force_disable": false,. "authorizedApps": {},. "connection_issue": "none",. "ext": "",. "feedbackEmail": "",. "garbage_lifespan_days": 14,. "http_max_threads": 4,. "log_level": "info",. "log_max_kb": 10240,. "log_str": "6b4c9c56-0521-4fbc-9be1-ebfcd91001ee",. "pbx": "",. "setIconTryCount": 0.}

                                                                                                              C:\Users\user\AppData\Roaming\Wildix\WIService\wissettings.json.backup

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):398
                                                                                                              Entropy (8bit):4.797747370783272
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:Jh0tW4pUUig/gJE5SpWUUEzBkYtHJdkQbL0KN0p4olUDsVK+A6VfrJWlnKFnBFin:Jh0vpUU2JEGtUwXzkQvoW4VKuf9OK5i
                                                                                                              MD5:606B5FE3365F06C7EDA33DC031535D34
                                                                                                              SHA1:05DE0202B600B27C83BDA15C0747A7B30A06620C
                                                                                                              SHA-256:DFC0BD2C59CAA33AEA46A14F6D1DF5E498F22909AEFDE94CDD58F1B1CA34E0D0
                                                                                                              SHA-512:B3CAB59A40F97FCA9278E72E1EA75D3B0278CDD8164613E1D371225E91135193F9444DDEB147CE4A55AB594B3F53525B0013A881F15ADC78C32F49D56866649F
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:{. "activityDetection": {. "enable": false,. "interval": 0. },. "activity_detection_force_disable": false,. "authorizedApps": {},. "connection_issue": "none",. "ext": "",. "feedbackEmail": "",. "garbage_lifespan_days": 14,. "http_max_threads": 4,. "log_level": "info",. "log_max_kb": 10240,. "log_str": "6b4c9c56-0521-4fbc-9be1-ebfcd91001ee",. "pbx": "",. "setIconTryCount": 0.}

                                                                                                              C:\Windows\System32\drivers\etc\hosts

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF, LF line terminators
                                                                                                              Category:modified
                                                                                                              Size (bytes):857
                                                                                                              Entropy (8bit):4.712765723284222
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTto:vDZhyoZWM9rU5fFcr
                                                                                                              MD5:9AC77B45979A66F73EDB70B72908A616
                                                                                                              SHA1:8B22CFA695F10D31B8300C06790B728A4E209324
                                                                                                              SHA-256:A7777E702D4BEAD5529BFC2D026BFA2088BB64A5504DAFB57EF308CE92469E20
                                                                                                              SHA-512:C01644C1C13F7126ED455D76A63CD3CEEB314D74265256B07AC7120F6DA512B1B632D4F21167B9E8C7AD106F75D1F20809A7B129BE6871441F8F3FF6A390CFFF
                                                                                                              Malicious:true
                                                                                                              Reputation:unknown
                                                                                                              Preview:# Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost...127.0.0.1..wildixintegration.eu.

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\imgprint.gpd

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):7996
                                                                                                              Entropy (8bit):5.128824009655858
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                              MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                              SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                              SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                              SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\stddtype.gdl

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):23812
                                                                                                              Entropy (8bit):5.102231290969022
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                              MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                              SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                              SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                              SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\stdnames.gpd

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14362
                                                                                                              Entropy (8bit):4.18034476253744
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                              MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                              SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                              SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                              SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\stdschem.gdl

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):59116
                                                                                                              Entropy (8bit):5.051886370413466
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                              MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                              SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                              SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                              SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\stdschmx.gdl

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2278
                                                                                                              Entropy (8bit):4.581866117244519
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                              MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                              SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                              SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                              SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dll

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):531760
                                                                                                              Entropy (8bit):6.367894640776266
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:GTIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzIGH:GUJ/Cq2IT/PiP4dapV7LDU+
                                                                                                              MD5:FD8F8764FF7C181B9C4F125C7866E186
                                                                                                              SHA1:A95845BD24863735A63C2BD4EEBD07B24001046B
                                                                                                              SHA-256:B2124E894640CE7F440B2DC2CD4B095BDC1213806FA37BDB13068650654395B8
                                                                                                              SHA-512:AACD85BC9889A3AF116640A1F06F3D85F9844CFDBECC5F29364568B7DBA0F6BC96B7CC42FC4EF10E78AFEB9B44B38ED1F038E337D1F638C31CCF9EE4BF4B4846
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0.......$....`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dll

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):919344
                                                                                                              Entropy (8bit):5.989957262549423
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:1H0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+MU:17Hdv3DyfhP2QgYPwo3ArgU
                                                                                                              MD5:109D6635D97BD3755BBC17A39FA2A00E
                                                                                                              SHA1:A1BA018129134A5B7889CCBB9F822DF97F142C81
                                                                                                              SHA-256:EF69FD07E02C7D8CB3ECF31836440264E0D81C22753D1666B7818D9EC46FD060
                                                                                                              SHA-512:EF99293116CC75749BF136F50EA8410ACC4474FAE354C66D17A884EC6519319B9BCD05F14AFE4CE66E1DB1419149355E413E0795EE440E3B9FC6575E18381024
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ .......J....`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\unires.dll

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):856368
                                                                                                              Entropy (8bit):5.595352052416589
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:79aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhZ:5aBEGbL4Np84TQazCSiRhZ
                                                                                                              MD5:E53389EF9A73C1B212A8D0C202E561BD
                                                                                                              SHA1:0F84190B8FF18D07490E38FC46567F81D66D32D7
                                                                                                              SHA-256:88F7FCF7C2EE6DC91A689F689C24214D9D6371E593B609E85B2117D46055C77E
                                                                                                              SHA-512:956598397F95DD1CC84E27A4DBE09F8C8D35F3FE6EE3FF333AFE94A700385D47A4439D45599035B7EF0646ACBCEA660CB7B96452D9524C331AAB97CFD1D6C7A4
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." .................................................................*....`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\imgprint.BUD

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):19336
                                                                                                              Entropy (8bit):4.312288104152102
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:7mXKNT6+Y9QeSU83XGtzdHeQhlJqeB+Pu7HnjtoX2PSuNip:T6+LU832tzd+pM+Pu7HGX2quNu
                                                                                                              MD5:115996B67784E69002E510C37A308236
                                                                                                              SHA1:DBF83174EAE0610626B5E45663B18477255DEA99
                                                                                                              SHA-256:296209C0B41ECE97A7474648C5357D61F0BD7F46DE42598C50A1C48CAA31FD57
                                                                                                              SHA-512:E483C52DC80CEBCEFC277890D2C2AF83B1232716628260AA302229B4EB623A8D77D32DE4ADB039C424F3AE3DB2871DF1370E12718CB3EDD628250CEB3EA4C4B5
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:.K.. DPGr...ta..I..)........................................z........... ...........................c.......@...J........$..4........)...........+..:........-...........-...........-...........-...........-...........6...........6...........6...........6...........6...........7...........WINNT_40.WINNT_50.WINNT_51.WINNT_60.PARSER_VER_1.0.C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.s.p.o.o.l.\.D.R.I.V.E.R.S.\.x.6.4.\.3.\.i.m.g.p.r.i.n.t...g.p.d...StdNames.gpdC.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.s.p.o.o.l.\.D.R.I.V.E.R.S.\.x.6.4.\.3.\.S.t.d.N.a.m.e.s...g.p.d...ORIENTATION_DISPLAY.PAPER_SIZE_DISPLAY.PAPER_SOURCE_DISPLAY.RESOLUTION_DISPLAY.MEDIA_TYPE_DISPLAY.TEXT_QUALITY_DISPLAY.COLOR_PRINTING_MODE_DISPLAY.PRINTER_MEMORY_DISPLAY.TWO_SIDED_PRINTING_DISPLAY.PAGE_PROTECTION_DISPLAY.HALFTONING_DISPLAY.OUTPUTBIN_DISPLAY.IMAGECONTROL_DISPLAY.PRINTDENSITY_DISPLAY.GRAPHICSMODE_DISPLAY.TEXTHALFTONE_DISPLAY.GRAPHICSHALFTONE_DISPLAY.PHOTOHALFTONE_DISPLAY.RCID_DMPAPER_SYSTEM_NAME.LETTER_DISPLAY.LETTERS

                                                                                                              C:\Windows\System32\spool\drivers\x64\imgprint.gpd

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):7996
                                                                                                              Entropy (8bit):5.128824009655858
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                              MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                              SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                              SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                              SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                              C:\Windows\System32\spool\drivers\x64\stddtype.gdl

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):23812
                                                                                                              Entropy (8bit):5.102231290969022
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                              MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                              SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                              SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                              SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                              C:\Windows\System32\spool\drivers\x64\stdnames.gpd

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14362
                                                                                                              Entropy (8bit):4.18034476253744
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                              MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                              SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                              SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                              SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                              C:\Windows\System32\spool\drivers\x64\stdschem.gdl

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):59116
                                                                                                              Entropy (8bit):5.051886370413466
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                              MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                              SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                              SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                              SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                              C:\Windows\System32\spool\drivers\x64\stdschmx.gdl

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2278
                                                                                                              Entropy (8bit):4.581866117244519
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                              MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                              SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                              SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                              SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                              C:\Windows\System32\spool\drivers\x64\unidrv.dll

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):531760
                                                                                                              Entropy (8bit):6.367894640776266
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:GTIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzIGH:GUJ/Cq2IT/PiP4dapV7LDU+
                                                                                                              MD5:FD8F8764FF7C181B9C4F125C7866E186
                                                                                                              SHA1:A95845BD24863735A63C2BD4EEBD07B24001046B
                                                                                                              SHA-256:B2124E894640CE7F440B2DC2CD4B095BDC1213806FA37BDB13068650654395B8
                                                                                                              SHA-512:AACD85BC9889A3AF116640A1F06F3D85F9844CFDBECC5F29364568B7DBA0F6BC96B7CC42FC4EF10E78AFEB9B44B38ED1F038E337D1F638C31CCF9EE4BF4B4846
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0.......$....`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\System32\spool\drivers\x64\unidrvui.dll

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):919344
                                                                                                              Entropy (8bit):5.989957262549423
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:1H0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+MU:17Hdv3DyfhP2QgYPwo3ArgU
                                                                                                              MD5:109D6635D97BD3755BBC17A39FA2A00E
                                                                                                              SHA1:A1BA018129134A5B7889CCBB9F822DF97F142C81
                                                                                                              SHA-256:EF69FD07E02C7D8CB3ECF31836440264E0D81C22753D1666B7818D9EC46FD060
                                                                                                              SHA-512:EF99293116CC75749BF136F50EA8410ACC4474FAE354C66D17A884EC6519319B9BCD05F14AFE4CE66E1DB1419149355E413E0795EE440E3B9FC6575E18381024
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ .......J....`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\System32\spool\drivers\x64\unires.dll

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):856368
                                                                                                              Entropy (8bit):5.595352052416589
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:79aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhZ:5aBEGbL4Np84TQazCSiRhZ
                                                                                                              MD5:E53389EF9A73C1B212A8D0C202E561BD
                                                                                                              SHA1:0F84190B8FF18D07490E38FC46567F81D66D32D7
                                                                                                              SHA-256:88F7FCF7C2EE6DC91A689F689C24214D9D6371E593B609E85B2117D46055C77E
                                                                                                              SHA-512:956598397F95DD1CC84E27A4DBE09F8C8D35F3FE6EE3FF333AFE94A700385D47A4439D45599035B7EF0646ACBCEA660CB7B96452D9524C331AAB97CFD1D6C7A4
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." .................................................................*....`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                              C:\Windows\System32\wfaxport.dll

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):357680
                                                                                                              Entropy (8bit):6.335690120350878
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:oVCKF+tmU+nEcmcW3Ke3+Lr+3fqKqfn4v4VC6n8VfcYkQ:zPDcW3R3Mq3ET8huQ
                                                                                                              MD5:D42FAA306B39E5B1F2980958FFC6A908
                                                                                                              SHA1:388B4A883610937D35090969DF2C5A2194767740
                                                                                                              SHA-256:F202C94086527E8F077C23A3079CD951511E89ACB95B1E6360D948066336D63B
                                                                                                              SHA-512:90477DE265E5019DA97EF711D5CC14B888D08E8848125F5F2DDD095797E6BE6622CC4A1787FCA0542096F4BA5CEEB9B630111AC37AD72627B3F0EAC43305407B
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........^N~.? -.? -.? -.G.-.? -_N%,.? -.J$,.? -.J#,.? -.J%,.? -.J!,.? -.T$,.? -.T&,.? -.T!,.? -.?!-.> -&J%,.? -%J$,.? -%J%,.? -%J ,.? -%J.-.? -%J",.? -Rich.? -........................PE..d.....|c.........." .................e..............................................m.....`.............................................p......|....p..p....0...8...L..0)......x...t...T.......................(.......8............................................text............................... ..`.rdata..R'.......(..................@..@.data....D.......<..................@....pdata...8...0...:..................@..@.rsrc...p....p.......@..............@..@.reloc..x............D..............@..B................................................................................................................................................................................................

                                                                                                              C:\Windows\system32\spool\DRIVERS\x64\3\imgprint.gpd (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):7996
                                                                                                              Entropy (8bit):5.128824009655858
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                              MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                              SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                              SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                              SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\stddtype.gdl (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):23812
                                                                                                              Entropy (8bit):5.102231290969022
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                              MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                              SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                              SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                              SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\stdnames.gpd (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14362
                                                                                                              Entropy (8bit):4.18034476253744
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                              MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                              SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                              SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                              SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\stdschem.gdl (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):59116
                                                                                                              Entropy (8bit):5.051886370413466
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                              MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                              SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                              SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                              SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\stdschmx.gdl (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2278
                                                                                                              Entropy (8bit):4.581866117244519
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                              MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                              SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                              SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                              SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                              Malicious:false
                                                                                                              Reputation:unknown
                                                                                                              Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):531760
                                                                                                              Entropy (8bit):6.367894640776266
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:GTIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzIGH:GUJ/Cq2IT/PiP4dapV7LDU+
                                                                                                              MD5:FD8F8764FF7C181B9C4F125C7866E186
                                                                                                              SHA1:A95845BD24863735A63C2BD4EEBD07B24001046B
                                                                                                              SHA-256:B2124E894640CE7F440B2DC2CD4B095BDC1213806FA37BDB13068650654395B8
                                                                                                              SHA-512:AACD85BC9889A3AF116640A1F06F3D85F9844CFDBECC5F29364568B7DBA0F6BC96B7CC42FC4EF10E78AFEB9B44B38ED1F038E337D1F638C31CCF9EE4BF4B4846
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0.......$....`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):919344
                                                                                                              Entropy (8bit):5.989957262549423
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:1H0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+MU:17Hdv3DyfhP2QgYPwo3ArgU
                                                                                                              MD5:109D6635D97BD3755BBC17A39FA2A00E
                                                                                                              SHA1:A1BA018129134A5B7889CCBB9F822DF97F142C81
                                                                                                              SHA-256:EF69FD07E02C7D8CB3ECF31836440264E0D81C22753D1666B7818D9EC46FD060
                                                                                                              SHA-512:EF99293116CC75749BF136F50EA8410ACC4474FAE354C66D17A884EC6519319B9BCD05F14AFE4CE66E1DB1419149355E413E0795EE440E3B9FC6575E18381024
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ .......J....`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):856368
                                                                                                              Entropy (8bit):5.595352052416589
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:79aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhZ:5aBEGbL4Np84TQazCSiRhZ
                                                                                                              MD5:E53389EF9A73C1B212A8D0C202E561BD
                                                                                                              SHA1:0F84190B8FF18D07490E38FC46567F81D66D32D7
                                                                                                              SHA-256:88F7FCF7C2EE6DC91A689F689C24214D9D6371E593B609E85B2117D46055C77E
                                                                                                              SHA-512:956598397F95DD1CC84E27A4DBE09F8C8D35F3FE6EE3FF333AFE94A700385D47A4439D45599035B7EF0646ACBCEA660CB7B96452D9524C331AAB97CFD1D6C7A4
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Reputation:unknown
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." .................................................................*....`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                              Entropy (8bit):7.994461248512172
                                                                                                              TrID:
                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                              File name:SetupWIService.exe
                                                                                                              File size:13876464
                                                                                                              MD5:6685bbb6eea96a5bee42ca0379671647
                                                                                                              SHA1:ff0dff812260ce80394ca3c228da9d45701cb57d
                                                                                                              SHA256:ee426380bbb5a135bc257b15aa32b78f1e21aa25f624e6ac5eb730005bb737b2
                                                                                                              SHA512:df7e0919c596c1a5d487d01d7504ec45c03a5b8fb4852ba0a8eb8b675406027aedfc032100510d8b67f744c2021ed81874d14ee9503aac50b500abbe64858d2e
                                                                                                              SSDEEP:393216:6arplfyM9M09Xqj2qm2FfiQ6Se+pOfBWszeiEfqxzpC:Zll6+6xffFUWcEfOk
                                                                                                              TLSH:3EE633900C20557ED9E80330B66CAE6727C7B8AF97798C43665FB24FE9973C720A524D
                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.w.F.*.....F...v...F...@...F.Rich..F.........PE..L......].................d...|......k2............@

                                                                                                              File Icon

                                                                                                              Icon Hash:f0ecacadb296d470

                                                                                                              Static PE Info

                                                                                                              General

                                                                                                              Entrypoint:0x40326b
                                                                                                              Entrypoint Section:.text
                                                                                                              Digitally signed:true
                                                                                                              Imagebase:0x400000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                              Time Stamp:0x5DF6D4F0 [Mon Dec 16 00:50:56 2019 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:
                                                                                                              OS Version Major:4
                                                                                                              OS Version Minor:0
                                                                                                              File Version Major:4
                                                                                                              File Version Minor:0
                                                                                                              Subsystem Version Major:4
                                                                                                              Subsystem Version Minor:0
                                                                                                              Import Hash:e9c0657252137ac61c1eeeba4c021000

                                                                                                              Authenticode Signature

                                                                                                              Signature Valid:true
                                                                                                              Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                              Signature Validation Error:The operation completed successfully
                                                                                                              Error Number:0
                                                                                                              Not Before, Not After
                                                                                                              • 9/29/2021 2:00:00 AM 9/29/2024 1:59:59 AM
                                                                                                              Subject Chain
                                                                                                              • CN=Wildix EE OU, O=Wildix EE OU, S=Harjumaa, C=EE
                                                                                                              Version:3
                                                                                                              Thumbprint MD5:E55C37638C7C0FF8823DB33F19D887EC
                                                                                                              Thumbprint SHA-1:FECCAC6BD522C81598A4C44307F6960E9C2DAE01
                                                                                                              Thumbprint SHA-256:82CECC21617A201B0F87783A802716469AD2F6CA6725513168445AF20F9E732C
                                                                                                              Serial:00C090271985B3889571FAD0EA7DF6AF45

                                                                                                              Entrypoint Preview

                                                                                                              Instruction
                                                                                                              sub esp, 00000184h
                                                                                                              push ebx
                                                                                                              push esi
                                                                                                              push edi
                                                                                                              xor ebx, ebx
                                                                                                              push 00008001h
                                                                                                              mov dword ptr [esp+18h], ebx
                                                                                                              mov dword ptr [esp+10h], 0040A198h
                                                                                                              mov dword ptr [esp+20h], ebx
                                                                                                              mov byte ptr [esp+14h], 00000020h
                                                                                                              call dword ptr [004080A0h]
                                                                                                              call dword ptr [0040809Ch]
                                                                                                              and eax, BFFFFFFFh
                                                                                                              cmp ax, 00000006h
                                                                                                              mov dword ptr [0042F40Ch], eax
                                                                                                              je 00007F9CF0BC6193h
                                                                                                              push ebx
                                                                                                              call 00007F9CF0BC927Bh
                                                                                                              cmp eax, ebx
                                                                                                              je 00007F9CF0BC6189h
                                                                                                              push 00000C00h
                                                                                                              call eax
                                                                                                              mov esi, 00408298h
                                                                                                              push esi
                                                                                                              call 00007F9CF0BC91F7h
                                                                                                              push esi
                                                                                                              call dword ptr [00408098h]
                                                                                                              lea esi, dword ptr [esi+eax+01h]
                                                                                                              cmp byte ptr [esi], bl
                                                                                                              jne 00007F9CF0BC616Dh
                                                                                                              push 0000000Ah
                                                                                                              call 00007F9CF0BC924Fh
                                                                                                              push 00000008h
                                                                                                              call 00007F9CF0BC9248h
                                                                                                              push 00000006h
                                                                                                              mov dword ptr [0042F404h], eax
                                                                                                              call 00007F9CF0BC923Ch
                                                                                                              cmp eax, ebx
                                                                                                              je 00007F9CF0BC6191h
                                                                                                              push 0000001Eh
                                                                                                              call eax
                                                                                                              test eax, eax
                                                                                                              je 00007F9CF0BC6189h
                                                                                                              or byte ptr [0042F40Fh], 00000040h
                                                                                                              push ebp
                                                                                                              call dword ptr [00408040h]
                                                                                                              push ebx
                                                                                                              call dword ptr [00408284h]
                                                                                                              mov dword ptr [0042F4D8h], eax
                                                                                                              push ebx
                                                                                                              lea eax, dword ptr [esp+38h]
                                                                                                              push 00000160h
                                                                                                              push eax
                                                                                                              push ebx
                                                                                                              push 00429830h
                                                                                                              call dword ptr [00408178h]
                                                                                                              push 0040A188h

                                                                                                              Rich Headers

                                                                                                              Programming Language:
                                                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                              Data Directories

                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x853c0xa0.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x410000x191f8.rsrc
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0xd393c00x2930
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x294.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                              Sections

                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              .text0x10000x62ff0x6400False0.672421875data6.457821426487787IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                              .rdata0x80000x134a0x1400False0.459765625data5.238921057104071IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .data0xa0000x255180x600False0.4557291666666667data4.049203760121162IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                              .ndata0x300000x110000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                              .rsrc0x410000x191f80x19200False0.7030472636815921data6.749189154571692IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                              Resources

                                                                                                              NameRVASizeTypeLanguageCountry
                                                                                                              RT_ICON0x414000xbc2dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                              RT_ICON0x4d0300x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States
                                                                                                              RT_ICON0x512580x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                                                              RT_ICON0x538000x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6720EnglishUnited States
                                                                                                              RT_ICON0x552680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                                                              RT_ICON0x563100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States
                                                                                                              RT_ICON0x571b80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
                                                                                                              RT_ICON0x57b400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States
                                                                                                              RT_ICON0x583e80x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States
                                                                                                              RT_ICON0x58aa00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States
                                                                                                              RT_ICON0x590080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                                                              RT_ICON0x594700x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States
                                                                                                              RT_ICON0x597580x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States
                                                                                                              RT_DIALOG0x598800x200dataEnglishUnited States
                                                                                                              RT_DIALOG0x59a800xf8dataEnglishUnited States
                                                                                                              RT_DIALOG0x59b780xa0dataEnglishUnited States
                                                                                                              RT_DIALOG0x59c180xeedataEnglishUnited States
                                                                                                              RT_GROUP_ICON0x59d080xbcdataEnglishUnited States
                                                                                                              RT_MANIFEST0x59dc80x42eXML 1.0 document, ASCII text, with very long lines (1070), with no line terminatorsEnglishUnited States

                                                                                                              Imports

                                                                                                              DLLImport
                                                                                                              KERNEL32.dllGetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetFileAttributesA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileTime, GetFileAttributesA, SetCurrentDirectoryA, MoveFileA, GetFullPathNameA, GetShortPathNameA, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, DeleteFileA, FindFirstFileA, FindNextFileA, FindClose, SetFilePointer, GetPrivateProfileStringA, WritePrivateProfileStringA, MulDiv, MultiByteToWideChar, FreeLibrary, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
                                                                                                              USER32.dllGetSystemMenu, SetClassLongA, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, LoadImageA, CreateDialogParamA, SetTimer, SetWindowTextA, SetForegroundWindow, ShowWindow, SetWindowLongA, SendMessageTimeoutA, FindWindowExA, IsWindow, AppendMenuA, TrackPopupMenu, CreatePopupMenu, DrawTextA, EndPaint, DestroyWindow, wsprintfA, PostQuitMessage
                                                                                                              GDI32.dllSelectObject, SetTextColor, SetBkMode, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, GetDeviceCaps, SetBkColor
                                                                                                              SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
                                                                                                              ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                              COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                              ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                              Possible Origin

                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                              EnglishUnited States

                                                                                                              Network Behavior

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Dec 8, 2022 13:04:07.713740110 CET49702443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:07.713809967 CET4434970252.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:07.713922977 CET49702443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:07.719440937 CET49702443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:07.719469070 CET4434970252.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:07.842900038 CET4434970252.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:07.843949080 CET49702443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:07.843966961 CET4434970252.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:07.845252037 CET4434970252.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:07.845352888 CET49702443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:07.847634077 CET49702443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:07.847645044 CET4434970252.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:07.847743988 CET4434970252.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:07.848077059 CET49702443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:07.848088980 CET4434970252.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:07.892041922 CET49702443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:07.923788071 CET4434970252.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:07.923852921 CET4434970252.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:07.923870087 CET4434970252.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:07.924035072 CET49702443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:07.924068928 CET4434970252.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:07.924540043 CET4434970252.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:07.925448895 CET49702443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:08.089170933 CET49702443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:08.089219093 CET4434970252.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:08.089391947 CET49702443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:08.480431080 CET49704443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:08.480485916 CET4434970452.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:08.480565071 CET49704443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:08.481103897 CET49704443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:08.481118917 CET4434970452.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:08.596043110 CET4434970452.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:08.597219944 CET49704443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:08.597250938 CET4434970452.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:08.599049091 CET4434970452.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:08.599209070 CET49704443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:08.600728989 CET49704443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:08.600740910 CET4434970452.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:08.600883961 CET4434970452.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:08.600923061 CET49704443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:08.600931883 CET4434970452.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:08.686816931 CET4434970452.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:08.686908007 CET49704443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:08.740962982 CET49704443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:08.741000891 CET4434970452.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.039273977 CET49705443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:09.039336920 CET4434970552.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.040863991 CET49705443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:09.042237043 CET49705443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:09.042257071 CET4434970552.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.153484106 CET4434970552.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.155064106 CET49705443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:09.155102968 CET4434970552.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.157574892 CET4434970552.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.157682896 CET49705443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:09.207504034 CET49705443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:09.207556009 CET4434970552.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.207741022 CET49705443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:09.207761049 CET4434970552.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.209016085 CET4434970552.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.255774975 CET4434970552.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.256263018 CET49705443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:09.295696020 CET49705443192.168.2.452.213.62.3
                                                                                                              Dec 8, 2022 13:04:09.295742989 CET4434970552.213.62.3192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.833034992 CET49706443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:09.833111048 CET4434970654.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.833295107 CET49706443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:09.843872070 CET49706443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:09.843929052 CET4434970654.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.926748037 CET4434970654.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.928359032 CET49706443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:09.928411007 CET4434970654.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.929703951 CET4434970654.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.929851055 CET49706443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:09.931233883 CET49706443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:09.931298971 CET4434970654.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.931432009 CET4434970654.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.931588888 CET49706443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:09.931628942 CET4434970654.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:10.015754938 CET4434970654.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:10.016005993 CET49706443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:10.017184973 CET49706443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:10.017227888 CET4434970654.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:18.253386974 CET49707443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:18.253446102 CET4434970754.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:18.253535986 CET49707443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:18.258220911 CET49707443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:18.258260012 CET4434970754.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:18.306364059 CET4434970754.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:18.307310104 CET49707443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:18.307344913 CET4434970754.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:18.309720993 CET4434970754.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:18.309803009 CET49707443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:18.311635017 CET49707443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:18.311661005 CET4434970754.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:18.311801910 CET4434970754.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:18.311903000 CET49707443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:18.311914921 CET4434970754.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:18.392836094 CET49707443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:18.392870903 CET4434970754.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:18.396848917 CET4434970754.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:18.396970987 CET49707443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:18.397584915 CET49707443192.168.2.454.93.167.246
                                                                                                              Dec 8, 2022 13:04:18.397614002 CET4434970754.93.167.246192.168.2.4
                                                                                                              Dec 8, 2022 13:04:18.397649050 CET49707443192.168.2.454.93.167.246

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Dec 8, 2022 13:04:07.663067102 CET5856553192.168.2.48.8.8.8
                                                                                                              Dec 8, 2022 13:04:07.683037996 CET53585658.8.8.8192.168.2.4
                                                                                                              Dec 8, 2022 13:04:08.441266060 CET5680753192.168.2.48.8.8.8
                                                                                                              Dec 8, 2022 13:04:08.460586071 CET53568078.8.8.8192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.009555101 CET6100753192.168.2.48.8.8.8
                                                                                                              Dec 8, 2022 13:04:09.030002117 CET53610078.8.8.8192.168.2.4
                                                                                                              Dec 8, 2022 13:04:09.805684090 CET6068653192.168.2.48.8.8.8
                                                                                                              Dec 8, 2022 13:04:09.824657917 CET53606868.8.8.8192.168.2.4
                                                                                                              Dec 8, 2022 13:04:18.043337107 CET6112453192.168.2.48.8.8.8
                                                                                                              Dec 8, 2022 13:04:18.063828945 CET53611248.8.8.8192.168.2.4

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                              Dec 8, 2022 13:04:07.663067102 CET192.168.2.48.8.8.80x8aa2Standard query (0)files.wildix.comA (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 13:04:08.441266060 CET192.168.2.48.8.8.80x5c9fStandard query (0)files.wildix.comA (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 13:04:09.009555101 CET192.168.2.48.8.8.80x2647Standard query (0)files.wildix.comA (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 13:04:09.805684090 CET192.168.2.48.8.8.80xc6dbStandard query (0)feedback.wildix.comA (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 13:04:18.043337107 CET192.168.2.48.8.8.80xb662Standard query (0)feedback.wildix.comA (IP address)IN (0x0001)false

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                              Dec 8, 2022 13:04:07.683037996 CET8.8.8.8192.168.2.40x8aa2No error (0)files.wildix.com52.213.62.3A (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 13:04:08.460586071 CET8.8.8.8192.168.2.40x5c9fNo error (0)files.wildix.com52.213.62.3A (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 13:04:09.030002117 CET8.8.8.8192.168.2.40x2647No error (0)files.wildix.com52.213.62.3A (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 13:04:09.824657917 CET8.8.8.8192.168.2.40xc6dbNo error (0)feedback.wildix.com54.93.167.246A (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 13:04:09.824657917 CET8.8.8.8192.168.2.40xc6dbNo error (0)feedback.wildix.com3.64.145.227A (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 13:04:18.063828945 CET8.8.8.8192.168.2.40xb662No error (0)feedback.wildix.com54.93.167.246A (IP address)IN (0x0001)false
                                                                                                              Dec 8, 2022 13:04:18.063828945 CET8.8.8.8192.168.2.40xb662No error (0)feedback.wildix.com3.64.145.227A (IP address)IN (0x0001)false

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • files.wildix.com
                                                                                                              • feedback.wildix.com

                                                                                                              HTTPS Proxied Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              0192.168.2.44970252.213.62.3443C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              2022-12-08 12:04:07 UTC0OUTGET /integrations/integrations.json HTTP/1.1
                                                                                                              Host: files.wildix.com
                                                                                                              Accept: */*
                                                                                                              2022-12-08 12:04:07 UTC0INHTTP/1.1 200 OK
                                                                                                              Server: nginx/1.14.1
                                                                                                              Date: Thu, 08 Dec 2022 12:04:07 GMT
                                                                                                              Content-Type: application/json
                                                                                                              Content-Length: 7833
                                                                                                              Last-Modified: Fri, 02 Dec 2022 17:08:06 GMT
                                                                                                              Connection: close
                                                                                                              ETag: "638a30f6-1e99"
                                                                                                              Access-Control-Allow-Origin: *
                                                                                                              Accept-Ranges: bytes
                                                                                                              2022-12-08 12:04:07 UTC0INData Raw: 7b 0d 0a 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 31 32 30 2c 0d 0a 20 20 22 69 6e 74 65 67 72 61 74 69 6f 6e 73 22 3a 20 7b 0d 0a 20 20 20 20 22 62 72 6f 77 73 65 72 65 78 74 22 3a 20 7b 0d 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 22 65 6e 22 3a 20 22 42 72 6f 77 73 65 72 20 65 78 74 65 6e 73 69 6f 6e 22 2c 0d 0a 20 20 20 20 20 20 20 20 22 65 6e 2d 75 73 22 3a 20 22 42 72 6f 77 73 65 72 20 65 78 74 65 6e 73 69 6f 6e 22 2c 0d 0a 20 20 20 20 20 20 20 20 22 69 74 22 3a 20 22 45 73 74 65 6e 73 69 6f 6e 65 20 64 65 6c 20 62 72 6f 77 73 65 72 22 2c 0d 0a 20 20 20 20 20 20 20 20 22 64 65 22 3a 20 22 42 72 6f 77 73 65 72 2d 45 72 77 65 69 74 65 72 75 6e 67 22 2c 0d 0a 20 20 20 20 20 20 20 20 22 66 72 22 3a 20 22 45 78 74 65 6e
                                                                                                              Data Ascii: { "version": 120, "integrations": { "browserext": { "name": { "en": "Browser extension", "en-us": "Browser extension", "it": "Estensione del browser", "de": "Browser-Erweiterung", "fr": "Exten


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              1192.168.2.44970452.213.62.3443C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              2022-12-08 12:04:08 UTC8OUTGET /integrations/applications.json HTTP/1.1
                                                                                                              Host: files.wildix.com
                                                                                                              Accept: */*
                                                                                                              2022-12-08 12:04:08 UTC8INHTTP/1.1 200 OK
                                                                                                              Server: nginx/1.14.1
                                                                                                              Date: Thu, 08 Dec 2022 12:04:08 GMT
                                                                                                              Content-Type: application/json
                                                                                                              Content-Length: 701
                                                                                                              Last-Modified: Wed, 23 Nov 2022 06:45:04 GMT
                                                                                                              Connection: close
                                                                                                              ETag: "637dc170-2bd"
                                                                                                              Access-Control-Allow-Origin: *
                                                                                                              Accept-Ranges: bytes
                                                                                                              2022-12-08 12:04:08 UTC8INData Raw: 7b 0a 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 37 2c 0a 20 20 20 20 22 61 70 70 6c 69 63 61 74 69 6f 6e 73 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 77 69 6e 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 22 32 2e 35 2e 38 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 66 69 6c 65 22 3a 20 22 77 69 6e 2f 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 2f 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 5f 43 49 2f 43 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 2d 32 2e 35 2e 38 2d 78 36 34 2e 65 78 65 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6d 73 69 22 3a 20 22 77 69 6e 2f 63 6f 6c 6c 61 62 6f 72 61 74 69
                                                                                                              Data Ascii: { "version": 7, "applications": { "collaboration": { "win": { "version": "2.5.8", "file": "win/collaboration/collaboration_CI/Collaboration-2.5.8-x64.exe", "msi": "win/collaborati


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              2192.168.2.44970552.213.62.3443C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              2022-12-08 12:04:09 UTC9OUTGET /integrations/x-beesNativeApp.json HTTP/1.1
                                                                                                              Host: files.wildix.com
                                                                                                              Accept: */*
                                                                                                              2022-12-08 12:04:09 UTC9INHTTP/1.1 200 OK
                                                                                                              Server: nginx/1.14.1
                                                                                                              Date: Thu, 08 Dec 2022 12:04:09 GMT
                                                                                                              Content-Type: application/json
                                                                                                              Content-Length: 579
                                                                                                              Last-Modified: Tue, 22 Nov 2022 18:05:18 GMT
                                                                                                              Connection: close
                                                                                                              ETag: "637d0f5e-243"
                                                                                                              Access-Control-Allow-Origin: *
                                                                                                              Accept-Ranges: bytes
                                                                                                              2022-12-08 12:04:09 UTC9INData Raw: 7b 0d 0a 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 38 2c 0d 0a 20 20 20 20 22 61 70 70 6c 69 63 61 74 69 6f 6e 73 22 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 22 78 2d 62 65 65 73 22 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 77 69 6e 22 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 22 30 2e 35 2e 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 66 69 6c 65 22 3a 20 22 77 69 6e 2f 78 2d 62 65 65 73 2f 78 2d 62 65 65 73 2d 30 2e 35 2e 32 2e 65 78 65 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6d 73 69 22 3a 20 22 77 69 6e 2f 78 2d 62 65 65 73 2f 78 2d 62 65 65 73 2d 30 2e 35 2e 32 2e 6d 73 69 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 61 6c
                                                                                                              Data Ascii: { "version": 8, "applications": { "x-bees": { "win": { "version": "0.5.2", "file": "win/x-bees/x-bees-0.5.2.exe", "msi": "win/x-bees/x-bees-0.5.2.msi", "al


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              3192.168.2.44970654.93.167.246443C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              2022-12-08 12:04:09 UTC9OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                                                              Host: feedback.wildix.com
                                                                                                              Accept: */*
                                                                                                              Content-Length: 497
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              2022-12-08 12:04:09 UTC10OUTData Raw: 65 76 65 6e 74 3d 77 69 53 65 72 76 69 63 65 53 74 61 72 74 65 64 26 64 61 74 61 3d 7b 22 61 70 70 4e 61 6d 65 22 3a 22 77 69 73 65 72 76 69 63 65 22 2c 22 61 75 74 6f 55 70 64 61 74 65 22 3a 22 64 69 73 61 62 6c 65 64 22 2c 22 6c 61 73 74 43 6f 6e 6e 65 63 74 65 64 48 6f 73 74 22 3a 22 22 2c 22 6c 61 73 74 43 6f 6e 6e 65 63 74 65 64 54 69 6d 65 22 3a 30 2c 22 76 65 72 73 69 6f 6e 22 3a 22 33 2e 31 31 2e 33 2e 31 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 65 78 65 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 22 2c 22 6d 65 73 73 61 67 65 49
                                                                                                              Data Ascii: event=wiServiceStarted&data={"appName":"wiservice","autoUpdate":"disabled","lastConnectedHost":"","lastConnectedTime":0,"version":"3.11.3.1"}&context={"cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","extension":"","installer":"exe","machineId":"","messageI
                                                                                                              2022-12-08 12:04:10 UTC10INHTTP/1.1 200 OK
                                                                                                              Date: Thu, 08 Dec 2022 12:04:10 GMT
                                                                                                              Content-Type: text/html;charset=UTF-8
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Server: nginx/1.16.1
                                                                                                              Access-Control-Allow-Origin: *
                                                                                                              Access-Control-Allow-Headers: accept, authorization, content-type
                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                              P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                                                              2022-12-08 12:04:10 UTC10INData Raw: 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              4192.168.2.44970754.93.167.246443C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              2022-12-08 12:04:18 UTC10OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                                                              Host: feedback.wildix.com
                                                                                                              Accept: */*
                                                                                                              Content-Length: 429
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              2022-12-08 12:04:18 UTC11OUTData Raw: 65 76 65 6e 74 3d 68 65 61 64 73 65 74 49 6e 74 65 67 72 61 74 69 6f 6e 43 6f 6e 6e 65 63 74 65 64 26 64 61 74 61 3d 7b 22 61 70 70 4e 61 6d 65 22 3a 22 68 65 61 64 73 65 74 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 65 78 65 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 22 2c 22 6d 65 73 73 61 67 65 49 64 22 3a 22 36 61 66 35 36 38 66 33 2d 65 63 33 30 2d 34 34 39 30 2d 39 36 64 35 2d 34 39 32 38 34 32 61 31 64 35 36 63 22 2c 22 6f 73 22 3a 22 57 69 6e 64 6f 77 73 5f 4e 54 22 2c 22 6f 73 42 69 74 73 22
                                                                                                              Data Ascii: event=headsetIntegrationConnected&data={"appName":"headset","version":""}&context={"cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","extension":"","installer":"exe","machineId":"","messageId":"6af568f3-ec30-4490-96d5-492842a1d56c","os":"Windows_NT","osBits"
                                                                                                              2022-12-08 12:04:18 UTC11INHTTP/1.1 200 OK
                                                                                                              Date: Thu, 08 Dec 2022 12:04:18 GMT
                                                                                                              Content-Type: text/html;charset=UTF-8
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Server: nginx/1.16.1
                                                                                                              Access-Control-Allow-Origin: *
                                                                                                              Access-Control-Allow-Headers: accept, authorization, content-type
                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                              P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                                                              2022-12-08 12:04:18 UTC11INData Raw: 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 0


                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Target ID:0
                                                                                                              Start time:13:02:47
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                              Imagebase:0x400000
                                                                                                              File size:13876464 bytes
                                                                                                              MD5 hash:6685BBB6EEA96A5BEE42CA0379671647
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000000.00000002.607884101.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000000.00000003.606167729.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000000.00000003.605471583.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:low

                                                                                                              General

                                                                                                              Target ID:1
                                                                                                              Start time:13:02:48
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM WIService.exe
                                                                                                              Imagebase:0xd90000
                                                                                                              File size:232960 bytes
                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:2
                                                                                                              Start time:13:02:48
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7c72c0000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:3
                                                                                                              Start time:13:02:49
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM WIService.exe
                                                                                                              Imagebase:0xdb0000
                                                                                                              File size:74752 bytes
                                                                                                              MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:4
                                                                                                              Start time:13:02:49
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM WIui.exe
                                                                                                              Imagebase:0xd90000
                                                                                                              File size:232960 bytes
                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:5
                                                                                                              Start time:13:02:49
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7c72c0000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:6
                                                                                                              Start time:13:02:49
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM WIui.exe
                                                                                                              Imagebase:0xdb0000
                                                                                                              File size:74752 bytes
                                                                                                              MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:7
                                                                                                              Start time:13:02:50
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM wirtpproxy.exe
                                                                                                              Imagebase:0xd90000
                                                                                                              File size:232960 bytes
                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:8
                                                                                                              Start time:13:02:50
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7c72c0000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:9
                                                                                                              Start time:13:02:50
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM wirtpproxy.exe
                                                                                                              Imagebase:0xdb0000
                                                                                                              File size:74752 bytes
                                                                                                              MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:10
                                                                                                              Start time:13:02:51
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM wiservice-ui.exe
                                                                                                              Imagebase:0xd90000
                                                                                                              File size:232960 bytes
                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:11
                                                                                                              Start time:13:02:51
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7c72c0000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:12
                                                                                                              Start time:13:02:51
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM wiservice-ui.exe
                                                                                                              Imagebase:0xdb0000
                                                                                                              File size:74752 bytes
                                                                                                              MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:13
                                                                                                              Start time:13:02:52
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM vncsrv.exe
                                                                                                              Imagebase:0xd90000
                                                                                                              File size:232960 bytes
                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:14
                                                                                                              Start time:13:02:52
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7c72c0000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:15
                                                                                                              Start time:13:02:52
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM vncsrv.exe
                                                                                                              Imagebase:0xdb0000
                                                                                                              File size:74752 bytes
                                                                                                              MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:16
                                                                                                              Start time:13:02:53
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM WildixOutlookIntegration.exe
                                                                                                              Imagebase:0xd90000
                                                                                                              File size:232960 bytes
                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:17
                                                                                                              Start time:13:02:53
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7c72c0000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:18
                                                                                                              Start time:13:02:53
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM WildixOutlookIntegration.exe
                                                                                                              Imagebase:0xdb0000
                                                                                                              File size:74752 bytes
                                                                                                              MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:19
                                                                                                              Start time:13:03:00
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --removesvc
                                                                                                              Imagebase:0x7ff7578c0000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 0%, ReversingLabs

                                                                                                              General

                                                                                                              Target ID:20
                                                                                                              Start time:13:03:12
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter
                                                                                                              Imagebase:0x7ff7578c0000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:21
                                                                                                              Start time:13:03:15
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\spoolsv.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\System32\spoolsv.exe
                                                                                                              Imagebase:0x7ff703560000
                                                                                                              File size:768512 bytes
                                                                                                              MD5 hash:C05A19A38D7D203B738771FD1854656F
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:22
                                                                                                              Start time:13:03:17
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\spoolsv.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\System32\spoolsv.exe
                                                                                                              Imagebase:0x7ff703560000
                                                                                                              File size:768512 bytes
                                                                                                              MD5 hash:C05A19A38D7D203B738771FD1854656F
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:23
                                                                                                              Start time:13:03:33
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase
                                                                                                              Imagebase:0x20d382a0000
                                                                                                              File size:64096 bytes
                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                              General

                                                                                                              Target ID:24
                                                                                                              Start time:13:03:33
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7c72c0000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:27
                                                                                                              Start time:13:03:36
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase
                                                                                                              Imagebase:0x29eb41c0000
                                                                                                              File size:64096 bytes
                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                              General

                                                                                                              Target ID:28
                                                                                                              Start time:13:03:37
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7c72c0000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:29
                                                                                                              Start time:13:03:38
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase
                                                                                                              Imagebase:0x18baed30000
                                                                                                              File size:64096 bytes
                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                              General

                                                                                                              Target ID:30
                                                                                                              Start time:13:03:38
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7c72c0000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:31
                                                                                                              Start time:13:03:40
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase
                                                                                                              Imagebase:0x1e395da0000
                                                                                                              File size:64096 bytes
                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                              General

                                                                                                              Target ID:32
                                                                                                              Start time:13:03:41
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7c72c0000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:33
                                                                                                              Start time:13:03:46
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase
                                                                                                              Imagebase:0x216db640000
                                                                                                              File size:64096 bytes
                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                              General

                                                                                                              Target ID:34
                                                                                                              Start time:13:03:47
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7c72c0000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:35
                                                                                                              Start time:13:03:48
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase
                                                                                                              Imagebase:0x177fd2b0000
                                                                                                              File size:64096 bytes
                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                              General

                                                                                                              Target ID:36
                                                                                                              Start time:13:03:49
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7c72c0000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:37
                                                                                                              Start time:13:03:51
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase
                                                                                                              Imagebase:0x22d23a00000
                                                                                                              File size:64096 bytes
                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                              General

                                                                                                              Target ID:38
                                                                                                              Start time:13:03:51
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7c72c0000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:39
                                                                                                              Start time:13:03:53
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent
                                                                                                              Imagebase:0x1c8f6110000
                                                                                                              File size:64096 bytes
                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                              General

                                                                                                              Target ID:40
                                                                                                              Start time:13:03:53
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7c72c0000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:41
                                                                                                              Start time:13:03:55
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
                                                                                                              Imagebase:0x7ff632260000
                                                                                                              File size:273920 bytes
                                                                                                              MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:42
                                                                                                              Start time:13:03:56
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7c72c0000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:43
                                                                                                              Start time:13:03:56
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
                                                                                                              Imagebase:0x7ff7e6830000
                                                                                                              File size:226816 bytes
                                                                                                              MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:44
                                                                                                              Start time:13:03:57
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                              Imagebase:0x7ff632260000
                                                                                                              File size:273920 bytes
                                                                                                              MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:45
                                                                                                              Start time:13:03:57
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7c72c0000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:46
                                                                                                              Start time:13:03:57
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\netsh.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                              Imagebase:0x7ff719620000
                                                                                                              File size:92672 bytes
                                                                                                              MD5 hash:98CC37BBF363A38834253E22C80A8F32
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:47
                                                                                                              Start time:13:03:58
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --update
                                                                                                              Imagebase:0x7ff7578c0000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:48
                                                                                                              Start time:13:03:58
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                              Imagebase:0x7ff632260000
                                                                                                              File size:273920 bytes
                                                                                                              MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:49
                                                                                                              Start time:13:03:59
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7c72c0000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:50
                                                                                                              Start time:13:03:59
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\netsh.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                              Imagebase:0x7ff719620000
                                                                                                              File size:92672 bytes
                                                                                                              MD5 hash:98CC37BBF363A38834253E22C80A8F32
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:51
                                                                                                              Start time:13:04:00
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
                                                                                                              Imagebase:0x7ff7578c0000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:52
                                                                                                              Start time:13:04:05
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\WIService.exe"
                                                                                                              Imagebase:0x7ff7578c0000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:53
                                                                                                              Start time:13:04:13
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc
                                                                                                              Imagebase:0x7ff7578c0000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:54
                                                                                                              Start time:13:04:19
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc
                                                                                                              Imagebase:0x7ff7578c0000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:55
                                                                                                              Start time:13:04:25
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
                                                                                                              Imagebase:0x7ff7578c0000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:56
                                                                                                              Start time:13:04:25
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
                                                                                                              Imagebase:0x7ff7578c0000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:57
                                                                                                              Start time:13:04:31
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk
                                                                                                              Imagebase:0x7ff618f60000
                                                                                                              File size:3933184 bytes
                                                                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:58
                                                                                                              Start time:13:04:32
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                              Imagebase:0x7ff618f60000
                                                                                                              File size:3933184 bytes
                                                                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:59
                                                                                                              Start time:13:04:33
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
                                                                                                              Imagebase:0x7ff7578c0000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:61
                                                                                                              Start time:13:04:36
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\backgroundTaskHost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
                                                                                                              Imagebase:0x7ff756d70000
                                                                                                              File size:19352 bytes
                                                                                                              MD5 hash:B7FC4A29431D4F795BBAB1FB182B759A
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:63
                                                                                                              Start time:13:04:37
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineId
                                                                                                              Imagebase:0x7ff7578c0000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:64
                                                                                                              Start time:13:04:45
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --check_oi_enabled
                                                                                                              Imagebase:0x7ff7578c0000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:65
                                                                                                              Start time:13:04:52
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Imagebase:0x7ff618f60000
                                                                                                              File size:3933184 bytes
                                                                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:66
                                                                                                              Start time:13:04:52
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /F
                                                                                                              Imagebase:0x7ff632260000
                                                                                                              File size:273920 bytes
                                                                                                              MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:67
                                                                                                              Start time:13:04:52
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                              Imagebase:0x7ff618f60000
                                                                                                              File size:3933184 bytes
                                                                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:68
                                                                                                              Start time:13:04:52
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7c72c0000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:69
                                                                                                              Start time:13:04:53
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:schtasks /delete /TN "Wildix\WIService update recovery" /F
                                                                                                              Imagebase:0x7ff7e6830000
                                                                                                              File size:226816 bytes
                                                                                                              MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:70
                                                                                                              Start time:13:04:54
                                                                                                              Start date:08/12/2022
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                              Imagebase:0x7ff7578c0000
                                                                                                              File size:14791984 bytes
                                                                                                              MD5 hash:BC9438A9AF6E7EEA099BC91557F1FC26
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              Disassembly

                                                                                                              Reset < >

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:32%
                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                Signature Coverage:17.5%
                                                                                                                Total number of Nodes:1313
                                                                                                                Total number of Limit Nodes:43
                                                                                                                execution_graph 2845 401d41 2846 401d54 GetDlgItem 2845->2846 2847 401d47 2845->2847 2849 401d4e 2846->2849 2856 402b0a 2847->2856 2850 401d8f GetClientRect LoadImageA SendMessageA 2849->2850 2859 402b2c 2849->2859 2853 4029b8 2850->2853 2854 401deb 2850->2854 2854->2853 2855 401df3 DeleteObject 2854->2855 2855->2853 2865 406032 2856->2865 2858 402b1f 2858->2849 2860 402b38 2859->2860 2861 406032 17 API calls 2860->2861 2862 402b59 2861->2862 2863 402b65 2862->2863 2864 40627a 5 API calls 2862->2864 2863->2850 2864->2863 2866 40603f 2865->2866 2867 406261 2866->2867 2870 40623b lstrlenA 2866->2870 2871 406032 10 API calls 2866->2871 2875 406157 GetSystemDirectoryA 2866->2875 2876 40616a GetWindowsDirectoryA 2866->2876 2878 406032 10 API calls 2866->2878 2879 4061e4 lstrcatA 2866->2879 2880 40619e SHGetSpecialFolderLocation 2866->2880 2882 405ef7 2866->2882 2887 40627a 2866->2887 2896 405f6e wsprintfA 2866->2896 2897 406010 lstrcpynA 2866->2897 2868 406276 2867->2868 2898 406010 lstrcpynA 2867->2898 2868->2858 2870->2866 2871->2870 2875->2866 2876->2866 2878->2866 2879->2866 2880->2866 2881 4061b6 SHGetPathFromIDListA CoTaskMemFree 2880->2881 2881->2866 2899 405e96 2882->2899 2885 405f5a 2885->2866 2886 405f2b RegQueryValueExA RegCloseKey 2886->2885 2890 406286 2887->2890 2888 4062ee 2889 4062f2 CharPrevA 2888->2889 2892 40630d 2888->2892 2889->2888 2890->2888 2891 4062e3 CharNextA 2890->2891 2894 4062d1 CharNextA 2890->2894 2895 4062de CharNextA 2890->2895 2903 4059d3 2890->2903 2891->2888 2891->2890 2892->2866 2894->2890 2895->2891 2896->2866 2897->2866 2898->2868 2900 405ea5 2899->2900 2901 405ea9 2900->2901 2902 405eae RegOpenKeyExA 2900->2902 2901->2885 2901->2886 2902->2901 2904 4059d9 2903->2904 2905 4059ec 2904->2905 2906 4059df CharNextA 2904->2906 2905->2890 2906->2904 3790 401ec3 3791 402b2c 17 API calls 3790->3791 3792 401ec9 3791->3792 3793 402b2c 17 API calls 3792->3793 3794 401ed2 3793->3794 3795 402b2c 17 API calls 3794->3795 3796 401edb 3795->3796 3797 402b2c 17 API calls 3796->3797 3798 401ee4 3797->3798 3799 401423 24 API calls 3798->3799 3800 401eeb 3799->3800 3807 4056f2 ShellExecuteExA 3800->3807 3802 401f29 3803 40641d 5 API calls 3802->3803 3805 402783 3802->3805 3804 401f43 FindCloseChangeNotification 3803->3804 3804->3805 3807->3802 2944 401746 2945 402b2c 17 API calls 2944->2945 2946 40174d 2945->2946 2950 405bd8 2946->2950 2948 401754 2949 405bd8 2 API calls 2948->2949 2949->2948 2951 405be3 GetTickCount GetTempFileNameA 2950->2951 2952 405c10 2951->2952 2953 405c14 2951->2953 2952->2951 2952->2953 2953->2948 3808 401947 3809 402b2c 17 API calls 3808->3809 3810 40194e lstrlenA 3809->3810 3811 4025e4 3810->3811 2954 401f48 2955 402b2c 17 API calls 2954->2955 2956 401f4e 2955->2956 2967 405137 2956->2967 2961 402783 2964 401f7f FindCloseChangeNotification 2964->2961 2965 401f73 2965->2964 2986 405f6e wsprintfA 2965->2986 2968 405152 2967->2968 2977 401f58 2967->2977 2969 40516f lstrlenA 2968->2969 2972 406032 17 API calls 2968->2972 2970 405198 2969->2970 2971 40517d lstrlenA 2969->2971 2974 4051ab 2970->2974 2975 40519e SetWindowTextA 2970->2975 2973 40518f lstrcatA 2971->2973 2971->2977 2972->2969 2973->2970 2976 4051b1 SendMessageA SendMessageA SendMessageA 2974->2976 2974->2977 2975->2974 2976->2977 2978 4056af CreateProcessA 2977->2978 2979 4056e2 CloseHandle 2978->2979 2980 401f5e 2978->2980 2979->2980 2980->2961 2980->2964 2981 40641d WaitForSingleObject 2980->2981 2982 406437 2981->2982 2983 406449 GetExitCodeProcess 2982->2983 2987 4063e4 2982->2987 2983->2965 2986->2964 2988 406401 PeekMessageA 2987->2988 2989 406411 WaitForSingleObject 2988->2989 2990 4063f7 DispatchMessageA 2988->2990 2989->2982 2990->2988 3812 401fc8 3813 402b2c 17 API calls 3812->3813 3814 401fcf 3813->3814 3815 4063a8 5 API calls 3814->3815 3816 401fde 3815->3816 3817 401ff6 GlobalAlloc 3816->3817 3820 40205e 3816->3820 3818 40200a 3817->3818 3817->3820 3819 4063a8 5 API calls 3818->3819 3821 402011 3819->3821 3822 4063a8 5 API calls 3821->3822 3823 40201b 3822->3823 3823->3820 3827 405f6e wsprintfA 3823->3827 3825 402052 3828 405f6e wsprintfA 3825->3828 3827->3825 3828->3820 3829 4025c8 3830 402b2c 17 API calls 3829->3830 3831 4025cf 3830->3831 3834 405ba9 GetFileAttributesA CreateFileA 3831->3834 3833 4025db 3834->3833 3033 403bca 3034 403be2 3033->3034 3035 403d1d 3033->3035 3034->3035 3036 403bee 3034->3036 3037 403d6e 3035->3037 3038 403d2e GetDlgItem GetDlgItem 3035->3038 3039 403bf9 SetWindowPos 3036->3039 3040 403c0c 3036->3040 3042 403dc8 3037->3042 3047 401389 2 API calls 3037->3047 3102 40409e 3038->3102 3039->3040 3044 403c11 ShowWindow 3040->3044 3045 403c29 3040->3045 3093 403d18 3042->3093 3108 4040ea 3042->3108 3044->3045 3048 403c31 DestroyWindow 3045->3048 3049 403c4b 3045->3049 3046 403d58 KiUserCallbackDispatcher 3105 40140b 3046->3105 3051 403da0 3047->3051 3101 404027 3048->3101 3052 403c50 SetWindowLongA 3049->3052 3053 403c61 3049->3053 3051->3042 3054 403da4 SendMessageA 3051->3054 3052->3093 3057 403c6d GetDlgItem 3053->3057 3069 403cd8 3053->3069 3054->3093 3055 40140b 2 API calls 3091 403dda 3055->3091 3056 404029 DestroyWindow KiUserCallbackDispatcher 3056->3101 3058 403c80 SendMessageA IsWindowEnabled 3057->3058 3061 403c9d 3057->3061 3058->3061 3058->3093 3060 404058 ShowWindow 3060->3093 3063 403caa 3061->3063 3064 403cf1 SendMessageA 3061->3064 3065 403cbd 3061->3065 3073 403ca2 3061->3073 3062 406032 17 API calls 3062->3091 3063->3064 3063->3073 3064->3069 3067 403cc5 3065->3067 3068 403cda 3065->3068 3072 40140b 2 API calls 3067->3072 3070 40140b 2 API calls 3068->3070 3124 404105 3069->3124 3070->3073 3071 40409e 18 API calls 3071->3091 3072->3073 3073->3069 3121 404077 3073->3121 3074 40409e 18 API calls 3075 403e55 GetDlgItem 3074->3075 3076 403e72 ShowWindow KiUserCallbackDispatcher 3075->3076 3077 403e6a 3075->3077 3111 4040c0 KiUserCallbackDispatcher 3076->3111 3077->3076 3079 403e9c EnableWindow 3084 403eb0 3079->3084 3080 403eb5 GetSystemMenu EnableMenuItem SendMessageA 3081 403ee5 SendMessageA 3080->3081 3080->3084 3081->3084 3084->3080 3112 4040d3 SendMessageA 3084->3112 3113 403bab 3084->3113 3116 406010 lstrcpynA 3084->3116 3086 403f14 lstrlenA 3087 406032 17 API calls 3086->3087 3088 403f25 SetWindowTextA 3087->3088 3117 401389 3088->3117 3090 403f69 DestroyWindow 3092 403f83 CreateDialogParamA 3090->3092 3090->3101 3091->3055 3091->3056 3091->3062 3091->3071 3091->3074 3091->3090 3091->3093 3094 403fb6 3092->3094 3092->3101 3095 40409e 18 API calls 3094->3095 3096 403fc1 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3095->3096 3097 401389 2 API calls 3096->3097 3098 404007 3097->3098 3098->3093 3099 40400f ShowWindow 3098->3099 3100 4040ea SendMessageA 3099->3100 3100->3101 3101->3060 3101->3093 3103 406032 17 API calls 3102->3103 3104 4040a9 SetDlgItemTextA 3103->3104 3104->3046 3106 401389 2 API calls 3105->3106 3107 401420 3106->3107 3107->3037 3109 404102 3108->3109 3110 4040f3 SendMessageA 3108->3110 3109->3091 3110->3109 3111->3079 3112->3084 3114 406032 17 API calls 3113->3114 3115 403bb9 SetWindowTextA 3114->3115 3115->3084 3116->3086 3119 401390 3117->3119 3118 4013fe 3118->3091 3119->3118 3120 4013cb MulDiv SendMessageA 3119->3120 3120->3119 3122 404084 SendMessageA 3121->3122 3123 40407e 3121->3123 3122->3069 3123->3122 3125 4041c8 3124->3125 3126 40411d GetWindowLongA 3124->3126 3125->3093 3126->3125 3127 404132 3126->3127 3127->3125 3128 404162 3127->3128 3129 40415f GetSysColor 3127->3129 3130 404172 SetBkMode 3128->3130 3131 404168 SetTextColor 3128->3131 3129->3128 3132 404190 3130->3132 3133 40418a GetSysColor 3130->3133 3131->3130 3134 4041a1 3132->3134 3135 404197 SetBkColor 3132->3135 3133->3132 3134->3125 3136 4041b4 DeleteObject 3134->3136 3137 4041bb CreateBrushIndirect 3134->3137 3135->3134 3136->3137 3137->3125 3138 4014ca 3139 405137 24 API calls 3138->3139 3140 4014d1 3139->3140 3519 40254c 3520 402b6c 17 API calls 3519->3520 3521 402556 3520->3521 3522 402b0a 17 API calls 3521->3522 3523 40255f 3522->3523 3524 402586 RegEnumValueA 3523->3524 3525 40257a RegEnumKeyA 3523->3525 3527 402783 3523->3527 3526 40259b RegCloseKey 3524->3526 3525->3526 3526->3527 3602 403753 3603 40376b 3602->3603 3604 40375d CloseHandle 3602->3604 3609 403798 3603->3609 3604->3603 3607 4057d8 67 API calls 3608 40377c 3607->3608 3610 4037a6 3609->3610 3611 403770 3610->3611 3612 4037ab FreeLibrary GlobalFree 3610->3612 3611->3607 3612->3611 3612->3612 3835 4041d4 lstrcpynA lstrlenA 3662 4014d6 3663 402b0a 17 API calls 3662->3663 3664 4014dc Sleep 3663->3664 3666 4029b8 3664->3666 3685 401759 3686 402b2c 17 API calls 3685->3686 3687 401760 3686->3687 3688 401786 3687->3688 3689 40177e 3687->3689 3725 406010 lstrcpynA 3688->3725 3724 406010 lstrcpynA 3689->3724 3692 401791 3694 4059a8 3 API calls 3692->3694 3693 401784 3696 40627a 5 API calls 3693->3696 3695 401797 lstrcatA 3694->3695 3695->3693 3699 4017a3 3696->3699 3697 406313 2 API calls 3697->3699 3699->3697 3700 405b84 2 API calls 3699->3700 3701 4017ba CompareFileTime 3699->3701 3702 40187e 3699->3702 3703 401855 3699->3703 3706 406010 lstrcpynA 3699->3706 3711 406032 17 API calls 3699->3711 3721 40572c MessageBoxIndirectA 3699->3721 3723 405ba9 GetFileAttributesA CreateFileA 3699->3723 3700->3699 3701->3699 3704 405137 24 API calls 3702->3704 3705 405137 24 API calls 3703->3705 3713 40186a 3703->3713 3707 401888 3704->3707 3705->3713 3706->3699 3708 402ffb 31 API calls 3707->3708 3709 40189b 3708->3709 3710 4018af SetFileTime 3709->3710 3712 4018c1 FindCloseChangeNotification 3709->3712 3710->3712 3711->3699 3712->3713 3714 4018d2 3712->3714 3715 4018d7 3714->3715 3716 4018ea 3714->3716 3717 406032 17 API calls 3715->3717 3718 406032 17 API calls 3716->3718 3719 4018df lstrcatA 3717->3719 3720 4018f2 3718->3720 3719->3720 3722 40572c MessageBoxIndirectA 3720->3722 3721->3699 3722->3713 3723->3699 3724->3693 3725->3692 3836 401659 3837 402b2c 17 API calls 3836->3837 3838 40165f 3837->3838 3839 406313 2 API calls 3838->3839 3840 401665 3839->3840 3841 401959 3842 402b0a 17 API calls 3841->3842 3843 401960 3842->3843 3844 402b0a 17 API calls 3843->3844 3845 40196d 3844->3845 3846 402b2c 17 API calls 3845->3846 3847 401984 lstrlenA 3846->3847 3848 401994 3847->3848 3849 4019d4 3848->3849 3853 406010 lstrcpynA 3848->3853 3851 4019c4 3851->3849 3852 4019c9 lstrlenA 3851->3852 3852->3849 3853->3851 3726 4024da 3727 402b6c 17 API calls 3726->3727 3728 4024e4 3727->3728 3729 402b2c 17 API calls 3728->3729 3730 4024ed 3729->3730 3731 4024f7 RegQueryValueExA 3730->3731 3735 402783 3730->3735 3732 40251d RegCloseKey 3731->3732 3733 402517 3731->3733 3732->3735 3733->3732 3737 405f6e wsprintfA 3733->3737 3737->3732 3854 401cda 3855 402b0a 17 API calls 3854->3855 3856 401ce0 IsWindow 3855->3856 3857 401a0e 3856->3857 3858 402cdd 3859 402cec SetTimer 3858->3859 3861 402d05 3858->3861 3859->3861 3860 402d5a 3861->3860 3862 402d1f MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 3861->3862 3862->3860 3863 401a5e 3864 402b0a 17 API calls 3863->3864 3865 401a67 3864->3865 3866 402b0a 17 API calls 3865->3866 3867 401a0e 3866->3867 2907 401b63 2908 401b70 2907->2908 2909 401bb4 2907->2909 2910 40233b 2908->2910 2916 401b87 2908->2916 2911 401bb8 2909->2911 2912 401bdd GlobalAlloc 2909->2912 2914 406032 17 API calls 2910->2914 2917 401bf8 2911->2917 2928 406010 lstrcpynA 2911->2928 2913 406032 17 API calls 2912->2913 2913->2917 2915 402348 2914->2915 2929 40572c 2915->2929 2926 406010 lstrcpynA 2916->2926 2920 401bca GlobalFree 2920->2917 2922 401b96 2927 406010 lstrcpynA 2922->2927 2924 401ba5 2933 406010 lstrcpynA 2924->2933 2926->2922 2927->2924 2928->2920 2930 405741 2929->2930 2931 40578d 2930->2931 2932 405755 MessageBoxIndirectA 2930->2932 2931->2917 2932->2931 2933->2917 3868 401563 3869 402960 3868->3869 3872 405f6e wsprintfA 3869->3872 3871 402965 3872->3871 3873 402363 3874 402371 3873->3874 3875 40236b 3873->3875 3877 402b2c 17 API calls 3874->3877 3879 402381 3874->3879 3876 402b2c 17 API calls 3875->3876 3876->3874 3877->3879 3878 40238f 3881 402b2c 17 API calls 3878->3881 3879->3878 3880 402b2c 17 API calls 3879->3880 3880->3878 3882 402398 WritePrivateProfileStringA 3881->3882 2934 402765 2935 402b2c 17 API calls 2934->2935 2936 40276c FindFirstFileA 2935->2936 2937 40278f 2936->2937 2941 40277f 2936->2941 2942 405f6e wsprintfA 2937->2942 2939 402796 2943 406010 lstrcpynA 2939->2943 2942->2939 2943->2941 2991 4023e8 2992 40241a 2991->2992 2993 4023ef 2991->2993 2995 402b2c 17 API calls 2992->2995 3002 402b6c 2993->3002 2997 402421 2995->2997 3007 402bea 2997->3007 2999 402b2c 17 API calls 3001 402407 RegDeleteValueA RegCloseKey 2999->3001 3000 40242e 3001->3000 3003 402b2c 17 API calls 3002->3003 3004 402b83 3003->3004 3005 405e96 RegOpenKeyExA 3004->3005 3006 4023f6 3005->3006 3006->2999 3006->3000 3008 402bf6 3007->3008 3009 402bfd 3007->3009 3008->3000 3009->3008 3011 402c2e 3009->3011 3012 405e96 RegOpenKeyExA 3011->3012 3013 402c5c 3012->3013 3014 402c60 3013->3014 3015 402cd6 3013->3015 3016 402c82 RegEnumKeyA 3014->3016 3017 402c99 RegCloseKey 3014->3017 3018 402cba RegCloseKey 3014->3018 3021 402c2e 6 API calls 3014->3021 3015->3008 3016->3014 3016->3017 3024 4063a8 GetModuleHandleA 3017->3024 3018->3015 3021->3014 3022 402cca RegDeleteKeyA 3022->3015 3023 402cad 3023->3015 3025 4063c4 3024->3025 3026 4063ce GetProcAddress 3024->3026 3030 40633a GetSystemDirectoryA 3025->3030 3028 402ca9 3026->3028 3028->3022 3028->3023 3029 4063ca 3029->3026 3029->3028 3031 40635c wsprintfA LoadLibraryExA 3030->3031 3031->3029 3883 4044e9 3884 4044f9 3883->3884 3885 40451f 3883->3885 3886 40409e 18 API calls 3884->3886 3887 404105 8 API calls 3885->3887 3888 404506 SetDlgItemTextA 3886->3888 3889 40452b 3887->3889 3888->3885 3141 40206a 3142 40207c 3141->3142 3151 40212a 3141->3151 3143 402b2c 17 API calls 3142->3143 3145 402083 3143->3145 3144 401423 24 API calls 3152 4022a9 3144->3152 3146 402b2c 17 API calls 3145->3146 3147 40208c 3146->3147 3148 4020a1 LoadLibraryExA 3147->3148 3149 402094 GetModuleHandleA 3147->3149 3150 4020b1 GetProcAddress 3148->3150 3148->3151 3149->3148 3149->3150 3153 4020c0 3150->3153 3154 4020fd 3150->3154 3151->3144 3155 4020c8 3153->3155 3156 4020df KiUserCallbackDispatcher 3153->3156 3157 405137 24 API calls 3154->3157 3161 401423 3155->3161 3159 4020d0 3156->3159 3157->3159 3159->3152 3160 40211e FreeLibrary 3159->3160 3160->3152 3162 405137 24 API calls 3161->3162 3163 401431 3162->3163 3163->3159 3890 40166a 3891 402b2c 17 API calls 3890->3891 3892 401671 3891->3892 3893 402b2c 17 API calls 3892->3893 3894 40167a 3893->3894 3895 402b2c 17 API calls 3894->3895 3896 401683 MoveFileA 3895->3896 3897 401696 3896->3897 3898 40168f 3896->3898 3899 406313 2 API calls 3897->3899 3902 4022a9 3897->3902 3900 401423 24 API calls 3898->3900 3901 4016a5 3899->3901 3900->3902 3901->3902 3903 405def 36 API calls 3901->3903 3903->3898 3904 4025ea 3905 402603 3904->3905 3906 4025ef 3904->3906 3908 402b2c 17 API calls 3905->3908 3907 402b0a 17 API calls 3906->3907 3910 4025f8 3907->3910 3909 40260a lstrlenA 3908->3909 3909->3910 3911 405c50 WriteFile 3910->3911 3912 40262c 3910->3912 3911->3912 3186 40326b SetErrorMode GetVersion 3187 4032ac 3186->3187 3188 4032b2 3186->3188 3189 4063a8 5 API calls 3187->3189 3190 40633a 3 API calls 3188->3190 3189->3188 3191 4032c8 lstrlenA 3190->3191 3191->3188 3192 4032d7 3191->3192 3193 4063a8 5 API calls 3192->3193 3194 4032de 3193->3194 3195 4063a8 5 API calls 3194->3195 3196 4032e5 3195->3196 3197 4063a8 5 API calls 3196->3197 3199 4032f1 #17 OleInitialize SHGetFileInfoA 3197->3199 3276 406010 lstrcpynA 3199->3276 3201 40333d GetCommandLineA 3277 406010 lstrcpynA 3201->3277 3203 40334f 3204 4059d3 CharNextA 3203->3204 3205 403378 CharNextA 3204->3205 3214 403388 3205->3214 3206 403452 3207 403465 GetTempPathA 3206->3207 3278 40323a 3207->3278 3209 40347d 3211 403481 GetWindowsDirectoryA lstrcatA 3209->3211 3212 4034d7 DeleteFileA 3209->3212 3210 4059d3 CharNextA 3210->3214 3215 40323a 12 API calls 3211->3215 3288 402dc4 GetTickCount GetModuleFileNameA 3212->3288 3214->3206 3214->3210 3216 403454 3214->3216 3218 40349d 3215->3218 3372 406010 lstrcpynA 3216->3372 3217 4034eb 3220 403585 ExitProcess OleUninitialize 3217->3220 3223 403571 3217->3223 3228 4059d3 CharNextA 3217->3228 3218->3212 3219 4034a1 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 3218->3219 3222 40323a 12 API calls 3219->3222 3224 4036b9 3220->3224 3225 40359b 3220->3225 3226 4034cf 3222->3226 3316 40382d 3223->3316 3230 4036c1 GetCurrentProcess OpenProcessToken 3224->3230 3231 40373b ExitProcess 3224->3231 3229 40572c MessageBoxIndirectA 3225->3229 3226->3212 3226->3220 3235 403506 3228->3235 3237 4035a9 ExitProcess 3229->3237 3232 40370c 3230->3232 3233 4036dc LookupPrivilegeValueA AdjustTokenPrivileges 3230->3233 3238 4063a8 5 API calls 3232->3238 3233->3232 3234 403581 3234->3220 3240 4035b1 3235->3240 3241 40354c 3235->3241 3239 403713 3238->3239 3242 403728 ExitWindowsEx 3239->3242 3246 403734 3239->3246 3389 405697 3240->3389 3373 405a96 3241->3373 3242->3231 3242->3246 3250 40140b 2 API calls 3246->3250 3248 4035d2 lstrcatA lstrcmpiA 3248->3220 3251 4035ee 3248->3251 3249 4035c7 lstrcatA 3249->3248 3250->3231 3253 4035f3 3251->3253 3254 4035fa 3251->3254 3392 4055fd CreateDirectoryA 3253->3392 3397 40567a CreateDirectoryA 3254->3397 3255 403566 3388 406010 lstrcpynA 3255->3388 3260 4035ff SetCurrentDirectoryA 3261 403619 3260->3261 3262 40360e 3260->3262 3401 406010 lstrcpynA 3261->3401 3400 406010 lstrcpynA 3262->3400 3265 406032 17 API calls 3266 403658 DeleteFileA 3265->3266 3267 403665 CopyFileA 3266->3267 3273 403627 3266->3273 3267->3273 3268 4036ad 3270 405def 36 API calls 3268->3270 3271 4036b4 3270->3271 3271->3220 3272 406032 17 API calls 3272->3273 3273->3265 3273->3268 3273->3272 3274 4056af 2 API calls 3273->3274 3275 403699 CloseHandle 3273->3275 3402 405def MoveFileExA 3273->3402 3274->3273 3275->3273 3276->3201 3277->3203 3279 40627a 5 API calls 3278->3279 3281 403246 3279->3281 3280 403250 3280->3209 3281->3280 3406 4059a8 lstrlenA CharPrevA 3281->3406 3284 40567a 2 API calls 3285 40325e 3284->3285 3286 405bd8 2 API calls 3285->3286 3287 403269 3286->3287 3287->3209 3409 405ba9 GetFileAttributesA CreateFileA 3288->3409 3290 402e04 3311 402e14 3290->3311 3410 406010 lstrcpynA 3290->3410 3292 402e2a 3411 4059ef lstrlenA 3292->3411 3296 402e3b GetFileSize 3297 402f35 3296->3297 3309 402e52 3296->3309 3416 402d60 3297->3416 3299 402f3e 3301 402f6e GlobalAlloc 3299->3301 3299->3311 3451 403223 SetFilePointer 3299->3451 3427 403223 SetFilePointer 3301->3427 3302 402fa1 3307 402d60 6 API calls 3302->3307 3305 402f57 3308 40320d ReadFile 3305->3308 3306 402f89 3428 402ffb 3306->3428 3307->3311 3312 402f62 3308->3312 3309->3297 3309->3302 3309->3311 3313 402d60 6 API calls 3309->3313 3448 40320d 3309->3448 3311->3217 3312->3301 3312->3311 3313->3309 3314 402f95 3314->3311 3314->3314 3315 402fd2 SetFilePointer 3314->3315 3315->3311 3317 4063a8 5 API calls 3316->3317 3318 403841 3317->3318 3319 403847 3318->3319 3320 403859 3318->3320 3472 405f6e wsprintfA 3319->3472 3321 405ef7 3 API calls 3320->3321 3322 403884 3321->3322 3324 4038a2 lstrcatA 3322->3324 3326 405ef7 3 API calls 3322->3326 3325 403857 3324->3325 3457 403af2 3325->3457 3326->3324 3329 405a96 18 API calls 3330 4038d4 3329->3330 3331 40395d 3330->3331 3334 405ef7 3 API calls 3330->3334 3332 405a96 18 API calls 3331->3332 3333 403963 3332->3333 3336 403973 LoadImageA 3333->3336 3337 406032 17 API calls 3333->3337 3335 403900 3334->3335 3335->3331 3340 40391c lstrlenA 3335->3340 3344 4059d3 CharNextA 3335->3344 3338 403a19 3336->3338 3339 40399a RegisterClassA 3336->3339 3337->3336 3343 40140b 2 API calls 3338->3343 3341 4039d0 SystemParametersInfoA CreateWindowExA 3339->3341 3342 403a23 3339->3342 3345 403950 3340->3345 3346 40392a lstrcmpiA 3340->3346 3341->3338 3342->3234 3347 403a1f 3343->3347 3348 40391a 3344->3348 3350 4059a8 3 API calls 3345->3350 3346->3345 3349 40393a GetFileAttributesA 3346->3349 3347->3342 3352 403af2 18 API calls 3347->3352 3348->3340 3351 403946 3349->3351 3353 403956 3350->3353 3351->3345 3354 4059ef 2 API calls 3351->3354 3355 403a30 3352->3355 3473 406010 lstrcpynA 3353->3473 3354->3345 3357 403a3c ShowWindow 3355->3357 3358 403abf 3355->3358 3360 40633a 3 API calls 3357->3360 3465 405209 OleInitialize 3358->3465 3361 403a54 3360->3361 3363 403a62 GetClassInfoA 3361->3363 3365 40633a 3 API calls 3361->3365 3362 403ac5 3364 403ae1 3362->3364 3369 403ac9 3362->3369 3367 403a76 GetClassInfoA RegisterClassA 3363->3367 3368 403a8c DialogBoxParamA 3363->3368 3366 40140b 2 API calls 3364->3366 3365->3363 3366->3342 3367->3368 3370 40140b 2 API calls 3368->3370 3369->3342 3371 40140b 2 API calls 3369->3371 3370->3342 3371->3342 3372->3207 3475 406010 lstrcpynA 3373->3475 3375 405aa7 3476 405a41 CharNextA CharNextA 3375->3476 3378 403557 3378->3220 3387 406010 lstrcpynA 3378->3387 3379 40627a 5 API calls 3385 405abd 3379->3385 3380 405ae8 lstrlenA 3381 405af3 3380->3381 3380->3385 3382 4059a8 3 API calls 3381->3382 3384 405af8 GetFileAttributesA 3382->3384 3384->3378 3385->3378 3385->3380 3386 4059ef 2 API calls 3385->3386 3482 406313 FindFirstFileA 3385->3482 3386->3380 3387->3255 3388->3223 3390 4063a8 5 API calls 3389->3390 3391 4035b6 lstrcatA 3390->3391 3391->3248 3391->3249 3393 40564e GetLastError 3392->3393 3394 4035f8 3392->3394 3393->3394 3395 40565d SetFileSecurityA 3393->3395 3394->3260 3395->3394 3396 405673 GetLastError 3395->3396 3396->3394 3398 40568a 3397->3398 3399 40568e GetLastError 3397->3399 3398->3260 3399->3398 3400->3261 3401->3273 3403 405e10 3402->3403 3404 405e03 3402->3404 3403->3273 3485 405c7f 3404->3485 3407 4059c2 lstrcatA 3406->3407 3408 403258 3406->3408 3407->3408 3408->3284 3409->3290 3410->3292 3412 4059fc 3411->3412 3413 405a01 CharPrevA 3412->3413 3414 402e30 3412->3414 3413->3412 3413->3414 3415 406010 lstrcpynA 3414->3415 3415->3296 3417 402d81 3416->3417 3418 402d69 3416->3418 3421 402d91 GetTickCount 3417->3421 3422 402d89 3417->3422 3419 402d72 DestroyWindow 3418->3419 3420 402d79 3418->3420 3419->3420 3420->3299 3423 402dc2 3421->3423 3424 402d9f CreateDialogParamA ShowWindow 3421->3424 3425 4063e4 2 API calls 3422->3425 3423->3299 3424->3423 3426 402d8f 3425->3426 3426->3299 3427->3306 3429 403011 3428->3429 3430 40303f 3429->3430 3454 403223 SetFilePointer 3429->3454 3432 40320d ReadFile 3430->3432 3433 40304a 3432->3433 3434 4031a6 3433->3434 3435 40305c GetTickCount 3433->3435 3443 403190 3433->3443 3436 4031e8 3434->3436 3441 4031aa 3434->3441 3435->3443 3445 4030ab 3435->3445 3438 40320d ReadFile 3436->3438 3437 40320d ReadFile 3437->3445 3438->3443 3439 40320d ReadFile 3439->3441 3440 405c50 WriteFile 3440->3441 3441->3439 3441->3440 3441->3443 3442 403101 GetTickCount 3442->3445 3443->3314 3444 403126 MulDiv wsprintfA 3446 405137 24 API calls 3444->3446 3445->3437 3445->3442 3445->3443 3445->3444 3452 405c50 WriteFile 3445->3452 3446->3445 3455 405c21 ReadFile 3448->3455 3451->3305 3453 405c6e 3452->3453 3453->3445 3454->3430 3456 403220 3455->3456 3456->3309 3458 403b06 3457->3458 3474 405f6e wsprintfA 3458->3474 3460 403b77 3461 403bab 18 API calls 3460->3461 3463 403b7c 3461->3463 3462 4038b2 3462->3329 3463->3462 3464 406032 17 API calls 3463->3464 3464->3463 3466 4040ea SendMessageA 3465->3466 3471 40522c 3466->3471 3467 405253 3468 4040ea SendMessageA 3467->3468 3469 405265 OleUninitialize 3468->3469 3469->3362 3470 401389 2 API calls 3470->3471 3471->3467 3471->3470 3472->3325 3473->3331 3474->3460 3475->3375 3477 405a5c 3476->3477 3480 405a6c 3476->3480 3479 405a67 CharNextA 3477->3479 3477->3480 3478 405a8c 3478->3378 3478->3379 3479->3478 3480->3478 3481 4059d3 CharNextA 3480->3481 3481->3480 3483 406334 3482->3483 3484 406329 FindClose 3482->3484 3483->3385 3484->3483 3486 405ca5 3485->3486 3487 405ccb GetShortPathNameA 3485->3487 3512 405ba9 GetFileAttributesA CreateFileA 3486->3512 3488 405ce0 3487->3488 3489 405dea 3487->3489 3488->3489 3491 405ce8 wsprintfA 3488->3491 3489->3403 3494 406032 17 API calls 3491->3494 3492 405caf CloseHandle GetShortPathNameA 3492->3489 3493 405cc3 3492->3493 3493->3487 3493->3489 3495 405d10 3494->3495 3513 405ba9 GetFileAttributesA CreateFileA 3495->3513 3497 405d1d 3497->3489 3498 405d2c GetFileSize GlobalAlloc 3497->3498 3499 405de3 CloseHandle 3498->3499 3500 405d4e 3498->3500 3499->3489 3501 405c21 ReadFile 3500->3501 3502 405d56 3501->3502 3502->3499 3514 405b0e lstrlenA 3502->3514 3505 405d81 3507 405b0e 4 API calls 3505->3507 3506 405d6d lstrcpyA 3508 405d8f 3506->3508 3507->3508 3509 405dc6 SetFilePointer 3508->3509 3510 405c50 WriteFile 3509->3510 3511 405ddc GlobalFree 3510->3511 3511->3499 3512->3492 3513->3497 3515 405b4f lstrlenA 3514->3515 3516 405b57 3515->3516 3517 405b28 lstrcmpiA 3515->3517 3516->3505 3516->3506 3517->3516 3518 405b46 CharNextA 3517->3518 3518->3515 3913 4037eb 3914 4037f6 3913->3914 3915 4037fa 3914->3915 3916 4037fd GlobalAlloc 3914->3916 3916->3915 3917 4019ed 3918 402b2c 17 API calls 3917->3918 3919 4019f4 3918->3919 3920 402b2c 17 API calls 3919->3920 3921 4019fd 3920->3921 3922 401a04 lstrcmpiA 3921->3922 3923 401a16 lstrcmpA 3921->3923 3924 401a0a 3922->3924 3923->3924 3529 4026ef 3530 4026f6 3529->3530 3533 402965 3529->3533 3531 402b0a 17 API calls 3530->3531 3532 4026fd 3531->3532 3534 40270c SetFilePointer 3532->3534 3534->3533 3535 40271c 3534->3535 3537 405f6e wsprintfA 3535->3537 3537->3533 3925 40156f 3926 401586 3925->3926 3927 40157f ShowWindow 3925->3927 3928 401594 ShowWindow 3926->3928 3929 4029b8 3926->3929 3927->3926 3928->3929 3930 4014f4 SetForegroundWindow 3931 4029b8 3930->3931 3613 405275 3614 405420 3613->3614 3615 405297 GetDlgItem GetDlgItem GetDlgItem 3613->3615 3617 405450 3614->3617 3618 405428 GetDlgItem CreateThread FindCloseChangeNotification 3614->3618 3658 4040d3 SendMessageA 3615->3658 3620 40547e 3617->3620 3621 405466 ShowWindow ShowWindow 3617->3621 3622 40549f 3617->3622 3618->3617 3661 405209 5 API calls 3618->3661 3619 405307 3626 40530e GetClientRect GetSystemMetrics SendMessageA SendMessageA 3619->3626 3623 4054b2 ShowWindow 3620->3623 3624 40548e 3620->3624 3627 4054d9 3620->3627 3660 4040d3 SendMessageA 3621->3660 3625 404105 8 API calls 3622->3625 3631 4054d2 3623->3631 3632 4054c4 3623->3632 3629 404077 SendMessageA 3624->3629 3630 4054ab 3625->3630 3633 405360 SendMessageA SendMessageA 3626->3633 3634 40537c 3626->3634 3627->3622 3635 4054e6 SendMessageA 3627->3635 3629->3622 3637 404077 SendMessageA 3631->3637 3636 405137 24 API calls 3632->3636 3633->3634 3638 405381 SendMessageA 3634->3638 3639 40538f 3634->3639 3635->3630 3640 4054ff CreatePopupMenu 3635->3640 3636->3631 3637->3627 3638->3639 3641 40409e 18 API calls 3639->3641 3642 406032 17 API calls 3640->3642 3644 40539f 3641->3644 3643 40550f AppendMenuA 3642->3643 3645 405540 TrackPopupMenu 3643->3645 3646 40552d GetWindowRect 3643->3646 3647 4053a8 ShowWindow 3644->3647 3648 4053dc GetDlgItem SendMessageA 3644->3648 3645->3630 3649 40555c 3645->3649 3646->3645 3650 4053cb 3647->3650 3651 4053be ShowWindow 3647->3651 3648->3630 3652 405403 SendMessageA SendMessageA 3648->3652 3653 40557b SendMessageA 3649->3653 3659 4040d3 SendMessageA 3650->3659 3651->3650 3652->3630 3653->3653 3654 405598 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3653->3654 3656 4055ba SendMessageA 3654->3656 3656->3656 3657 4055dc GlobalUnlock SetClipboardData CloseClipboard 3656->3657 3657->3630 3658->3619 3659->3648 3660->3620 3932 401cfb 3933 402b0a 17 API calls 3932->3933 3934 401d02 3933->3934 3935 402b0a 17 API calls 3934->3935 3936 401d0e GetDlgItem 3935->3936 3937 4025e4 3936->3937 3938 4018fd 3939 401934 3938->3939 3940 402b2c 17 API calls 3939->3940 3941 401939 3940->3941 3942 4057d8 67 API calls 3941->3942 3943 401942 3942->3943 3944 401dff GetDC 3945 402b0a 17 API calls 3944->3945 3946 401e11 GetDeviceCaps MulDiv ReleaseDC 3945->3946 3947 402b0a 17 API calls 3946->3947 3948 401e42 3947->3948 3949 406032 17 API calls 3948->3949 3950 401e7f CreateFontIndirectA 3949->3950 3951 4025e4 3950->3951 3952 401000 3953 401037 BeginPaint GetClientRect 3952->3953 3954 40100c DefWindowProcA 3952->3954 3956 4010f3 3953->3956 3957 401179 3954->3957 3958 401073 CreateBrushIndirect FillRect DeleteObject 3956->3958 3959 4010fc 3956->3959 3958->3956 3960 401102 CreateFontIndirectA 3959->3960 3961 401167 EndPaint 3959->3961 3960->3961 3962 401112 6 API calls 3960->3962 3961->3957 3962->3961 3963 401900 3964 402b2c 17 API calls 3963->3964 3965 401907 3964->3965 3966 40572c MessageBoxIndirectA 3965->3966 3967 401910 3966->3967 3968 404881 3969 404891 3968->3969 3970 4048ad 3968->3970 3979 405710 GetDlgItemTextA 3969->3979 3972 4048e0 3970->3972 3973 4048b3 SHGetPathFromIDListA 3970->3973 3975 4048c3 3973->3975 3978 4048ca SendMessageA 3973->3978 3974 40489e SendMessageA 3974->3970 3977 40140b 2 API calls 3975->3977 3977->3978 3978->3972 3979->3974 3980 401502 3981 40150a 3980->3981 3983 40151d 3980->3983 3982 402b0a 17 API calls 3981->3982 3982->3983 3984 404209 3986 40421f 3984->3986 3990 40432b 3984->3990 3985 40439a 3988 404464 3985->3988 3989 4043a4 GetDlgItem 3985->3989 3987 40409e 18 API calls 3986->3987 3991 404275 3987->3991 3995 404105 8 API calls 3988->3995 3992 404422 3989->3992 3993 4043ba 3989->3993 3990->3985 3990->3988 3996 40436f GetDlgItem SendMessageA 3990->3996 3994 40409e 18 API calls 3991->3994 3992->3988 3999 404434 3992->3999 3993->3992 3998 4043e0 SendMessageA LoadCursorA SetCursor 3993->3998 3997 404282 CheckDlgButton 3994->3997 4010 40445f 3995->4010 4017 4040c0 KiUserCallbackDispatcher 3996->4017 4015 4040c0 KiUserCallbackDispatcher 3997->4015 4021 4044ad 3998->4021 4004 40443a SendMessageA 3999->4004 4005 40444b 3999->4005 4001 404395 4018 404489 4001->4018 4004->4005 4009 404451 SendMessageA 4005->4009 4005->4010 4007 4042a0 GetDlgItem 4016 4040d3 SendMessageA 4007->4016 4009->4010 4012 4042b6 SendMessageA 4013 4042d4 GetSysColor 4012->4013 4014 4042dd SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4012->4014 4013->4014 4014->4010 4015->4007 4016->4012 4017->4001 4019 404497 4018->4019 4020 40449c SendMessageA 4018->4020 4019->4020 4020->3985 4024 4056f2 ShellExecuteExA 4021->4024 4023 404413 LoadCursorA SetCursor 4023->3992 4024->4023 3164 401c0a 3165 402b0a 17 API calls 3164->3165 3166 401c11 3165->3166 3167 402b0a 17 API calls 3166->3167 3168 401c1e 3167->3168 3169 401c33 3168->3169 3170 402b2c 17 API calls 3168->3170 3171 401c43 3169->3171 3172 402b2c 17 API calls 3169->3172 3170->3169 3173 401c9a 3171->3173 3174 401c4e 3171->3174 3172->3171 3176 402b2c 17 API calls 3173->3176 3175 402b0a 17 API calls 3174->3175 3177 401c53 3175->3177 3178 401c9f 3176->3178 3179 402b0a 17 API calls 3177->3179 3180 402b2c 17 API calls 3178->3180 3181 401c5f 3179->3181 3182 401ca8 FindWindowExA 3180->3182 3183 401c8a SendMessageA 3181->3183 3184 401c6c SendMessageTimeoutA 3181->3184 3185 401cc6 3182->3185 3183->3185 3184->3185 3538 401e8f 3539 402b0a 17 API calls 3538->3539 3540 401e95 3539->3540 3541 402b0a 17 API calls 3540->3541 3542 401ea1 3541->3542 3543 401eb8 EnableWindow 3542->3543 3544 401ead ShowWindow 3542->3544 3545 4029b8 3543->3545 3544->3545 4025 401490 4026 405137 24 API calls 4025->4026 4027 401497 4026->4027 4028 402993 SendMessageA 4029 4029b8 4028->4029 4030 4029ad InvalidateRect 4028->4030 4030->4029 4031 401f98 4032 402b2c 17 API calls 4031->4032 4033 401f9f 4032->4033 4034 406313 2 API calls 4033->4034 4035 401fa5 4034->4035 4037 401fb7 4035->4037 4038 405f6e wsprintfA 4035->4038 4038->4037 4039 40149d 4040 4014ab PostQuitMessage 4039->4040 4041 40234e 4039->4041 4040->4041 4042 40159d 4043 402b2c 17 API calls 4042->4043 4044 4015a4 SetFileAttributesA 4043->4044 4045 4015b6 4044->4045 4046 401a1e 4047 402b2c 17 API calls 4046->4047 4048 401a27 ExpandEnvironmentStringsA 4047->4048 4049 401a3b 4048->4049 4051 401a4e 4048->4051 4050 401a40 lstrcmpA 4049->4050 4049->4051 4050->4051 4057 40171f 4058 402b2c 17 API calls 4057->4058 4059 401726 SearchPathA 4058->4059 4060 401741 4059->4060 4061 401d20 4062 402b0a 17 API calls 4061->4062 4063 401d2e SetWindowLongA 4062->4063 4064 4029b8 4063->4064 4065 402721 4066 402727 4065->4066 4067 4029b8 4066->4067 4068 40272f FindClose 4066->4068 4068->4067 4069 404aa3 GetDlgItem GetDlgItem 4070 404d20 4069->4070 4071 404af9 7 API calls 4069->4071 4076 404e02 4070->4076 4103 404d8f 4070->4103 4122 4049f1 SendMessageA 4070->4122 4072 404ba1 DeleteObject 4071->4072 4073 404b95 SendMessageA 4071->4073 4074 404bac 4072->4074 4073->4072 4075 404be3 4074->4075 4079 406032 17 API calls 4074->4079 4077 40409e 18 API calls 4075->4077 4078 404eae 4076->4078 4081 404d13 4076->4081 4087 404e5b SendMessageA 4076->4087 4080 404bf7 4077->4080 4082 404ec0 4078->4082 4083 404eb8 SendMessageA 4078->4083 4084 404bc5 SendMessageA SendMessageA 4079->4084 4086 40409e 18 API calls 4080->4086 4088 404105 8 API calls 4081->4088 4090 404ed2 ImageList_Destroy 4082->4090 4091 404ed9 4082->4091 4099 404ee9 4082->4099 4083->4082 4084->4074 4104 404c08 4086->4104 4087->4081 4093 404e70 SendMessageA 4087->4093 4094 4050a4 4088->4094 4089 404df4 SendMessageA 4089->4076 4090->4091 4095 404ee2 GlobalFree 4091->4095 4091->4099 4092 405058 4092->4081 4100 40506a ShowWindow GetDlgItem ShowWindow 4092->4100 4097 404e83 4093->4097 4095->4099 4096 404ce2 GetWindowLongA SetWindowLongA 4098 404cfb 4096->4098 4108 404e94 SendMessageA 4097->4108 4101 404d00 ShowWindow 4098->4101 4102 404d18 4098->4102 4099->4092 4116 404f24 4099->4116 4127 404a71 4099->4127 4100->4081 4120 4040d3 SendMessageA 4101->4120 4121 4040d3 SendMessageA 4102->4121 4103->4076 4103->4089 4104->4096 4107 404c5a SendMessageA 4104->4107 4109 404cdd 4104->4109 4110 404c98 SendMessageA 4104->4110 4111 404cac SendMessageA 4104->4111 4107->4104 4108->4078 4109->4096 4109->4098 4110->4104 4111->4104 4113 40502e InvalidateRect 4113->4092 4114 405044 4113->4114 4136 4049ac 4114->4136 4115 404f52 SendMessageA 4119 404f68 4115->4119 4116->4115 4116->4119 4118 404fdc SendMessageA SendMessageA 4118->4119 4119->4113 4119->4118 4120->4081 4121->4070 4123 404a50 SendMessageA 4122->4123 4124 404a14 GetMessagePos ScreenToClient SendMessageA 4122->4124 4125 404a48 4123->4125 4124->4125 4126 404a4d 4124->4126 4125->4103 4126->4123 4139 406010 lstrcpynA 4127->4139 4129 404a84 4140 405f6e wsprintfA 4129->4140 4131 404a8e 4132 40140b 2 API calls 4131->4132 4133 404a97 4132->4133 4141 406010 lstrcpynA 4133->4141 4135 404a9e 4135->4116 4142 4048e7 4136->4142 4138 4049c1 4138->4092 4139->4129 4140->4131 4141->4135 4143 4048fd 4142->4143 4144 406032 17 API calls 4143->4144 4145 404961 4144->4145 4146 406032 17 API calls 4145->4146 4147 40496c 4146->4147 4148 406032 17 API calls 4147->4148 4149 404982 lstrlenA wsprintfA SetDlgItemTextA 4148->4149 4149->4138 4150 4027a3 4151 402b2c 17 API calls 4150->4151 4152 4027b1 4151->4152 4153 4027c7 4152->4153 4154 402b2c 17 API calls 4152->4154 4155 405b84 2 API calls 4153->4155 4154->4153 4156 4027cd 4155->4156 4178 405ba9 GetFileAttributesA CreateFileA 4156->4178 4158 4027da 4159 4027e6 GlobalAlloc 4158->4159 4160 40287d 4158->4160 4163 402874 CloseHandle 4159->4163 4164 4027ff 4159->4164 4161 402885 DeleteFileA 4160->4161 4162 402898 4160->4162 4161->4162 4163->4160 4179 403223 SetFilePointer 4164->4179 4166 402805 4167 40320d ReadFile 4166->4167 4168 40280e GlobalAlloc 4167->4168 4169 402852 4168->4169 4170 40281e 4168->4170 4172 405c50 WriteFile 4169->4172 4171 402ffb 31 API calls 4170->4171 4177 40282b 4171->4177 4173 40285e GlobalFree 4172->4173 4174 402ffb 31 API calls 4173->4174 4176 402871 4174->4176 4175 402849 GlobalFree 4175->4169 4176->4163 4177->4175 4178->4158 4179->4166 4180 4023a7 4181 402b2c 17 API calls 4180->4181 4182 4023b8 4181->4182 4183 402b2c 17 API calls 4182->4183 4184 4023c1 4183->4184 4185 402b2c 17 API calls 4184->4185 4186 4023cb GetPrivateProfileStringA 4185->4186 4187 4050ab 4188 4050bb 4187->4188 4189 4050cf 4187->4189 4191 4050c1 4188->4191 4192 405118 4188->4192 4190 4050d7 IsWindowVisible 4189->4190 4198 4050ee 4189->4198 4190->4192 4193 4050e4 4190->4193 4195 4040ea SendMessageA 4191->4195 4194 40511d CallWindowProcA 4192->4194 4197 4049f1 5 API calls 4193->4197 4196 4050cb 4194->4196 4195->4196 4197->4198 4198->4194 4199 404a71 4 API calls 4198->4199 4199->4192 4200 40292c 4201 402b0a 17 API calls 4200->4201 4202 402932 4201->4202 4203 402967 4202->4203 4204 402783 4202->4204 4206 402944 4202->4206 4203->4204 4205 406032 17 API calls 4203->4205 4205->4204 4206->4204 4208 405f6e wsprintfA 4206->4208 4208->4204 4209 404530 4210 40455c 4209->4210 4211 40456d 4209->4211 4270 405710 GetDlgItemTextA 4210->4270 4213 404579 GetDlgItem 4211->4213 4220 4045d8 4211->4220 4216 40458d 4213->4216 4214 4046bc 4219 404866 4214->4219 4272 405710 GetDlgItemTextA 4214->4272 4215 404567 4217 40627a 5 API calls 4215->4217 4218 4045a1 SetWindowTextA 4216->4218 4222 405a41 4 API calls 4216->4222 4217->4211 4223 40409e 18 API calls 4218->4223 4226 404105 8 API calls 4219->4226 4220->4214 4220->4219 4224 406032 17 API calls 4220->4224 4228 404597 4222->4228 4229 4045bd 4223->4229 4230 40464c SHBrowseForFolderA 4224->4230 4225 4046ec 4231 405a96 18 API calls 4225->4231 4227 40487a 4226->4227 4228->4218 4235 4059a8 3 API calls 4228->4235 4232 40409e 18 API calls 4229->4232 4230->4214 4233 404664 CoTaskMemFree 4230->4233 4234 4046f2 4231->4234 4236 4045cb 4232->4236 4237 4059a8 3 API calls 4233->4237 4273 406010 lstrcpynA 4234->4273 4235->4218 4271 4040d3 SendMessageA 4236->4271 4239 404671 4237->4239 4242 4046a8 SetDlgItemTextA 4239->4242 4246 406032 17 API calls 4239->4246 4241 4045d1 4244 4063a8 5 API calls 4241->4244 4242->4214 4243 404709 4245 4063a8 5 API calls 4243->4245 4244->4220 4252 404710 4245->4252 4247 404690 lstrcmpiA 4246->4247 4247->4242 4250 4046a1 lstrcatA 4247->4250 4248 40474c 4274 406010 lstrcpynA 4248->4274 4250->4242 4251 404753 4253 405a41 4 API calls 4251->4253 4252->4248 4256 4059ef 2 API calls 4252->4256 4258 4047a4 4252->4258 4254 404759 GetDiskFreeSpaceA 4253->4254 4257 40477d MulDiv 4254->4257 4254->4258 4256->4252 4257->4258 4259 404815 4258->4259 4261 4049ac 20 API calls 4258->4261 4260 404838 4259->4260 4262 40140b 2 API calls 4259->4262 4275 4040c0 KiUserCallbackDispatcher 4260->4275 4263 404802 4261->4263 4262->4260 4265 404817 SetDlgItemTextA 4263->4265 4266 404807 4263->4266 4265->4259 4267 4048e7 20 API calls 4266->4267 4267->4259 4268 404854 4268->4219 4269 404489 SendMessageA 4268->4269 4269->4219 4270->4215 4271->4241 4272->4225 4273->4243 4274->4251 4275->4268 4276 402631 4277 402b0a 17 API calls 4276->4277 4281 40263b 4277->4281 4278 4026a9 4279 405c21 ReadFile 4279->4281 4280 4026ab 4285 405f6e wsprintfA 4280->4285 4281->4278 4281->4279 4281->4280 4282 4026bb 4281->4282 4282->4278 4284 4026d1 SetFilePointer 4282->4284 4284->4278 4285->4278 3546 401932 3547 401934 3546->3547 3548 402b2c 17 API calls 3547->3548 3549 401939 3548->3549 3552 4057d8 3549->3552 3553 405a96 18 API calls 3552->3553 3554 4057f8 3553->3554 3555 405800 DeleteFileA 3554->3555 3556 405817 3554->3556 3583 401942 3555->3583 3559 405945 3556->3559 3589 406010 lstrcpynA 3556->3589 3558 40583d 3560 405850 3558->3560 3561 405843 lstrcatA 3558->3561 3562 406313 2 API calls 3559->3562 3559->3583 3564 4059ef 2 API calls 3560->3564 3563 405856 3561->3563 3565 405969 3562->3565 3566 405864 lstrcatA 3563->3566 3567 40586f lstrlenA FindFirstFileA 3563->3567 3564->3563 3568 4059a8 3 API calls 3565->3568 3565->3583 3566->3567 3567->3559 3587 405893 3567->3587 3570 405973 3568->3570 3569 4059d3 CharNextA 3569->3587 3571 405790 5 API calls 3570->3571 3572 40597f 3571->3572 3573 405983 3572->3573 3574 405999 3572->3574 3579 405137 24 API calls 3573->3579 3573->3583 3575 405137 24 API calls 3574->3575 3575->3583 3576 405924 FindNextFileA 3578 40593c FindClose 3576->3578 3576->3587 3578->3559 3580 405990 3579->3580 3582 405def 36 API calls 3580->3582 3582->3583 3584 4057d8 60 API calls 3584->3587 3585 405137 24 API calls 3585->3576 3586 405137 24 API calls 3586->3587 3587->3569 3587->3576 3587->3584 3587->3585 3587->3586 3588 405def 36 API calls 3587->3588 3590 406010 lstrcpynA 3587->3590 3591 405790 3587->3591 3588->3587 3589->3558 3590->3587 3599 405b84 GetFileAttributesA 3591->3599 3594 4057bd 3594->3587 3595 4057b3 DeleteFileA 3597 4057b9 3595->3597 3596 4057ab RemoveDirectoryA 3596->3597 3597->3594 3598 4057c9 SetFileAttributesA 3597->3598 3598->3594 3600 40579c 3599->3600 3601 405b96 SetFileAttributesA 3599->3601 3600->3594 3600->3595 3600->3596 3601->3600 4286 4022b2 4287 402b2c 17 API calls 4286->4287 4288 4022b8 4287->4288 4289 402b2c 17 API calls 4288->4289 4290 4022c1 4289->4290 4291 402b2c 17 API calls 4290->4291 4292 4022ca 4291->4292 4293 406313 2 API calls 4292->4293 4294 4022d3 4293->4294 4295 4022e4 lstrlenA lstrlenA 4294->4295 4299 4022d7 4294->4299 4297 405137 24 API calls 4295->4297 4296 405137 24 API calls 4300 4022df 4296->4300 4298 402320 SHFileOperationA 4297->4298 4298->4299 4298->4300 4299->4296 4299->4300 4301 402334 4302 40233b 4301->4302 4304 40234e 4301->4304 4303 406032 17 API calls 4302->4303 4305 402348 4303->4305 4306 40572c MessageBoxIndirectA 4305->4306 4306->4304 4307 4014b7 4308 4014bd 4307->4308 4309 401389 2 API calls 4308->4309 4310 4014c5 4309->4310 3667 402138 3668 402b2c 17 API calls 3667->3668 3669 40213f 3668->3669 3670 402b2c 17 API calls 3669->3670 3671 402149 3670->3671 3672 402b2c 17 API calls 3671->3672 3673 402153 3672->3673 3674 402b2c 17 API calls 3673->3674 3675 40215d 3674->3675 3676 402b2c 17 API calls 3675->3676 3677 402167 3676->3677 3678 4021a9 CoCreateInstance 3677->3678 3679 402b2c 17 API calls 3677->3679 3682 4021c8 3678->3682 3684 402273 3678->3684 3679->3678 3680 401423 24 API calls 3681 4022a9 3680->3681 3683 402253 MultiByteToWideChar 3682->3683 3682->3684 3683->3684 3684->3680 3684->3681 3738 4015bb 3739 402b2c 17 API calls 3738->3739 3740 4015c2 3739->3740 3741 405a41 4 API calls 3740->3741 3746 4015ca 3741->3746 3742 401624 3744 401652 3742->3744 3745 401629 3742->3745 3743 4059d3 CharNextA 3743->3746 3748 401423 24 API calls 3744->3748 3747 401423 24 API calls 3745->3747 3746->3742 3746->3743 3750 40567a 2 API calls 3746->3750 3752 405697 5 API calls 3746->3752 3754 40160c GetFileAttributesA 3746->3754 3756 4055fd 4 API calls 3746->3756 3749 401630 3747->3749 3755 40164a 3748->3755 3757 406010 lstrcpynA 3749->3757 3750->3746 3752->3746 3753 40163b SetCurrentDirectoryA 3753->3755 3754->3746 3756->3746 3757->3753 3758 40273b 3759 402741 3758->3759 3760 402745 FindNextFileA 3759->3760 3763 402757 3759->3763 3761 402796 3760->3761 3760->3763 3764 406010 lstrcpynA 3761->3764 3764->3763 4311 4016bb 4312 402b2c 17 API calls 4311->4312 4313 4016c1 GetFullPathNameA 4312->4313 4314 4016d8 4313->4314 4320 4016f9 4313->4320 4316 406313 2 API calls 4314->4316 4314->4320 4315 40170d GetShortPathNameA 4317 4029b8 4315->4317 4318 4016e9 4316->4318 4318->4320 4321 406010 lstrcpynA 4318->4321 4320->4315 4320->4317 4321->4320 3765 40243d 3766 402b2c 17 API calls 3765->3766 3767 40244f 3766->3767 3768 402b2c 17 API calls 3767->3768 3769 402459 3768->3769 3782 402bbc 3769->3782 3772 402b2c 17 API calls 3778 402487 lstrlenA 3772->3778 3773 402783 3774 40248e 3775 40249a 3774->3775 3776 402b0a 17 API calls 3774->3776 3777 4024b9 RegSetValueExA 3775->3777 3779 402ffb 31 API calls 3775->3779 3776->3775 3780 4024cf RegCloseKey 3777->3780 3778->3774 3779->3777 3780->3773 3783 402bd7 3782->3783 3786 405ec4 3783->3786 3787 405ed3 3786->3787 3788 402469 3787->3788 3789 405ede RegCreateKeyExA 3787->3789 3788->3772 3788->3773 3788->3774 3789->3788 4322 401b3f 4323 402b2c 17 API calls 4322->4323 4324 401b46 4323->4324 4325 402b0a 17 API calls 4324->4325 4326 401b4f wsprintfA 4325->4326 4327 4029b8 4326->4327

                                                                                                                Executed Functions

                                                                                                                Function 0040326B Relevance: 93.1, APIs: 33, Strings: 20, Instructions: 366stringcomfileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 0 40326b-4032aa SetErrorMode GetVersion 1 4032ac-4032b4 call 4063a8 0->1 2 4032bd 0->2 1->2 7 4032b6 1->7 4 4032c2-4032d5 call 40633a lstrlenA 2->4 9 4032d7-4032f3 call 4063a8 * 3 4->9 7->2 16 403304-403362 #17 OleInitialize SHGetFileInfoA call 406010 GetCommandLineA call 406010 9->16 17 4032f5-4032fb 9->17 24 403364-403369 16->24 25 40336e-403383 call 4059d3 CharNextA 16->25 17->16 21 4032fd 17->21 21->16 24->25 28 403448-40344c 25->28 29 403452 28->29 30 403388-40338b 28->30 33 403465-40347f GetTempPathA call 40323a 29->33 31 403393-40339b 30->31 32 40338d-403391 30->32 34 4033a3-4033a6 31->34 35 40339d-40339e 31->35 32->31 32->32 43 403481-40349f GetWindowsDirectoryA lstrcatA call 40323a 33->43 44 4034d7-4034f1 DeleteFileA call 402dc4 33->44 37 403438-403445 call 4059d3 34->37 38 4033ac-4033b0 34->38 35->34 37->28 53 403447 37->53 41 4033b2-4033b8 38->41 42 4033c8-4033f5 38->42 47 4033ba-4033bc 41->47 48 4033be 41->48 49 4033f7-4033fd 42->49 50 403408-403436 42->50 43->44 58 4034a1-4034d1 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 40323a 43->58 59 403585-403595 ExitProcess OleUninitialize 44->59 60 4034f7-4034fd 44->60 47->42 47->48 48->42 55 403403 49->55 56 4033ff-403401 49->56 50->37 52 403454-403460 call 406010 50->52 52->33 53->28 55->50 56->50 56->55 58->44 58->59 65 4036b9-4036bf 59->65 66 40359b-4035ab call 40572c ExitProcess 59->66 63 403575-40357c call 40382d 60->63 64 4034ff-40350a call 4059d3 60->64 75 403581 63->75 81 403540-40354a 64->81 82 40350c-403535 64->82 71 4036c1-4036da GetCurrentProcess OpenProcessToken 65->71 72 40373b-403743 65->72 73 40370c-40371a call 4063a8 71->73 74 4036dc-403706 LookupPrivilegeValueA AdjustTokenPrivileges 71->74 77 403745 72->77 78 403749-40374d ExitProcess 72->78 87 403728-403732 ExitWindowsEx 73->87 88 40371c-403726 73->88 74->73 75->59 77->78 85 4035b1-4035c5 call 405697 lstrcatA 81->85 86 40354c-403559 call 405a96 81->86 84 403537-403539 82->84 84->81 89 40353b-40353e 84->89 95 4035d2-4035ec lstrcatA lstrcmpiA 85->95 96 4035c7-4035cd lstrcatA 85->96 86->59 97 40355b-403571 call 406010 * 2 86->97 87->72 93 403734-403736 call 40140b 87->93 88->87 88->93 89->81 89->84 93->72 95->59 100 4035ee-4035f1 95->100 96->95 97->63 102 4035f3-4035f8 call 4055fd 100->102 103 4035fa call 40567a 100->103 110 4035ff-40360c SetCurrentDirectoryA 102->110 103->110 111 403619-403641 call 406010 110->111 112 40360e-403614 call 406010 110->112 116 403647-403663 call 406032 DeleteFileA 111->116 112->111 119 4036a4-4036ab 116->119 120 403665-403675 CopyFileA 116->120 119->116 122 4036ad-4036b4 call 405def 119->122 120->119 121 403677-403697 call 405def call 406032 call 4056af 120->121 121->119 131 403699-4036a0 CloseHandle 121->131 122->59 131->119
                                                                                                                C-Code - Quality: 85%
                                                                                                                			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t53;
				CHAR* _t55;
				void* _t59;
				intOrPtr _t61;
				int _t62;
				int _t65;
				signed int _t66;
				int _t67;
				signed int _t69;
				void* _t93;
				signed int _t109;
				void* _t112;
				void* _t117;
				intOrPtr* _t118;
				char _t121;
				signed int _t140;
				signed int _t141;
				int _t149;
				void* _t150;
				intOrPtr* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t158;
				char* _t159;
				void* _t162;
				void* _t163;
				char _t188;

				 *(_t163 + 0x18) = 0;
				 *((intOrPtr*)(_t163 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t163 + 0x20) = 0;
				 *(_t163 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x42f40c = _t42;
				if(_t42 != 6) {
					_t118 = E004063A8(0);
					if(_t118 != 0) {
						 *_t118(0xc00);
					}
				}
				_t155 = "UXTHEME";
				do {
					E0040633A(_t155); // executed
					_t155 =  &(_t155[lstrlenA(_t155) + 1]);
				} while ( *_t155 != 0);
				E004063A8(0xa);
				 *0x42f404 = E004063A8(8);
				_t47 = E004063A8(6);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x42f40f =  *0x42f40f | 0x00000040;
					}
				}
				__imp__#17(_t158);
				__imp__OleInitialize(0); // executed
				 *0x42f4d8 = _t47;
				SHGetFileInfoA(0x429830, 0, _t163 + 0x38, 0x160, 0); // executed
				E00406010("Wildix Integration Service v3.11.3 Setup", "NSIS Error");
				_t51 = GetCommandLineA();
				_t159 = "\"C:\\Users\\jones\\Desktop\\SetupWIService.exe\"";
				E00406010(_t159, _t51);
				 *0x42f400 = 0x400000;
				_t53 = _t159;
				if("\"C:\\Users\\jones\\Desktop\\SetupWIService.exe\"" == 0x22) {
					 *(_t163 + 0x14) = 0x22;
					_t53 =  &M00435001;
				}
				_t55 = CharNextA(E004059D3(_t53,  *(_t163 + 0x14)));
				 *(_t163 + 0x1c) = _t55;
				while(1) {
					_t121 =  *_t55;
					_t171 = _t121;
					if(_t121 == 0) {
						break;
					}
					__eflags = _t121 - 0x20;
					if(_t121 != 0x20) {
						L13:
						__eflags =  *_t55 - 0x22;
						 *(_t163 + 0x14) = 0x20;
						if( *_t55 == 0x22) {
							_t55 =  &(_t55[1]);
							__eflags = _t55;
							 *(_t163 + 0x14) = 0x22;
						}
						__eflags =  *_t55 - 0x2f;
						if( *_t55 != 0x2f) {
							L25:
							_t55 = E004059D3(_t55,  *(_t163 + 0x14));
							__eflags =  *_t55 - 0x22;
							if(__eflags == 0) {
								_t55 =  &(_t55[1]);
								__eflags = _t55;
							}
							continue;
						} else {
							_t55 =  &(_t55[1]);
							__eflags =  *_t55 - 0x53;
							if( *_t55 != 0x53) {
								L20:
								__eflags =  *_t55 - ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC");
								if( *_t55 != ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=")) {
										 *((char*)(_t55 - 2)) = 0;
										__eflags =  &(_t55[2]);
										E00406010("C:\\Program Files\\Wildix\\WIService",  &(_t55[2]));
										L30:
										_t156 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t156); // executed
										_t59 = E0040323A(_t171);
										_t172 = _t59;
										if(_t59 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t61 = E00402DC4(_t174,  *(_t163 + 0x20)); // executed
											 *((intOrPtr*)(_t163 + 0x10)) = _t61;
											if(_t61 != 0) {
												L43:
												ExitProcess(); // executed
												__imp__OleUninitialize(); // executed
												_t184 =  *((intOrPtr*)(_t163 + 0x10));
												if( *((intOrPtr*)(_t163 + 0x10)) == 0) {
													__eflags =  *0x42f4b4;
													if( *0x42f4b4 == 0) {
														L67:
														_t62 =  *0x42f4cc;
														__eflags = _t62 - 0xffffffff;
														if(_t62 != 0xffffffff) {
															 *(_t163 + 0x14) = _t62;
														}
														ExitProcess( *(_t163 + 0x14));
													}
													_t65 = OpenProcessToken(GetCurrentProcess(), 0x28, _t163 + 0x18);
													__eflags = _t65;
													_t149 = 2;
													if(_t65 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t163 + 0x24);
														 *(_t163 + 0x38) = 1;
														 *(_t163 + 0x44) = _t149;
														AdjustTokenPrivileges( *(_t163 + 0x2c), 0, _t163 + 0x28, 0, 0, 0);
													}
													_t66 = E004063A8(4);
													__eflags = _t66;
													if(_t66 == 0) {
														L65:
														_t67 = ExitWindowsEx(_t149, 0x80040002);
														__eflags = _t67;
														if(_t67 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t69 =  *_t66(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t69;
														if(_t69 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E0040572C( *((intOrPtr*)(_t163 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											if( *0x42f420 == 0) {
												L42:
												 *0x42f4cc =  *0x42f4cc | 0xffffffff;
												 *(_t163 + 0x18) = E0040382D( *0x42f4cc);
												goto L43;
											}
											_t152 = E004059D3(_t159, 0);
											if(_t152 < _t159) {
												L39:
												_t181 = _t152 - _t159;
												 *((intOrPtr*)(_t163 + 0x10)) = "Error launching installer";
												if(_t152 < _t159) {
													_t150 = E00405697(_t184);
													lstrcatA(_t156, "~nsu");
													if(_t150 != 0) {
														lstrcatA(_t156, "A");
													}
													lstrcatA(_t156, ".tmp");
													_t161 = "C:\\Users\\jones\\Desktop";
													if(lstrcmpiA(_t156, "C:\\Users\\jones\\Desktop") != 0) {
														_push(_t156);
														if(_t150 == 0) {
															E0040567A();
														} else {
															E004055FD();
														}
														SetCurrentDirectoryA(_t156);
														_t188 = "C:\\Program Files\\Wildix\\WIService"; // 0x43
														if(_t188 == 0) {
															E00406010("C:\\Program Files\\Wildix\\WIService", _t161);
														}
														E00406010("0x0000565B",  *(_t163 + 0x1c));
														_t136 = "A";
														_t162 = 0x1a;
														 *0x430400 = "A";
														do {
															E00406032(0, 0x429430, _t156, 0x429430,  *((intOrPtr*)( *0x42f414 + 0x120)));
															DeleteFileA(0x429430);
															if( *((intOrPtr*)(_t163 + 0x10)) != 0 && CopyFileA("C:\\Users\\jones\\Desktop\\SetupWIService.exe", 0x429430, 1) != 0) {
																E00405DEF(_t136, 0x429430, 0);
																E00406032(0, 0x429430, _t156, 0x429430,  *((intOrPtr*)( *0x42f414 + 0x124)));
																_t93 = E004056AF(0x429430);
																if(_t93 != 0) {
																	CloseHandle(_t93);
																	 *((intOrPtr*)(_t163 + 0x10)) = 0;
																}
															}
															 *0x430400 =  *0x430400 + 1;
															_t162 = _t162 - 1;
														} while (_t162 != 0);
														E00405DEF(_t136, _t156, 0);
													}
													goto L43;
												}
												 *_t152 = 0;
												_t153 = _t152 + 4;
												if(E00405A96(_t181, _t152 + 4) == 0) {
													goto L43;
												}
												E00406010("C:\\Program Files\\Wildix\\WIService", _t153);
												E00406010("C:\\Program Files\\Wildix\\WIService", _t153);
												 *((intOrPtr*)(_t163 + 0x10)) = 0;
												goto L42;
											}
											_t109 = (( *0x40a15b << 0x00000008 |  *0x40a15a) << 0x00000008 |  *0x40a159) << 0x00000008 | " _?=";
											while( *_t152 != _t109) {
												_t152 = _t152 - 1;
												if(_t152 >= _t159) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t156, 0x3fb);
										lstrcatA(_t156, "\\Temp");
										_t112 = E0040323A(_t172);
										_t173 = _t112;
										if(_t112 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t156);
										lstrcatA(_t156, "Low");
										SetEnvironmentVariableA("TEMP", _t156);
										SetEnvironmentVariableA("TMP", _t156);
										_t117 = E0040323A(_t173);
										_t174 = _t117;
										if(_t117 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t140 = _t55[4];
								__eflags = _t140 - 0x20;
								if(_t140 == 0x20) {
									L23:
									_t15 = _t163 + 0x20;
									 *_t15 =  *(_t163 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t140;
								if(_t140 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t141 = _t55[1];
							__eflags = _t141 - 0x20;
							if(_t141 == 0x20) {
								L19:
								 *0x42f4c0 = 1;
								goto L20;
							}
							__eflags = _t141;
							if(_t141 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t55 =  &(_t55[1]);
						__eflags =  *_t55 - 0x20;
					} while ( *_t55 == 0x20);
					goto L13;
				}
				goto L30;
			}

































                                                                                                                0x0040327b
                                                                                                                0x0040327f
                                                                                                                0x00403287
                                                                                                                0x0040328b
                                                                                                                0x00403290
                                                                                                                0x0040329c
                                                                                                                0x004032a5
                                                                                                                0x004032aa
                                                                                                                0x004032ad
                                                                                                                0x004032b4
                                                                                                                0x004032bb
                                                                                                                0x004032bb
                                                                                                                0x004032b4
                                                                                                                0x004032bd
                                                                                                                0x004032c2
                                                                                                                0x004032c3
                                                                                                                0x004032cf
                                                                                                                0x004032d3
                                                                                                                0x004032d9
                                                                                                                0x004032e7
                                                                                                                0x004032ec
                                                                                                                0x004032f3
                                                                                                                0x004032f7
                                                                                                                0x004032fb
                                                                                                                0x004032fd
                                                                                                                0x004032fd
                                                                                                                0x004032fb
                                                                                                                0x00403305
                                                                                                                0x0040330c
                                                                                                                0x00403312
                                                                                                                0x00403328
                                                                                                                0x00403338
                                                                                                                0x0040333d
                                                                                                                0x00403343
                                                                                                                0x0040334a
                                                                                                                0x00403356
                                                                                                                0x00403360
                                                                                                                0x00403362
                                                                                                                0x00403364
                                                                                                                0x00403369
                                                                                                                0x00403369
                                                                                                                0x00403379
                                                                                                                0x0040337f
                                                                                                                0x00403448
                                                                                                                0x00403448
                                                                                                                0x0040344a
                                                                                                                0x0040344c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403388
                                                                                                                0x0040338b
                                                                                                                0x00403393
                                                                                                                0x00403393
                                                                                                                0x00403396
                                                                                                                0x0040339b
                                                                                                                0x0040339d
                                                                                                                0x0040339d
                                                                                                                0x0040339e
                                                                                                                0x0040339e
                                                                                                                0x004033a3
                                                                                                                0x004033a6
                                                                                                                0x00403438
                                                                                                                0x0040343d
                                                                                                                0x00403442
                                                                                                                0x00403445
                                                                                                                0x00403447
                                                                                                                0x00403447
                                                                                                                0x00403447
                                                                                                                0x00000000
                                                                                                                0x004033ac
                                                                                                                0x004033ac
                                                                                                                0x004033ad
                                                                                                                0x004033b0
                                                                                                                0x004033c8
                                                                                                                0x004033f3
                                                                                                                0x004033f5
                                                                                                                0x00403408
                                                                                                                0x00403433
                                                                                                                0x00403436
                                                                                                                0x00403454
                                                                                                                0x00403457
                                                                                                                0x00403460
                                                                                                                0x00403465
                                                                                                                0x0040346b
                                                                                                                0x00403476
                                                                                                                0x00403478
                                                                                                                0x0040347d
                                                                                                                0x0040347f
                                                                                                                0x004034d7
                                                                                                                0x004034dc
                                                                                                                0x004034e6
                                                                                                                0x004034ed
                                                                                                                0x004034f1
                                                                                                                0x00403585
                                                                                                                0x00403585
                                                                                                                0x0040358a
                                                                                                                0x00403590
                                                                                                                0x00403595
                                                                                                                0x004036b9
                                                                                                                0x004036bf
                                                                                                                0x0040373b
                                                                                                                0x0040373b
                                                                                                                0x00403740
                                                                                                                0x00403743
                                                                                                                0x00403745
                                                                                                                0x00403745
                                                                                                                0x0040374d
                                                                                                                0x0040374d
                                                                                                                0x004036cf
                                                                                                                0x004036d7
                                                                                                                0x004036d9
                                                                                                                0x004036da
                                                                                                                0x004036e7
                                                                                                                0x004036fa
                                                                                                                0x00403702
                                                                                                                0x00403706
                                                                                                                0x00403706
                                                                                                                0x0040370e
                                                                                                                0x00403713
                                                                                                                0x0040371a
                                                                                                                0x00403728
                                                                                                                0x0040372a
                                                                                                                0x00403730
                                                                                                                0x00403732
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040371c
                                                                                                                0x00403722
                                                                                                                0x00403724
                                                                                                                0x00403726
                                                                                                                0x00403734
                                                                                                                0x00403736
                                                                                                                0x00000000
                                                                                                                0x00403736
                                                                                                                0x00000000
                                                                                                                0x00403726
                                                                                                                0x0040371a
                                                                                                                0x004035a4
                                                                                                                0x004035ab
                                                                                                                0x004035ab
                                                                                                                0x004034fd
                                                                                                                0x00403575
                                                                                                                0x00403575
                                                                                                                0x00403581
                                                                                                                0x00000000
                                                                                                                0x00403581
                                                                                                                0x00403506
                                                                                                                0x0040350a
                                                                                                                0x00403540
                                                                                                                0x00403540
                                                                                                                0x00403542
                                                                                                                0x0040354a
                                                                                                                0x004035bc
                                                                                                                0x004035be
                                                                                                                0x004035c5
                                                                                                                0x004035cd
                                                                                                                0x004035cd
                                                                                                                0x004035d8
                                                                                                                0x004035dd
                                                                                                                0x004035ec
                                                                                                                0x004035f0
                                                                                                                0x004035f1
                                                                                                                0x004035fa
                                                                                                                0x004035f3
                                                                                                                0x004035f3
                                                                                                                0x004035f3
                                                                                                                0x00403600
                                                                                                                0x00403606
                                                                                                                0x0040360c
                                                                                                                0x00403614
                                                                                                                0x00403614
                                                                                                                0x00403622
                                                                                                                0x00403627
                                                                                                                0x00403639
                                                                                                                0x00403641
                                                                                                                0x00403647
                                                                                                                0x00403653
                                                                                                                0x00403659
                                                                                                                0x00403663
                                                                                                                0x00403679
                                                                                                                0x0040368a
                                                                                                                0x00403690
                                                                                                                0x00403697
                                                                                                                0x0040369a
                                                                                                                0x004036a0
                                                                                                                0x004036a0
                                                                                                                0x00403697
                                                                                                                0x004036a4
                                                                                                                0x004036aa
                                                                                                                0x004036aa
                                                                                                                0x004036af
                                                                                                                0x004036af
                                                                                                                0x00000000
                                                                                                                0x004035ec
                                                                                                                0x0040354c
                                                                                                                0x0040354e
                                                                                                                0x00403559
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403561
                                                                                                                0x0040356c
                                                                                                                0x00403571
                                                                                                                0x00000000
                                                                                                                0x00403571
                                                                                                                0x00403535
                                                                                                                0x00403537
                                                                                                                0x0040353b
                                                                                                                0x0040353e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040353e
                                                                                                                0x00000000
                                                                                                                0x00403537
                                                                                                                0x00403487
                                                                                                                0x00403493
                                                                                                                0x00403498
                                                                                                                0x0040349d
                                                                                                                0x0040349f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004034a7
                                                                                                                0x004034af
                                                                                                                0x004034c0
                                                                                                                0x004034c8
                                                                                                                0x004034ca
                                                                                                                0x004034cf
                                                                                                                0x004034d1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004034d1
                                                                                                                0x00000000
                                                                                                                0x00403436
                                                                                                                0x004033f7
                                                                                                                0x004033fa
                                                                                                                0x004033fd
                                                                                                                0x00403403
                                                                                                                0x00403403
                                                                                                                0x00403403
                                                                                                                0x00403403
                                                                                                                0x00000000
                                                                                                                0x00403403
                                                                                                                0x004033ff
                                                                                                                0x00403401
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403401
                                                                                                                0x004033b2
                                                                                                                0x004033b5
                                                                                                                0x004033b8
                                                                                                                0x004033be
                                                                                                                0x004033be
                                                                                                                0x00000000
                                                                                                                0x004033be
                                                                                                                0x004033ba
                                                                                                                0x004033bc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004033bc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040338d
                                                                                                                0x0040338d
                                                                                                                0x0040338d
                                                                                                                0x0040338e
                                                                                                                0x0040338e
                                                                                                                0x00000000
                                                                                                                0x0040338d
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNELBASE ref: 00403290
                                                                                                                • GetVersion.KERNEL32 ref: 00403296
                                                                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004032C9
                                                                                                                • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403305
                                                                                                                • OleInitialize.OLE32(00000000), ref: 0040330C
                                                                                                                • SHGetFileInfoA.SHELL32(00429830,00000000,?,00000160,00000000,?,00000006,00000008,0000000A), ref: 00403328
                                                                                                                • GetCommandLineA.KERNEL32(Wildix Integration Service v3.11.3 Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040333D
                                                                                                                • CharNextA.USER32(00000000,"C:\Users\user\Desktop\SetupWIService.exe",00000020,"C:\Users\user\Desktop\SetupWIService.exe",00000000,?,00000006,00000008,0000000A), ref: 00403379
                                                                                                                • GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000006,00000008,0000000A), ref: 00403476
                                                                                                                • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 00403487
                                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 00403493
                                                                                                                • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004034A7
                                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004034AF
                                                                                                                • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004034C0
                                                                                                                • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004034C8
                                                                                                                • DeleteFileA.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 004034DC
                                                                                                                  • Part of subcall function 004063A8: GetModuleHandleA.KERNEL32(?,?,?,004032DE,0000000A), ref: 004063BA
                                                                                                                  • Part of subcall function 004063A8: GetProcAddress.KERNEL32(00000000,?), ref: 004063D5
                                                                                                                  • Part of subcall function 0040382D: lstrlenA.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Wildix\WIService,1033,Wildix Integration Service v3.11.3 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.11.3 Setup ,00000000,00000002,7476FA90), ref: 0040391D
                                                                                                                  • Part of subcall function 0040382D: lstrcmpiA.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Wildix\WIService,1033,Wildix Integration Service v3.11.3 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.11.3 Setup ,00000000), ref: 00403930
                                                                                                                  • Part of subcall function 0040382D: GetFileAttributesA.KERNEL32(Remove folder: ), ref: 0040393B
                                                                                                                  • Part of subcall function 0040382D: LoadImageA.USER32 ref: 00403984
                                                                                                                  • Part of subcall function 0040382D: RegisterClassA.USER32 ref: 004039C1
                                                                                                                • ExitProcess.KERNEL32(?,?,00000006,00000008,0000000A), ref: 00403585
                                                                                                                  • Part of subcall function 00403753: CloseHandle.KERNEL32(FFFFFFFF,0040358A,?,?,00000006,00000008,0000000A), ref: 0040375E
                                                                                                                • OleUninitialize.OLE32(?,?,00000006,00000008,0000000A), ref: 0040358A
                                                                                                                • ExitProcess.KERNEL32 ref: 004035AB
                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,00000006,00000008,0000000A), ref: 004036C8
                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 004036CF
                                                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004036E7
                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403706
                                                                                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 0040372A
                                                                                                                • ExitProcess.KERNEL32 ref: 0040374D
                                                                                                                  • Part of subcall function 0040572C: MessageBoxIndirectA.USER32(0040A218), ref: 00405787
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$Exit$File$EnvironmentHandlePathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCloseCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpi
                                                                                                                • String ID: "$"C:\Users\user\Desktop\SetupWIService.exe"$.tmp$0x0000565B$1033$C:\Program Files\Wildix\WIService$C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SetupWIService.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$Wildix Integration Service v3.11.3 Setup$\Temp$~nsu
                                                                                                                • API String ID: 562314493-525057400
                                                                                                                • Opcode ID: 4775c68527fbb917aecb0a7c801f737b56a4a891fa957fa25b7ad5f6c3460015
                                                                                                                • Instruction ID: c488d4947f624a60ea111d8e8e2b3f6be1d3d76fce8bfd42f4ae142e8cae794f
                                                                                                                • Opcode Fuzzy Hash: 4775c68527fbb917aecb0a7c801f737b56a4a891fa957fa25b7ad5f6c3460015
                                                                                                                • Instruction Fuzzy Hash: 9EC10570104741AAD7216F759D49B2F3EA8AF4570AF44443FF582B61E2CB7C8A198B2F
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405275 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 132 405275-405291 133 405420-405426 132->133 134 405297-40535e GetDlgItem * 3 call 4040d3 call 4049c4 GetClientRect GetSystemMetrics SendMessageA * 2 132->134 136 405450-40545c 133->136 137 405428-40544a GetDlgItem CreateThread FindCloseChangeNotification 133->137 156 405360-40537a SendMessageA * 2 134->156 157 40537c-40537f 134->157 139 40547e-405484 136->139 140 40545e-405464 136->140 137->136 141 405486-40548c 139->141 142 4054d9-4054dc 139->142 144 405466-405479 ShowWindow * 2 call 4040d3 140->144 145 40549f-4054a6 call 404105 140->145 146 4054b2-4054c2 ShowWindow 141->146 147 40548e-40549a call 404077 141->147 142->145 150 4054de-4054e4 142->150 144->139 153 4054ab-4054af 145->153 154 4054d2-4054d4 call 404077 146->154 155 4054c4-4054cd call 405137 146->155 147->145 150->145 158 4054e6-4054f9 SendMessageA 150->158 154->142 155->154 156->157 161 405381-40538d SendMessageA 157->161 162 40538f-4053a6 call 40409e 157->162 163 4055f6-4055f8 158->163 164 4054ff-40552b CreatePopupMenu call 406032 AppendMenuA 158->164 161->162 171 4053a8-4053bc ShowWindow 162->171 172 4053dc-4053fd GetDlgItem SendMessageA 162->172 163->153 169 405540-405556 TrackPopupMenu 164->169 170 40552d-40553d GetWindowRect 164->170 169->163 173 40555c-405576 169->173 170->169 174 4053cb 171->174 175 4053be-4053c9 ShowWindow 171->175 172->163 176 405403-40541b SendMessageA * 2 172->176 177 40557b-405596 SendMessageA 173->177 178 4053d1-4053d7 call 4040d3 174->178 175->178 176->163 177->177 179 405598-4055b8 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 177->179 178->172 181 4055ba-4055da SendMessageA 179->181 181->181 182 4055dc-4055f0 GlobalUnlock SetClipboardData CloseClipboard 181->182 182->163
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E00405275(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t113;
				void* _t121;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x42ebe4; // 0x1043e
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						_t121 = CreateThread(0, 0, E00405209, GetDlgItem(_a4, 0x3ec), 0,  &_a8); // executed
						FindCloseChangeNotification(_t121);
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E00406032(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x42a870;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x42ebcc - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x42f408, 8); // executed
							__eflags =  *0x42f4ac - _t150;
							if( *0x42f4ac == _t150) {
								_t113 =  *0x42a048; // 0x678964
								E00405137( *((intOrPtr*)(_t113 + 0x34)), _t150);
							}
							E00404077(1);
							goto L25;
						}
						 *0x429c40 = 2;
						E00404077(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404105(_t157, _a12, _a16);
						}
						ShowWindow( *0x42ebd0, _t150);
						ShowWindow(_v8, 8);
						E004040D3(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x42f414;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x42ebd0 = GetDlgItem(_a4, 0x403);
				 *0x42ebc8 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x42ebe4 = _t128;
				_v8 = _t128;
				E004040D3( *0x42ebd0);
				 *0x42ebd4 = E004049C4(4);
				 *0x42ebec = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E0040409E(_a4);
				if(( *0x42f41c & 0x00000003) != 0) {
					ShowWindow( *0x42ebd0, _t150);
					if(( *0x42f41c & 0x00000002) != 0) {
						 *0x42ebd0 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E004040D3( *0x42ebc8);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42f41c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}





































                                                                                                                0x0040527b
                                                                                                                0x00405283
                                                                                                                0x00405286
                                                                                                                0x0040528e
                                                                                                                0x00405291
                                                                                                                0x00405420
                                                                                                                0x00405426
                                                                                                                0x00405443
                                                                                                                0x0040544a
                                                                                                                0x0040544a
                                                                                                                0x00405456
                                                                                                                0x0040545c
                                                                                                                0x0040547e
                                                                                                                0x0040547e
                                                                                                                0x00405484
                                                                                                                0x004054d9
                                                                                                                0x004054d9
                                                                                                                0x004054dc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004054de
                                                                                                                0x004054e1
                                                                                                                0x004054e4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004054ee
                                                                                                                0x004054f4
                                                                                                                0x004054f6
                                                                                                                0x004054f9
                                                                                                                0x004055f6
                                                                                                                0x00000000
                                                                                                                0x004055f6
                                                                                                                0x00405508
                                                                                                                0x00405514
                                                                                                                0x0040551d
                                                                                                                0x00405524
                                                                                                                0x00405528
                                                                                                                0x0040552b
                                                                                                                0x00405534
                                                                                                                0x0040553a
                                                                                                                0x0040553d
                                                                                                                0x0040553d
                                                                                                                0x0040554d
                                                                                                                0x00405553
                                                                                                                0x00405556
                                                                                                                0x00405561
                                                                                                                0x00405561
                                                                                                                0x00405562
                                                                                                                0x00405565
                                                                                                                0x0040556c
                                                                                                                0x00405573
                                                                                                                0x0040557b
                                                                                                                0x0040557b
                                                                                                                0x00405589
                                                                                                                0x0040558f
                                                                                                                0x00405592
                                                                                                                0x00405592
                                                                                                                0x00405599
                                                                                                                0x0040559f
                                                                                                                0x004055a8
                                                                                                                0x004055af
                                                                                                                0x004055b8
                                                                                                                0x004055ba
                                                                                                                0x004055bd
                                                                                                                0x004055cc
                                                                                                                0x004055ce
                                                                                                                0x004055d1
                                                                                                                0x004055d2
                                                                                                                0x004055d5
                                                                                                                0x004055d6
                                                                                                                0x004055d7
                                                                                                                0x004055d7
                                                                                                                0x004055df
                                                                                                                0x004055ea
                                                                                                                0x004055f0
                                                                                                                0x004055f0
                                                                                                                0x00000000
                                                                                                                0x00405556
                                                                                                                0x00405486
                                                                                                                0x0040548c
                                                                                                                0x004054ba
                                                                                                                0x004054bc
                                                                                                                0x004054c2
                                                                                                                0x004054c4
                                                                                                                0x004054cd
                                                                                                                0x004054cd
                                                                                                                0x004054d4
                                                                                                                0x00000000
                                                                                                                0x004054d4
                                                                                                                0x00405490
                                                                                                                0x0040549a
                                                                                                                0x00000000
                                                                                                                0x0040545e
                                                                                                                0x0040545e
                                                                                                                0x00405464
                                                                                                                0x0040549f
                                                                                                                0x00000000
                                                                                                                0x004054a6
                                                                                                                0x0040546d
                                                                                                                0x00405474
                                                                                                                0x00405479
                                                                                                                0x00000000
                                                                                                                0x00405479
                                                                                                                0x0040545c
                                                                                                                0x00405297
                                                                                                                0x0040529b
                                                                                                                0x004052a3
                                                                                                                0x004052a7
                                                                                                                0x004052aa
                                                                                                                0x004052ad
                                                                                                                0x004052b0
                                                                                                                0x004052b3
                                                                                                                0x004052b4
                                                                                                                0x004052b5
                                                                                                                0x004052ce
                                                                                                                0x004052d1
                                                                                                                0x004052db
                                                                                                                0x004052ea
                                                                                                                0x004052f2
                                                                                                                0x004052fa
                                                                                                                0x004052ff
                                                                                                                0x00405302
                                                                                                                0x0040530e
                                                                                                                0x00405317
                                                                                                                0x00405320
                                                                                                                0x00405342
                                                                                                                0x00405348
                                                                                                                0x00405359
                                                                                                                0x0040535e
                                                                                                                0x0040536c
                                                                                                                0x0040537a
                                                                                                                0x0040537a
                                                                                                                0x0040537f
                                                                                                                0x0040538d
                                                                                                                0x0040538d
                                                                                                                0x00405392
                                                                                                                0x00405395
                                                                                                                0x0040539a
                                                                                                                0x004053a6
                                                                                                                0x004053af
                                                                                                                0x004053bc
                                                                                                                0x004053cb
                                                                                                                0x004053be
                                                                                                                0x004053c3
                                                                                                                0x004053c3
                                                                                                                0x004053d7
                                                                                                                0x004053d7
                                                                                                                0x004053eb
                                                                                                                0x004053f4
                                                                                                                0x004053fd
                                                                                                                0x0040540d
                                                                                                                0x00405419
                                                                                                                0x00405419
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32 ref: 004052D4
                                                                                                                • GetDlgItem.USER32 ref: 004052E3
                                                                                                                • GetClientRect.USER32 ref: 00405320
                                                                                                                • GetSystemMetrics.USER32 ref: 00405327
                                                                                                                • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405348
                                                                                                                • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405359
                                                                                                                • SendMessageA.USER32(?,00001001,00000000,?), ref: 0040536C
                                                                                                                • SendMessageA.USER32(?,00001026,00000000,?), ref: 0040537A
                                                                                                                • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040538D
                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,?), ref: 004053AF
                                                                                                                • ShowWindow.USER32(?,00000008), ref: 004053C3
                                                                                                                • GetDlgItem.USER32 ref: 004053E4
                                                                                                                • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004053F4
                                                                                                                • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040540D
                                                                                                                • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405419
                                                                                                                • GetDlgItem.USER32 ref: 004052F2
                                                                                                                  • Part of subcall function 004040D3: SendMessageA.USER32(00000028,?,00000001,00403F03), ref: 004040E1
                                                                                                                • GetDlgItem.USER32 ref: 00405435
                                                                                                                • CreateThread.KERNELBASE ref: 00405443
                                                                                                                • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040544A
                                                                                                                • ShowWindow.USER32(00000000), ref: 0040546D
                                                                                                                • ShowWindow.USER32(?,00000008), ref: 00405474
                                                                                                                • ShowWindow.USER32(00000008), ref: 004054BA
                                                                                                                • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004054EE
                                                                                                                • CreatePopupMenu.USER32 ref: 004054FF
                                                                                                                • AppendMenuA.USER32 ref: 00405514
                                                                                                                • GetWindowRect.USER32 ref: 00405534
                                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040554D
                                                                                                                • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405589
                                                                                                                • OpenClipboard.USER32(00000000), ref: 00405599
                                                                                                                • EmptyClipboard.USER32 ref: 0040559F
                                                                                                                • GlobalAlloc.KERNEL32(00000042,?), ref: 004055A8
                                                                                                                • GlobalLock.KERNEL32 ref: 004055B2
                                                                                                                • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004055C6
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 004055DF
                                                                                                                • SetClipboardData.USER32 ref: 004055EA
                                                                                                                • CloseClipboard.USER32 ref: 004055F0
                                                                                                                Strings
                                                                                                                • Wildix Integration Service v3.11.3 Setup , xrefs: 00405565
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                                                                • String ID: Wildix Integration Service v3.11.3 Setup
                                                                                                                • API String ID: 4154960007-852443512
                                                                                                                • Opcode ID: 850865324eda7255bc617561a744910c99d6829a0b955d2a94bbb97841d7110d
                                                                                                                • Instruction ID: 66d789517199d7de7cfadb6731c275bc9a2b232ae8febcf914e4846c803f5e83
                                                                                                                • Opcode Fuzzy Hash: 850865324eda7255bc617561a744910c99d6829a0b955d2a94bbb97841d7110d
                                                                                                                • Instruction Fuzzy Hash: A3A147B0900608BFDB119F61DE89AAF7F79FB08354F40403AFA41BA1A0C7755E519F68
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004057D8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159filestringCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 491 4057d8-4057fe call 405a96 494 405800-405812 DeleteFileA 491->494 495 405817-40581e 491->495 496 4059a1-4059a5 494->496 497 405820-405822 495->497 498 405831-405841 call 406010 495->498 499 405828-40582b 497->499 500 40594f-405954 497->500 506 405850-405851 call 4059ef 498->506 507 405843-40584e lstrcatA 498->507 499->498 499->500 500->496 502 405956-405959 500->502 504 405963-40596b call 406313 502->504 505 40595b-405961 502->505 504->496 514 40596d-405981 call 4059a8 call 405790 504->514 505->496 509 405856-405859 506->509 507->509 512 405864-40586a lstrcatA 509->512 513 40585b-405862 509->513 515 40586f-40588d lstrlenA FindFirstFileA 512->515 513->512 513->515 530 405983-405986 514->530 531 405999-40599c call 405137 514->531 516 405893-4058aa call 4059d3 515->516 517 405945-405949 515->517 524 4058b5-4058b8 516->524 525 4058ac-4058b0 516->525 517->500 521 40594b 517->521 521->500 528 4058ba-4058bf 524->528 529 4058cb-4058d9 call 406010 524->529 525->524 527 4058b2 525->527 527->524 533 4058c1-4058c3 528->533 534 405924-405936 FindNextFileA 528->534 541 4058f0-4058fb call 405790 529->541 542 4058db-4058e3 529->542 530->505 536 405988-405997 call 405137 call 405def 530->536 531->496 533->529 537 4058c5-4058c9 533->537 534->516 539 40593c-40593f FindClose 534->539 536->496 537->529 537->534 539->517 550 40591c-40591f call 405137 541->550 551 4058fd-405900 541->551 542->534 545 4058e5-4058ee call 4057d8 542->545 545->534 550->534 553 405902-405912 call 405137 call 405def 551->553 554 405914-40591a 551->554 553->534 554->534
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E004057D8(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405A96(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x42f4a8 =  *0x42f4a8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406010(0x42b878, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E004059EF(_t73);
					} else {
						lstrcatA(0x42b878, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]); // executed
						_t40 = FindFirstFileA(0x42b878,  &_v336); // executed
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E004059D3( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E00406010(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E00405790(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E00405137(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x42f4a8 =  *0x42f4a8 + 1;
										} else {
											E00405137(0xfffffff1, _t73);
											E00405DEF(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004057D8(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336); // executed
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x42b878 - 0x5c;
					if( *0x42b878 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E00406313(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E004059A8(_t73);
							_t40 = E00405790(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E00405137(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E00405137(0xfffffff1, _t73);
							return E00405DEF(_t72, _t73, 0);
						}
						L33:
						 *0x42f4a8 =  *0x42f4a8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                                                                                                0x004057e2
                                                                                                                0x004057e7
                                                                                                                0x004057f0
                                                                                                                0x004057f3
                                                                                                                0x004057fb
                                                                                                                0x004057fe
                                                                                                                0x00405801
                                                                                                                0x00405809
                                                                                                                0x0040580b
                                                                                                                0x0040580c
                                                                                                                0x00000000
                                                                                                                0x0040580c
                                                                                                                0x00405817
                                                                                                                0x0040581a
                                                                                                                0x0040581a
                                                                                                                0x0040581a
                                                                                                                0x0040581e
                                                                                                                0x00405831
                                                                                                                0x00405838
                                                                                                                0x0040583d
                                                                                                                0x00405841
                                                                                                                0x00405851
                                                                                                                0x00405843
                                                                                                                0x00405849
                                                                                                                0x00405849
                                                                                                                0x00405856
                                                                                                                0x00405859
                                                                                                                0x00405864
                                                                                                                0x0040586a
                                                                                                                0x0040586f
                                                                                                                0x0040587f
                                                                                                                0x00405881
                                                                                                                0x00405887
                                                                                                                0x0040588a
                                                                                                                0x0040588d
                                                                                                                0x00405945
                                                                                                                0x00405945
                                                                                                                0x00405949
                                                                                                                0x0040594b
                                                                                                                0x0040594b
                                                                                                                0x0040594b
                                                                                                                0x0040594b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405893
                                                                                                                0x00405893
                                                                                                                0x0040589c
                                                                                                                0x004058a2
                                                                                                                0x004058a7
                                                                                                                0x004058aa
                                                                                                                0x004058ac
                                                                                                                0x004058b0
                                                                                                                0x004058b2
                                                                                                                0x004058b2
                                                                                                                0x004058b0
                                                                                                                0x004058b5
                                                                                                                0x004058b8
                                                                                                                0x004058cb
                                                                                                                0x004058cd
                                                                                                                0x004058d2
                                                                                                                0x004058d9
                                                                                                                0x004058f4
                                                                                                                0x004058f9
                                                                                                                0x004058fb
                                                                                                                0x0040591f
                                                                                                                0x004058fd
                                                                                                                0x004058fd
                                                                                                                0x00405900
                                                                                                                0x00405914
                                                                                                                0x00405902
                                                                                                                0x00405905
                                                                                                                0x0040590d
                                                                                                                0x0040590d
                                                                                                                0x00405900
                                                                                                                0x004058db
                                                                                                                0x004058e1
                                                                                                                0x004058e3
                                                                                                                0x004058e9
                                                                                                                0x004058e9
                                                                                                                0x004058e3
                                                                                                                0x00000000
                                                                                                                0x004058d9
                                                                                                                0x004058ba
                                                                                                                0x004058bd
                                                                                                                0x004058bf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004058c1
                                                                                                                0x004058c3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004058c5
                                                                                                                0x004058c9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405924
                                                                                                                0x0040592e
                                                                                                                0x00405934
                                                                                                                0x00405934
                                                                                                                0x0040593f
                                                                                                                0x00000000
                                                                                                                0x0040593f
                                                                                                                0x0040585b
                                                                                                                0x00405862
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405820
                                                                                                                0x00405820
                                                                                                                0x00405822
                                                                                                                0x0040594f
                                                                                                                0x00405951
                                                                                                                0x00405954
                                                                                                                0x004059a5
                                                                                                                0x004059a5
                                                                                                                0x004059a5
                                                                                                                0x00405956
                                                                                                                0x00405959
                                                                                                                0x00405964
                                                                                                                0x00405969
                                                                                                                0x0040596b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040596e
                                                                                                                0x0040597a
                                                                                                                0x0040597f
                                                                                                                0x00405981
                                                                                                                0x00000000
                                                                                                                0x0040599c
                                                                                                                0x00405983
                                                                                                                0x00405986
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040598b
                                                                                                                0x00000000
                                                                                                                0x00405992
                                                                                                                0x0040595b
                                                                                                                0x0040595b
                                                                                                                0x00000000
                                                                                                                0x0040595b
                                                                                                                0x00405828
                                                                                                                0x0040582b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040582b

                                                                                                                APIs
                                                                                                                • DeleteFileA.KERNELBASE(?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405801
                                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\*.*,?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405849
                                                                                                                • lstrcatA.KERNEL32(?,0040A014,?,C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\*.*,?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040586A
                                                                                                                • lstrlenA.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\*.*,?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405870
                                                                                                                • FindFirstFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\*.*,?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405881
                                                                                                                • FindNextFileA.KERNELBASE(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 0040592E
                                                                                                                • FindClose.KERNEL32(00000000), ref: 0040593F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                • String ID: "C:\Users\user\Desktop\SetupWIService.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\*.*$\*.*
                                                                                                                • API String ID: 2035342205-4042017286
                                                                                                                • Opcode ID: 1028c0a1378fe67f5cfd0213f93084011618ac7fb180f8f6d485c044da562b3f
                                                                                                                • Instruction ID: b1b2ef924c21ee39ce724be99c412cdb4e11523259fae964be374fa5306f8f12
                                                                                                                • Opcode Fuzzy Hash: 1028c0a1378fe67f5cfd0213f93084011618ac7fb180f8f6d485c044da562b3f
                                                                                                                • Instruction Fuzzy Hash: 9A51A171800A04EADB216B618C45BBF7AB8DF42728F14807BF845B51D1C73C4982DE6A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402138 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 74%
                                                                                                                			E00402138(void* __eflags) {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x10) = E00402B2C(0xfffffff0);
				 *(_t111 - 0xc) = E00402B2C(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x44)) = E00402B2C(2);
				 *((intOrPtr*)(_t111 - 0x40)) = E00402B2C(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x4c)) = E00402B2C(0x45);
				_t55 =  *(_t111 - 0x24);
				 *(_t111 - 0x88) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x3c) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405A15( *(_t111 - 0xc)) == 0) {
					E00402B2C(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x40851c, _t87, 1, 0x40850c, _t59); // executed
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x40852c, _t111 - 0x1c);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Program Files\\Wildix\\WIService");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x3c));
						_t95 =  *((intOrPtr*)(_t111 - 0x40));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x88));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x44)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x4c)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x10), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x1c));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x1c));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                                                                                                0x00402141
                                                                                                                0x0040214b
                                                                                                                0x00402155
                                                                                                                0x0040215f
                                                                                                                0x0040216a
                                                                                                                0x0040216d
                                                                                                                0x00402187
                                                                                                                0x0040218d
                                                                                                                0x00402193
                                                                                                                0x00402196
                                                                                                                0x004021a0
                                                                                                                0x004021a4
                                                                                                                0x004021a4
                                                                                                                0x004021a9
                                                                                                                0x004021ba
                                                                                                                0x004021c2
                                                                                                                0x0040229b
                                                                                                                0x0040229b
                                                                                                                0x004022a2
                                                                                                                0x004021c8
                                                                                                                0x004021c8
                                                                                                                0x004021d7
                                                                                                                0x004021db
                                                                                                                0x004021de
                                                                                                                0x004021e4
                                                                                                                0x004021f2
                                                                                                                0x004021f5
                                                                                                                0x004021f7
                                                                                                                0x00402202
                                                                                                                0x00402202
                                                                                                                0x00402207
                                                                                                                0x00402209
                                                                                                                0x00402210
                                                                                                                0x00402210
                                                                                                                0x00402213
                                                                                                                0x0040221c
                                                                                                                0x0040221f
                                                                                                                0x00402224
                                                                                                                0x00402226
                                                                                                                0x00402233
                                                                                                                0x00402233
                                                                                                                0x00402236
                                                                                                                0x0040223f
                                                                                                                0x00402242
                                                                                                                0x0040224b
                                                                                                                0x00402251
                                                                                                                0x00402258
                                                                                                                0x00402271
                                                                                                                0x00402273
                                                                                                                0x00402281
                                                                                                                0x00402281
                                                                                                                0x00402271
                                                                                                                0x00402284
                                                                                                                0x0040228a
                                                                                                                0x0040228a
                                                                                                                0x0040228d
                                                                                                                0x00402293
                                                                                                                0x00402299
                                                                                                                0x004022ae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402299
                                                                                                                0x004022a4
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • CoCreateInstance.OLE32(0040851C,?,00000001,0040850C,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021BA
                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,0040850C,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402269
                                                                                                                Strings
                                                                                                                • C:\Program Files\Wildix\WIService, xrefs: 004021FA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                • String ID: C:\Program Files\Wildix\WIService
                                                                                                                • API String ID: 123533781-2436880260
                                                                                                                • Opcode ID: 5e26a4cef9836c5db1ff9a72d0abbf1eb8f5a6fdc757ce25d6c6e23b25beee3e
                                                                                                                • Instruction ID: 754b6e0833e3014b2c682637ef6945f2e05814b0a8fe180c789646af90cdafbf
                                                                                                                • Opcode Fuzzy Hash: 5e26a4cef9836c5db1ff9a72d0abbf1eb8f5a6fdc757ce25d6c6e23b25beee3e
                                                                                                                • Instruction Fuzzy Hash: DD510771A00209AFCB04DFE4C988A9D7BB5EF48314F2045BAF515EB2D1DB799941CF54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406313 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00406313(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x42c0c0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x42c0c0;
			}




                                                                                                                0x0040631e
                                                                                                                0x00406327
                                                                                                                0x00000000
                                                                                                                0x00406334
                                                                                                                0x0040632a
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • FindFirstFileA.KERNELBASE(7476FA90,0042C0C0,C:\,00405AD9,C:\,C:\,00000000,C:\,C:\,7476FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,7476FA90,C:\Users\user\AppData\Local\Temp\), ref: 0040631E
                                                                                                                • FindClose.KERNEL32(00000000), ref: 0040632A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                • String ID: C:\
                                                                                                                • API String ID: 2295610775-3404278061
                                                                                                                • Opcode ID: 1839775ab65f4c7429e333cf5f3a5f1104f42c23ffe018d7624b5080913ebc3e
                                                                                                                • Instruction ID: f1da5dbc8fb4190b670de1866088b9aea297c62f24eccc1d76d376cb4bf46ee5
                                                                                                                • Opcode Fuzzy Hash: 1839775ab65f4c7429e333cf5f3a5f1104f42c23ffe018d7624b5080913ebc3e
                                                                                                                • Instruction Fuzzy Hash: A8D0123250A030ABC350177C7E0C88F7A989F163347218A36F4A6F21E0C7348C2286DC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402765 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 41%
                                                                                                                			E00402765(char __ebx, char* __edi, char* __esi) {
				void* _t6;
				void* _t19;

				_t6 = FindFirstFileA(E00402B2C(2), _t19 - 0x1c8); // executed
				if(_t6 != 0xffffffff) {
					E00405F6E(__edi, _t6);
					_push(_t19 - 0x19c);
					_push(__esi);
					E00406010();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}





                                                                                                                0x00402774
                                                                                                                0x0040277d
                                                                                                                0x00402791
                                                                                                                0x0040279c
                                                                                                                0x0040279d
                                                                                                                0x004028d6
                                                                                                                0x0040277f
                                                                                                                0x0040277f
                                                                                                                0x00402781
                                                                                                                0x00402783
                                                                                                                0x00402783
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • FindFirstFileA.KERNELBASE(00000000,?,00000002), ref: 00402774
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileFindFirst
                                                                                                                • String ID:
                                                                                                                • API String ID: 1974802433-0
                                                                                                                • Opcode ID: d49b052ccc37abe76686d4a71a1dd7afab77a5349bca0cf12c91bef43c1fe758
                                                                                                                • Instruction ID: 5c82bf4159fd1739121f93a17669663fbe331ae18c29918af2b78fc5806f8225
                                                                                                                • Opcode Fuzzy Hash: d49b052ccc37abe76686d4a71a1dd7afab77a5349bca0cf12c91bef43c1fe758
                                                                                                                • Instruction Fuzzy Hash: 39F0EC725441009BD301EB749A49AFEB77CEF15324F60017BE141F21C1D6F84945D77A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403BCA Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 183 403bca-403bdc 184 403be2-403be8 183->184 185 403d1d-403d2c 183->185 184->185 186 403bee-403bf7 184->186 187 403d7b-403d90 185->187 188 403d2e-403d69 GetDlgItem * 2 call 40409e KiUserCallbackDispatcher call 40140b 185->188 189 403bf9-403c06 SetWindowPos 186->189 190 403c0c-403c0f 186->190 192 403dd0-403dd5 call 4040ea 187->192 193 403d92-403d95 187->193 211 403d6e-403d76 188->211 189->190 195 403c11-403c23 ShowWindow 190->195 196 403c29-403c2f 190->196 202 403dda-403df5 192->202 198 403d97-403da2 call 401389 193->198 199 403dc8-403dca 193->199 195->196 203 403c31-403c46 DestroyWindow 196->203 204 403c4b-403c4e 196->204 198->199 214 403da4-403dc3 SendMessageA 198->214 199->192 201 40406b 199->201 209 40406d-404074 201->209 207 403df7-403df9 call 40140b 202->207 208 403dfe-403e04 202->208 210 404048-40404e 203->210 212 403c50-403c5c SetWindowLongA 204->212 213 403c61-403c67 204->213 207->208 217 404029-404042 DestroyWindow KiUserCallbackDispatcher 208->217 218 403e0a-403e15 208->218 210->201 216 404050-404056 210->216 211->187 212->209 219 403d0a-403d18 call 404105 213->219 220 403c6d-403c7e GetDlgItem 213->220 214->209 216->201 224 404058-404061 ShowWindow 216->224 217->210 218->217 225 403e1b-403e68 call 406032 call 40409e * 3 GetDlgItem 218->225 219->209 221 403c80-403c97 SendMessageA IsWindowEnabled 220->221 222 403c9d-403ca0 220->222 221->201 221->222 226 403ca2-403ca3 222->226 227 403ca5-403ca8 222->227 224->201 253 403e72-403eae ShowWindow KiUserCallbackDispatcher call 4040c0 EnableWindow 225->253 254 403e6a-403e6f 225->254 230 403cd3-403cd8 call 404077 226->230 231 403cb6-403cbb 227->231 232 403caa-403cb0 227->232 230->219 234 403cf1-403d04 SendMessageA 231->234 236 403cbd-403cc3 231->236 232->234 235 403cb2-403cb4 232->235 234->219 235->230 239 403cc5-403ccb call 40140b 236->239 240 403cda-403ce3 call 40140b 236->240 251 403cd1 239->251 240->219 249 403ce5-403cef 240->249 249->251 251->230 257 403eb0-403eb1 253->257 258 403eb3 253->258 254->253 259 403eb5-403ee3 GetSystemMenu EnableMenuItem SendMessageA 257->259 258->259 260 403ee5-403ef6 SendMessageA 259->260 261 403ef8 259->261 262 403efe-403f38 call 4040d3 call 403bab call 406010 lstrlenA call 406032 SetWindowTextA call 401389 260->262 261->262 262->202 273 403f3e-403f40 262->273 273->202 274 403f46-403f4a 273->274 275 403f69-403f7d DestroyWindow 274->275 276 403f4c-403f52 274->276 275->210 278 403f83-403fb0 CreateDialogParamA 275->278 276->201 277 403f58-403f5e 276->277 277->202 279 403f64 277->279 278->210 280 403fb6-40400d call 40409e GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 278->280 279->201 280->201 285 40400f-404022 ShowWindow call 4040ea 280->285 287 404027 285->287 287->210
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E00403BCA(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t142;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x42a858 = _t35;
					if(_t116 == 0x110) {
						 *0x42f408 = _t126;
						 *0x42a86c = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x429838 = _t92;
						E0040409E(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x42ebe8); // executed
						 *0x42ebcc = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42a858 = 1;
					}
					_t123 =  *0x40a1dc; // 0x3
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x42f440;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E004040EA(0x40b);
						while(1) {
							_t37 =  *0x42a858; // 0x1
							 *0x40a1dc =  *0x40a1dc + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x40a1dc; // 0x3
							__eflags = _t39 -  *0x42f444;
							if(_t39 ==  *0x42f444) {
								E0040140B(1);
							}
							__eflags =  *0x42ebcc - _t134; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a1dc -  *0x42f444; // 0x3
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E00406032(_t117, _t126, _t131, 0x437800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E0040409E(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E0040409E(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E0040409E(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x42f4ac - _t134;
							_v32 = _t49;
							if( *0x42f4ac != _t134) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008); // executed
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100); // executed
							E004040C0(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x429838, _t118);
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x42f4ac - _t134;
							if( *0x42f4ac == _t134) {
								_push( *0x42a86c);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x429838);
							}
							E004040D3();
							E00406010(0x42a870, E00403BAB());
							E00406032(0x42a870, _t126, _t131,  &(0x42a870[lstrlenA(0x42a870)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x42a870); // executed
							_push(_t134);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)));
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x42ebd8); // executed
									 *0x42a048 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x42f400,  *_t131 +  *0x42ebe0 & 0x0000ffff, _t126,  *(0x40a1e0 +  *(_t131 + 4) * 4), _t131); // executed
									__eflags = _t74 - _t134;
									 *0x42ebd8 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E0040409E(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x42ebd8, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									_push(_t134);
									E00401389( *((intOrPtr*)(_t131 + 0xc)));
									__eflags =  *0x42ebcc - _t134; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x42ebd8, 8); // executed
									E004040EA(0x405);
									goto L58;
								}
								__eflags =  *0x42f4ac - _t134;
								if( *0x42f4ac != _t134) {
									goto L61;
								}
								__eflags =  *0x42f4a0 - _t134;
								if( *0x42f4a0 != _t134) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x42ebd8); // executed
						 *0x42f408 = _t134;
						EndDialog(_t126,  *0x429c40);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)));
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x42ebd8, 0x40f, 0, 1);
						__eflags =  *0x42ebcc - _t134; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x42a850, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x42a850,  ~(_a12 - 1) & _t116);
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E00404105(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x42ebd8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42f4ac - _t134;
										if( *0x42f4ac == _t134) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x429c40 = 1;
											L21:
											_push(0x78);
											L22:
											E00404077();
											goto L26;
										}
										E0040140B(_t128);
										 *0x429c40 = _t128;
										goto L21;
									}
									__eflags =  *0x40a1dc - _t134; // 0x3
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x42ebd8); // executed
						 *0x42ebd8 = _a12;
						L58:
						_t142 =  *0x42b870 - _t134; // 0x1
						if(_t142 == 0) {
							_t143 =  *0x42ebd8 - _t134; // 0x20506
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa); // executed
								 *0x42b870 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                                                                                                                0x00403bd3
                                                                                                                0x00403bdc
                                                                                                                0x00403d1d
                                                                                                                0x00403d21
                                                                                                                0x00403d25
                                                                                                                0x00403d27
                                                                                                                0x00403d2c
                                                                                                                0x00403d37
                                                                                                                0x00403d42
                                                                                                                0x00403d47
                                                                                                                0x00403d49
                                                                                                                0x00403d4b
                                                                                                                0x00403d4e
                                                                                                                0x00403d53
                                                                                                                0x00403d61
                                                                                                                0x00403d6e
                                                                                                                0x00403d75
                                                                                                                0x00403d75
                                                                                                                0x00403d76
                                                                                                                0x00403d76
                                                                                                                0x00403d7b
                                                                                                                0x00403d81
                                                                                                                0x00403d88
                                                                                                                0x00403d8e
                                                                                                                0x00403d90
                                                                                                                0x00403dd0
                                                                                                                0x00403dd5
                                                                                                                0x00403dda
                                                                                                                0x00403dda
                                                                                                                0x00403ddf
                                                                                                                0x00403de8
                                                                                                                0x00403dea
                                                                                                                0x00403def
                                                                                                                0x00403df5
                                                                                                                0x00403df9
                                                                                                                0x00403df9
                                                                                                                0x00403dfe
                                                                                                                0x00403e04
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403e0f
                                                                                                                0x00403e15
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403e1e
                                                                                                                0x00403e26
                                                                                                                0x00403e2b
                                                                                                                0x00403e2e
                                                                                                                0x00403e34
                                                                                                                0x00403e39
                                                                                                                0x00403e3c
                                                                                                                0x00403e42
                                                                                                                0x00403e47
                                                                                                                0x00403e4a
                                                                                                                0x00403e50
                                                                                                                0x00403e58
                                                                                                                0x00403e5e
                                                                                                                0x00403e64
                                                                                                                0x00403e68
                                                                                                                0x00403e6f
                                                                                                                0x00403e6f
                                                                                                                0x00403e6f
                                                                                                                0x00403e79
                                                                                                                0x00403e8b
                                                                                                                0x00403e97
                                                                                                                0x00403e9c
                                                                                                                0x00403ea6
                                                                                                                0x00403eac
                                                                                                                0x00403eae
                                                                                                                0x00403eb3
                                                                                                                0x00403eb0
                                                                                                                0x00403eb0
                                                                                                                0x00403eb0
                                                                                                                0x00403ec3
                                                                                                                0x00403edb
                                                                                                                0x00403edd
                                                                                                                0x00403ee3
                                                                                                                0x00403ef8
                                                                                                                0x00403ee5
                                                                                                                0x00403eee
                                                                                                                0x00403ef0
                                                                                                                0x00403ef0
                                                                                                                0x00403efe
                                                                                                                0x00403f0f
                                                                                                                0x00403f20
                                                                                                                0x00403f27
                                                                                                                0x00403f2d
                                                                                                                0x00403f31
                                                                                                                0x00403f36
                                                                                                                0x00403f38
                                                                                                                0x00000000
                                                                                                                0x00403f3e
                                                                                                                0x00403f3e
                                                                                                                0x00403f40
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403f46
                                                                                                                0x00403f4a
                                                                                                                0x00403f6f
                                                                                                                0x00403f75
                                                                                                                0x00403f7b
                                                                                                                0x00403f7d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403fa3
                                                                                                                0x00403fa9
                                                                                                                0x00403fab
                                                                                                                0x00403fb0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403fb6
                                                                                                                0x00403fb9
                                                                                                                0x00403fbc
                                                                                                                0x00403fd3
                                                                                                                0x00403fdf
                                                                                                                0x00403ff8
                                                                                                                0x00403ffe
                                                                                                                0x00404002
                                                                                                                0x00404007
                                                                                                                0x0040400d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404017
                                                                                                                0x00404022
                                                                                                                0x00000000
                                                                                                                0x00404022
                                                                                                                0x00403f4c
                                                                                                                0x00403f52
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403f58
                                                                                                                0x00403f5e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403f64
                                                                                                                0x00403f38
                                                                                                                0x0040402f
                                                                                                                0x0040403b
                                                                                                                0x00404042
                                                                                                                0x00000000
                                                                                                                0x00403d92
                                                                                                                0x00403d92
                                                                                                                0x00403d95
                                                                                                                0x00403dc8
                                                                                                                0x00403dc8
                                                                                                                0x00403dca
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403dca
                                                                                                                0x00403d97
                                                                                                                0x00403d9b
                                                                                                                0x00403da0
                                                                                                                0x00403da2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403db2
                                                                                                                0x00403dba
                                                                                                                0x00000000
                                                                                                                0x00403dc0
                                                                                                                0x00403bee
                                                                                                                0x00403bee
                                                                                                                0x00403bf2
                                                                                                                0x00403bf7
                                                                                                                0x00403c06
                                                                                                                0x00403c06
                                                                                                                0x00403c0f
                                                                                                                0x00403c18
                                                                                                                0x00403c23
                                                                                                                0x00403c23
                                                                                                                0x00403c2f
                                                                                                                0x00403c4b
                                                                                                                0x00403c4e
                                                                                                                0x00403c61
                                                                                                                0x00403c67
                                                                                                                0x00403d0a
                                                                                                                0x00000000
                                                                                                                0x00403d13
                                                                                                                0x00403c6d
                                                                                                                0x00403c7a
                                                                                                                0x00403c7c
                                                                                                                0x00403c7e
                                                                                                                0x00403c9d
                                                                                                                0x00403c9d
                                                                                                                0x00403ca0
                                                                                                                0x00403ca5
                                                                                                                0x00403ca8
                                                                                                                0x00403cb8
                                                                                                                0x00403cb9
                                                                                                                0x00403cbb
                                                                                                                0x00403cf1
                                                                                                                0x00403d04
                                                                                                                0x00000000
                                                                                                                0x00403d04
                                                                                                                0x00403cbd
                                                                                                                0x00403cc3
                                                                                                                0x00403cdc
                                                                                                                0x00403ce1
                                                                                                                0x00403ce3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403ce5
                                                                                                                0x00403cd1
                                                                                                                0x00403cd1
                                                                                                                0x00403cd3
                                                                                                                0x00403cd3
                                                                                                                0x00000000
                                                                                                                0x00403cd3
                                                                                                                0x00403cc6
                                                                                                                0x00403ccb
                                                                                                                0x00000000
                                                                                                                0x00403ccb
                                                                                                                0x00403caa
                                                                                                                0x00403cb0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403cb2
                                                                                                                0x00000000
                                                                                                                0x00403cb2
                                                                                                                0x00403ca2
                                                                                                                0x00000000
                                                                                                                0x00403ca2
                                                                                                                0x00403c88
                                                                                                                0x00403c8f
                                                                                                                0x00403c95
                                                                                                                0x00403c97
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403c97
                                                                                                                0x00403c53
                                                                                                                0x00000000
                                                                                                                0x00403c31
                                                                                                                0x00403c37
                                                                                                                0x00403c41
                                                                                                                0x00404048
                                                                                                                0x00404048
                                                                                                                0x0040404e
                                                                                                                0x00404050
                                                                                                                0x00404056
                                                                                                                0x0040405b
                                                                                                                0x00404061
                                                                                                                0x00404061
                                                                                                                0x00404056
                                                                                                                0x0040406b
                                                                                                                0x00000000
                                                                                                                0x0040406b
                                                                                                                0x00403c2f

                                                                                                                APIs
                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403C06
                                                                                                                • ShowWindow.USER32(?), ref: 00403C23
                                                                                                                • DestroyWindow.USER32 ref: 00403C37
                                                                                                                • SetWindowLongA.USER32 ref: 00403C53
                                                                                                                • GetDlgItem.USER32 ref: 00403C74
                                                                                                                • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403C88
                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 00403C8F
                                                                                                                • GetDlgItem.USER32 ref: 00403D3D
                                                                                                                • GetDlgItem.USER32 ref: 00403D47
                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403D61
                                                                                                                • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403DB2
                                                                                                                • GetDlgItem.USER32 ref: 00403E58
                                                                                                                • ShowWindow.USER32(00000000,?), ref: 00403E79
                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403E8B
                                                                                                                • EnableWindow.USER32(?,?), ref: 00403EA6
                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403EBC
                                                                                                                • EnableMenuItem.USER32 ref: 00403EC3
                                                                                                                • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403EDB
                                                                                                                • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403EEE
                                                                                                                • lstrlenA.KERNEL32(Wildix Integration Service v3.11.3 Setup ,?,Wildix Integration Service v3.11.3 Setup ,00000000), ref: 00403F18
                                                                                                                • SetWindowTextA.USER32(?,Wildix Integration Service v3.11.3 Setup ), ref: 00403F27
                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 0040405B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Item$MessageSend$Show$CallbackDispatcherEnableMenuUser$DestroyEnabledLongSystemTextlstrlen
                                                                                                                • String ID: Wildix Integration Service v3.11.3 Setup
                                                                                                                • API String ID: 3906175533-852443512
                                                                                                                • Opcode ID: 5ffd1eee2a53c0bce8439eebe02f74cc0bfe9fdaa9e9cbb129ddddf772baf92f
                                                                                                                • Instruction ID: 8391a727dd330e9af47019fb45b898bbd0b6ec160f5193fdc8e4d7e88c7c5567
                                                                                                                • Opcode Fuzzy Hash: 5ffd1eee2a53c0bce8439eebe02f74cc0bfe9fdaa9e9cbb129ddddf772baf92f
                                                                                                                • Instruction Fuzzy Hash: 39C1B171600704AFDB20AF62EE45E2B3AA9FB95706F40043EF642B51E1CB799852DB1D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040382D Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 288 40382d-403845 call 4063a8 291 403847-403857 call 405f6e 288->291 292 403859-40388a call 405ef7 288->292 301 4038ad-4038d6 call 403af2 call 405a96 291->301 297 4038a2-4038a8 lstrcatA 292->297 298 40388c-40389d call 405ef7 292->298 297->301 298->297 306 4038dc-4038e1 301->306 307 40395d-403965 call 405a96 301->307 306->307 309 4038e3-4038fb call 405ef7 306->309 313 403973-403998 LoadImageA 307->313 314 403967-40396e call 406032 307->314 312 403900-403907 309->312 312->307 315 403909-40390b 312->315 317 403a19-403a21 call 40140b 313->317 318 40399a-4039ca RegisterClassA 313->318 314->313 319 40391c-403928 lstrlenA 315->319 320 40390d-40391a call 4059d3 315->320 331 403a23-403a26 317->331 332 403a2b-403a36 call 403af2 317->332 321 4039d0-403a14 SystemParametersInfoA CreateWindowExA 318->321 322 403ae8 318->322 326 403950-403958 call 4059a8 call 406010 319->326 327 40392a-403938 lstrcmpiA 319->327 320->319 321->317 325 403aea-403af1 322->325 326->307 327->326 330 40393a-403944 GetFileAttributesA 327->330 334 403946-403948 330->334 335 40394a-40394b call 4059ef 330->335 331->325 341 403a3c-403a56 ShowWindow call 40633a 332->341 342 403abf-403ac0 call 405209 332->342 334->326 334->335 335->326 347 403a62-403a74 GetClassInfoA 341->347 348 403a58-403a5d call 40633a 341->348 346 403ac5-403ac7 342->346 349 403ae1-403ae3 call 40140b 346->349 350 403ac9-403acf 346->350 353 403a76-403a86 GetClassInfoA RegisterClassA 347->353 354 403a8c-403aaf DialogBoxParamA call 40140b 347->354 348->347 349->322 350->331 355 403ad5-403adc call 40140b 350->355 353->354 359 403ab4-403abd call 40377d 354->359 355->331 359->325
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E0040382D(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x42f414;
				_t17 = E004063A8(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x42a870;
					"1033" = 0x30;
					 *0x436001 = 0x78;
					 *0x436002 = 0;
					E00405EF7(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a870, 0);
					__eflags =  *0x42a870; // 0x57
					if(__eflags == 0) {
						E00405EF7(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M00408362, 0x42a870, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					E00405F6E("1033",  *_t17() & 0x0000ffff);
				}
				E00403AF2(_t71, _t84);
				_t80 = "C:\\Program Files\\Wildix\\WIService";
				 *0x42f4a0 =  *0x42f41c & 0x00000020;
				 *0x42f4bc = 0x10000;
				if(E00405A96(_t84, "C:\\Program Files\\Wildix\\WIService") != 0) {
					L16:
					if(E00405A96(_t92, _t80) == 0) {
						E00406032(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118))); // executed
					}
					_t25 = LoadImageA( *0x42f400, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x42ebe8 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403AF2(_t71, __eflags);
							__eflags =  *0x42f4c0;
							if( *0x42f4c0 != 0) {
								_t28 = E00405209(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42ebcc; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42a850, 5); // executed
							_t34 = E0040633A("RichEd20"); // executed
							__eflags = _t34;
							if(_t34 == 0) {
								E0040633A("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x42eba0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x42eba0);
								 *0x42ebc4 = _t81;
								RegisterClassA(0x42eba0);
							}
							_t36 =  *0x42ebe0; // 0x0
							_t39 = DialogBoxParamA( *0x42f400, _t36 + 0x00000069 & 0x0000ffff, 0, E00403BCA, 0); // executed
							E0040377D(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x42f400;
						 *0x42eba4 = E00401000;
						 *0x42ebb0 =  *0x42f400;
						 *0x42ebb4 = _t25;
						 *0x42ebc4 = 0x40a1f4;
						if(RegisterClassA(0x42eba0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x42a850 = CreateWindowExA(0x80, 0x40a1f4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42f400, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x42e3a0;
					E00405EF7(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x42f458, 0x42e3a0, 0);
					_t57 =  *0x42e3a0; // 0x52
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x42e3a1;
						 *((char*)(E004059D3(0x42e3a1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00406010(_t80, E004059A8(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E004059EF(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                                                0x00403833
                                                                                                                0x0040383c
                                                                                                                0x00403843
                                                                                                                0x00403845
                                                                                                                0x00403859
                                                                                                                0x0040386b
                                                                                                                0x00403872
                                                                                                                0x00403879
                                                                                                                0x0040387f
                                                                                                                0x00403884
                                                                                                                0x0040388a
                                                                                                                0x0040389d
                                                                                                                0x0040389d
                                                                                                                0x004038a8
                                                                                                                0x00403847
                                                                                                                0x00403852
                                                                                                                0x00403852
                                                                                                                0x004038ad
                                                                                                                0x004038b7
                                                                                                                0x004038c0
                                                                                                                0x004038c5
                                                                                                                0x004038d6
                                                                                                                0x0040395d
                                                                                                                0x00403965
                                                                                                                0x0040396e
                                                                                                                0x0040396e
                                                                                                                0x00403984
                                                                                                                0x0040398a
                                                                                                                0x00403998
                                                                                                                0x00403a19
                                                                                                                0x00403a21
                                                                                                                0x00403a2b
                                                                                                                0x00403a30
                                                                                                                0x00403a36
                                                                                                                0x00403ac0
                                                                                                                0x00403ac5
                                                                                                                0x00403ac7
                                                                                                                0x00403ae3
                                                                                                                0x00000000
                                                                                                                0x00403ae3
                                                                                                                0x00403ac9
                                                                                                                0x00403acf
                                                                                                                0x00403ad7
                                                                                                                0x00403ad7
                                                                                                                0x00000000
                                                                                                                0x00403acf
                                                                                                                0x00403a44
                                                                                                                0x00403a4f
                                                                                                                0x00403a54
                                                                                                                0x00403a56
                                                                                                                0x00403a5d
                                                                                                                0x00403a5d
                                                                                                                0x00403a68
                                                                                                                0x00403a70
                                                                                                                0x00403a72
                                                                                                                0x00403a74
                                                                                                                0x00403a7d
                                                                                                                0x00403a80
                                                                                                                0x00403a86
                                                                                                                0x00403a86
                                                                                                                0x00403a8c
                                                                                                                0x00403aa5
                                                                                                                0x00403ab6
                                                                                                                0x00000000
                                                                                                                0x00403abb
                                                                                                                0x00403a23
                                                                                                                0x00403a25
                                                                                                                0x00000000
                                                                                                                0x0040399a
                                                                                                                0x0040399a
                                                                                                                0x004039a6
                                                                                                                0x004039b0
                                                                                                                0x004039b6
                                                                                                                0x004039bb
                                                                                                                0x004039ca
                                                                                                                0x00403ae8
                                                                                                                0x00403ae8
                                                                                                                0x00000000
                                                                                                                0x00403ae8
                                                                                                                0x004039d9
                                                                                                                0x00403a14
                                                                                                                0x00000000
                                                                                                                0x00403a14
                                                                                                                0x004038dc
                                                                                                                0x004038dc
                                                                                                                0x004038df
                                                                                                                0x004038e1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004038eb
                                                                                                                0x004038fb
                                                                                                                0x00403900
                                                                                                                0x00403907
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040390b
                                                                                                                0x0040390d
                                                                                                                0x0040391a
                                                                                                                0x0040391a
                                                                                                                0x00403922
                                                                                                                0x00403928
                                                                                                                0x00403950
                                                                                                                0x00403958
                                                                                                                0x00000000
                                                                                                                0x0040393a
                                                                                                                0x0040393b
                                                                                                                0x00403944
                                                                                                                0x0040394a
                                                                                                                0x0040394b
                                                                                                                0x00000000
                                                                                                                0x0040394b
                                                                                                                0x00403946
                                                                                                                0x00403948
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403948
                                                                                                                0x00403928

                                                                                                                APIs
                                                                                                                  • Part of subcall function 004063A8: GetModuleHandleA.KERNEL32(?,?,?,004032DE,0000000A), ref: 004063BA
                                                                                                                  • Part of subcall function 004063A8: GetProcAddress.KERNEL32(00000000,?), ref: 004063D5
                                                                                                                • lstrcatA.KERNEL32(1033,Wildix Integration Service v3.11.3 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.11.3 Setup ,00000000,00000002,7476FA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SetupWIService.exe",00000000), ref: 004038A8
                                                                                                                • lstrlenA.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Wildix\WIService,1033,Wildix Integration Service v3.11.3 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.11.3 Setup ,00000000,00000002,7476FA90), ref: 0040391D
                                                                                                                • lstrcmpiA.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Wildix\WIService,1033,Wildix Integration Service v3.11.3 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.11.3 Setup ,00000000), ref: 00403930
                                                                                                                • GetFileAttributesA.KERNEL32(Remove folder: ), ref: 0040393B
                                                                                                                • LoadImageA.USER32 ref: 00403984
                                                                                                                  • Part of subcall function 00405F6E: wsprintfA.USER32 ref: 00405F7B
                                                                                                                • RegisterClassA.USER32 ref: 004039C1
                                                                                                                • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 004039D9
                                                                                                                • CreateWindowExA.USER32 ref: 00403A0E
                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00403A44
                                                                                                                • GetClassInfoA.USER32 ref: 00403A70
                                                                                                                • GetClassInfoA.USER32 ref: 00403A7D
                                                                                                                • RegisterClassA.USER32 ref: 00403A86
                                                                                                                • DialogBoxParamA.USER32 ref: 00403AA5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                • String ID: "C:\Users\user\Desktop\SetupWIService.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20A$Wildix Integration Service v3.11.3 Setup $_Nb
                                                                                                                • API String ID: 1975747703-345412158
                                                                                                                • Opcode ID: 15822f17e376e41266fbf8a251ac5c412d7bb8a3b85e81a9d7c16052a8cecaf4
                                                                                                                • Instruction ID: 5bdd09b32da2b5bd11ad56600dd1adb443959310d265eb20ccced3f07ac4f103
                                                                                                                • Opcode Fuzzy Hash: 15822f17e376e41266fbf8a251ac5c412d7bb8a3b85e81a9d7c16052a8cecaf4
                                                                                                                • Instruction Fuzzy Hash: B461C770340201AED620BB669D45F2B3E6CEB54749F80447FF981B22E2CB7D9D469B2D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402DC4 Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 181memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 362 402dc4-402e12 GetTickCount GetModuleFileNameA call 405ba9 365 402e14-402e19 362->365 366 402e1e-402e4c call 406010 call 4059ef call 406010 GetFileSize 362->366 367 402ff4-402ff8 365->367 374 402e52 366->374 375 402f37-402f45 call 402d60 366->375 377 402e57-402e6e 374->377 382 402f47-402f4a 375->382 383 402f9a-402f9f 375->383 379 402e70 377->379 380 402e72-402e7b call 40320d 377->380 379->380 387 402fa1-402fa9 call 402d60 380->387 388 402e81-402e88 380->388 385 402f4c-402f64 call 403223 call 40320d 382->385 386 402f6e-402f98 GlobalAlloc call 403223 call 402ffb 382->386 383->367 385->383 408 402f66-402f6c 385->408 386->383 413 402fab-402fbc 386->413 387->383 392 402f04-402f08 388->392 393 402e8a-402e9e call 405b64 388->393 397 402f12-402f18 392->397 398 402f0a-402f11 call 402d60 392->398 393->397 411 402ea0-402ea7 393->411 404 402f27-402f2f 397->404 405 402f1a-402f24 call 40645f 397->405 398->397 404->377 412 402f35 404->412 405->404 408->383 408->386 411->397 415 402ea9-402eb0 411->415 412->375 416 402fc4-402fc9 413->416 417 402fbe 413->417 415->397 419 402eb2-402eb9 415->419 418 402fca-402fd0 416->418 417->416 418->418 420 402fd2-402fed SetFilePointer call 405b64 418->420 419->397 421 402ebb-402ec2 419->421 424 402ff2 420->424 421->397 423 402ec4-402ee4 421->423 423->383 425 402eea-402eee 423->425 424->367 426 402ef0-402ef4 425->426 427 402ef6-402efe 425->427 426->412 426->427 427->397 428 402f00-402f02 427->428 428->397
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E00402DC4(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\jones\\Desktop\\SetupWIService.exe";
				 *0x42f410 = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\jones\\Desktop\\SetupWIService.exe", 0x400);
				_t89 = E00405BA9(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\jones\\Desktop";
				E00406010("C:\\Users\\jones\\Desktop", _t91);
				E00406010(0x437000, E004059EF(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x42942c = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402D60(1);
					__eflags =  *0x42f418 - _t82;
					if( *0x42f418 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E00403223( *0x42f418 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402FFB(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x42f414 = _t94;
							 *0x42f41c =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x42f420 =  *0x42f420 + 1;
								__eflags =  *0x42f420;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405B64(0x42f440, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E00403223( *0x41d420);
					_t65 = E0040320D( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x42f418) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E0040320D(0x415420, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00402D60(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42f418;
						if( *0x42f418 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402D60(0);
							}
							goto L20;
						}
						E00405B64( &_v44, 0x415420, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x41d420; // 0xd393bc
						 *0x42f4c0 =  *0x42f4c0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x42f418 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x40a194
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x42942c; // 0xd3bcf0
						if(__eflags < 0) {
							_v12 = E0040645F(_v12, 0x415420, _t90);
						}
						 *0x41d420 =  *0x41d420 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 != 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}































                                                                                                                0x00402dcc
                                                                                                                0x00402dcf
                                                                                                                0x00402dd2
                                                                                                                0x00402dd5
                                                                                                                0x00402ddb
                                                                                                                0x00402dec
                                                                                                                0x00402df1
                                                                                                                0x00402e04
                                                                                                                0x00402e09
                                                                                                                0x00402e0c
                                                                                                                0x00402e12
                                                                                                                0x00000000
                                                                                                                0x00402e14
                                                                                                                0x00402e1f
                                                                                                                0x00402e25
                                                                                                                0x00402e36
                                                                                                                0x00402e3d
                                                                                                                0x00402e43
                                                                                                                0x00402e45
                                                                                                                0x00402e4a
                                                                                                                0x00402e4c
                                                                                                                0x00402f37
                                                                                                                0x00402f39
                                                                                                                0x00402f3e
                                                                                                                0x00402f45
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402f47
                                                                                                                0x00402f4a
                                                                                                                0x00402f6e
                                                                                                                0x00402f73
                                                                                                                0x00402f79
                                                                                                                0x00402f84
                                                                                                                0x00402f89
                                                                                                                0x00402f8c
                                                                                                                0x00402f8d
                                                                                                                0x00402f8e
                                                                                                                0x00402f90
                                                                                                                0x00402f95
                                                                                                                0x00402f98
                                                                                                                0x00402fab
                                                                                                                0x00402faf
                                                                                                                0x00402fb7
                                                                                                                0x00402fbc
                                                                                                                0x00402fbe
                                                                                                                0x00402fbe
                                                                                                                0x00402fbe
                                                                                                                0x00402fc6
                                                                                                                0x00402fc6
                                                                                                                0x00402fc9
                                                                                                                0x00402fca
                                                                                                                0x00402fca
                                                                                                                0x00402fcd
                                                                                                                0x00402fcf
                                                                                                                0x00402fcf
                                                                                                                0x00402fcf
                                                                                                                0x00402fd9
                                                                                                                0x00402fdf
                                                                                                                0x00402fed
                                                                                                                0x00402ff2
                                                                                                                0x00000000
                                                                                                                0x00402ff2
                                                                                                                0x00000000
                                                                                                                0x00402f98
                                                                                                                0x00402f52
                                                                                                                0x00402f5d
                                                                                                                0x00402f62
                                                                                                                0x00402f64
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402f69
                                                                                                                0x00402f6c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402e52
                                                                                                                0x00402e57
                                                                                                                0x00402e5c
                                                                                                                0x00402e60
                                                                                                                0x00402e67
                                                                                                                0x00402e6c
                                                                                                                0x00402e6e
                                                                                                                0x00402e70
                                                                                                                0x00402e70
                                                                                                                0x00402e74
                                                                                                                0x00402e79
                                                                                                                0x00402e7b
                                                                                                                0x00402fa3
                                                                                                                0x00402f9a
                                                                                                                0x00000000
                                                                                                                0x00402f9a
                                                                                                                0x00402e81
                                                                                                                0x00402e88
                                                                                                                0x00402f04
                                                                                                                0x00402f08
                                                                                                                0x00402f0c
                                                                                                                0x00402f11
                                                                                                                0x00000000
                                                                                                                0x00402f08
                                                                                                                0x00402e91
                                                                                                                0x00402e96
                                                                                                                0x00402e99
                                                                                                                0x00402e9e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402ea0
                                                                                                                0x00402ea7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402ea9
                                                                                                                0x00402eb0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402eb2
                                                                                                                0x00402eb9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402ebb
                                                                                                                0x00402ec2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402ec4
                                                                                                                0x00402eca
                                                                                                                0x00402ed3
                                                                                                                0x00402ed9
                                                                                                                0x00402edc
                                                                                                                0x00402ede
                                                                                                                0x00402ee4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402eea
                                                                                                                0x00402eee
                                                                                                                0x00402ef6
                                                                                                                0x00402ef6
                                                                                                                0x00402ef9
                                                                                                                0x00402ef9
                                                                                                                0x00402efc
                                                                                                                0x00402efe
                                                                                                                0x00402f00
                                                                                                                0x00402f00
                                                                                                                0x00000000
                                                                                                                0x00402efe
                                                                                                                0x00402ef0
                                                                                                                0x00402ef4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402f12
                                                                                                                0x00402f12
                                                                                                                0x00402f18
                                                                                                                0x00402f24
                                                                                                                0x00402f24
                                                                                                                0x00402f27
                                                                                                                0x00402f2d
                                                                                                                0x00402f2d
                                                                                                                0x00402f2d
                                                                                                                0x00402f35
                                                                                                                0x00402f35
                                                                                                                0x00000000
                                                                                                                0x00402f35

                                                                                                                APIs
                                                                                                                • GetTickCount.KERNEL32 ref: 00402DD5
                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\SetupWIService.exe,00000400), ref: 00402DF1
                                                                                                                  • Part of subcall function 00405BA9: GetFileAttributesA.KERNELBASE(00000003,00402E04,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405BAD
                                                                                                                  • Part of subcall function 00405BA9: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BCF
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00437000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SetupWIService.exe,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00402E3D
                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00000020), ref: 00402F73
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                • String ID: TA$"C:\Users\user\Desktop\SetupWIService.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SetupWIService.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                • API String ID: 2803837635-2281235146
                                                                                                                • Opcode ID: a6173edc5218a8736919d7ec244e80ad4ff8d0a671bf7eda1f584d4bdf14a1ba
                                                                                                                • Instruction ID: 027006cf2d98db9fa9c400e5027e86f3261d974ae097fd254c994c4dc937b6e6
                                                                                                                • Opcode Fuzzy Hash: a6173edc5218a8736919d7ec244e80ad4ff8d0a671bf7eda1f584d4bdf14a1ba
                                                                                                                • Instruction Fuzzy Hash: FF51E471900215ABCB20AF64DE89B9F7BB8EB14359F50403BF500B32D1C6BC9E459AAD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406032 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 199stringCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 429 406032-40603d 430 406050-406066 429->430 431 40603f-40604e 429->431 432 406257-40625b 430->432 433 40606c-406077 430->433 431->430 435 406261-40626b 432->435 436 406089-406093 432->436 433->432 434 40607d-406084 433->434 434->432 438 406276-406277 435->438 439 40626d-406271 call 406010 435->439 436->435 437 406099-4060a0 436->437 440 4060a6-4060da 437->440 441 40624a 437->441 439->438 443 4060e0-4060ea 440->443 444 4061f7-4061fa 440->444 445 406254-406256 441->445 446 40624c-406252 441->446 447 406104 443->447 448 4060ec-4060f0 443->448 449 40622a-40622d 444->449 450 4061fc-4061ff 444->450 445->432 446->432 456 40610b-406112 447->456 448->447 453 4060f2-4060f6 448->453 451 40623b-406248 lstrlenA 449->451 452 40622f-406236 call 406032 449->452 454 406201-40620d call 405f6e 450->454 455 40620f-40621b call 406010 450->455 451->432 452->451 453->447 458 4060f8-4060fc 453->458 465 406220-406226 454->465 455->465 460 406114-406116 456->460 461 406117-406119 456->461 458->447 466 4060fe-406102 458->466 460->461 463 406152-406155 461->463 464 40611b-406136 call 405ef7 461->464 470 406165-406168 463->470 471 406157-406163 GetSystemDirectoryA 463->471 472 40613b-40613e 464->472 465->451 469 406228 465->469 466->456 473 4061ef-4061f5 call 40627a 469->473 475 4061d5-4061d7 470->475 476 40616a-406178 GetWindowsDirectoryA 470->476 474 4061d9-4061dc 471->474 477 406144-40614d call 406032 472->477 478 4061de-4061e2 472->478 473->451 474->473 474->478 475->474 479 40617a-406184 475->479 476->475 477->474 478->473 482 4061e4-4061ea lstrcatA 478->482 484 406186-406189 479->484 485 40619e-4061b4 SHGetSpecialFolderLocation 479->485 482->473 484->485 489 40618b-406192 484->489 486 4061d2 485->486 487 4061b6-4061d0 SHGetPathFromIDListA CoTaskMemFree 485->487 486->475 487->474 487->486 490 40619a-40619c 489->490 490->474 490->485
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E00406032(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x42ebdc; // 0x684cf5
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 +  *0x42f458;
				_t39 = 0x42e3a0;
				_t90 = 0x42e3a0;
				if(_a4 >= 0x42e3a0 && _a4 - 0x42e3a0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E00406032(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x42e3a0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = "0x0000565B" + (_t97 << 0xa);
							E00406010(_t90, "0x0000565B" + (_t97 << 0xa));
						} else {
							E00405F6E(_t90,  *0x42f408);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E0040627A(_t90);
						}
						goto L42;
					}
					_t52 =  *0x42f40c;
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x42f4a4;
						if( *0x42f4a4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x42f404;
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x42f408,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x42f408,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90); // executed
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E00405EF7((_t80 & 0x0000003f) +  *0x42f458, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x42f458, _t90, _t80 & 0x00000040); // executed
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E00406032(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E00406010(_a4, _t39);
			}



























                                                                                                                0x00406032
                                                                                                                0x00406032
                                                                                                                0x00406032
                                                                                                                0x00406038
                                                                                                                0x0040603d
                                                                                                                0x0040603f
                                                                                                                0x0040604e
                                                                                                                0x0040604e
                                                                                                                0x00406056
                                                                                                                0x00406057
                                                                                                                0x00406058
                                                                                                                0x00406059
                                                                                                                0x0040605c
                                                                                                                0x00406064
                                                                                                                0x00406066
                                                                                                                0x0040607d
                                                                                                                0x00406080
                                                                                                                0x00406080
                                                                                                                0x00406257
                                                                                                                0x00406257
                                                                                                                0x0040625b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040608d
                                                                                                                0x00406093
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406099
                                                                                                                0x0040609a
                                                                                                                0x0040609d
                                                                                                                0x004060a0
                                                                                                                0x0040624a
                                                                                                                0x00406254
                                                                                                                0x00406256
                                                                                                                0x00406256
                                                                                                                0x0040624c
                                                                                                                0x0040624e
                                                                                                                0x00406250
                                                                                                                0x00406251
                                                                                                                0x00406251
                                                                                                                0x00000000
                                                                                                                0x0040624a
                                                                                                                0x004060a6
                                                                                                                0x004060aa
                                                                                                                0x004060ba
                                                                                                                0x004060c1
                                                                                                                0x004060c4
                                                                                                                0x004060cc
                                                                                                                0x004060cf
                                                                                                                0x004060d6
                                                                                                                0x004060d7
                                                                                                                0x004060da
                                                                                                                0x004061f7
                                                                                                                0x004061fa
                                                                                                                0x0040622a
                                                                                                                0x0040622d
                                                                                                                0x00406232
                                                                                                                0x00406236
                                                                                                                0x00406236
                                                                                                                0x0040623b
                                                                                                                0x00406241
                                                                                                                0x00406243
                                                                                                                0x00000000
                                                                                                                0x00406243
                                                                                                                0x004061fc
                                                                                                                0x004061ff
                                                                                                                0x00406214
                                                                                                                0x0040621b
                                                                                                                0x00406201
                                                                                                                0x00406208
                                                                                                                0x00406208
                                                                                                                0x00406223
                                                                                                                0x00406226
                                                                                                                0x004061ef
                                                                                                                0x004061f0
                                                                                                                0x004061f0
                                                                                                                0x00000000
                                                                                                                0x00406226
                                                                                                                0x004060e0
                                                                                                                0x004060e7
                                                                                                                0x004060e9
                                                                                                                0x004060ea
                                                                                                                0x00406104
                                                                                                                0x00406104
                                                                                                                0x0040610b
                                                                                                                0x0040610b
                                                                                                                0x00406112
                                                                                                                0x00406116
                                                                                                                0x00406116
                                                                                                                0x00406117
                                                                                                                0x00406119
                                                                                                                0x00406152
                                                                                                                0x00406155
                                                                                                                0x00406165
                                                                                                                0x00406168
                                                                                                                0x00406170
                                                                                                                0x00406176
                                                                                                                0x00406176
                                                                                                                0x004061d5
                                                                                                                0x004061d5
                                                                                                                0x004061d7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040617a
                                                                                                                0x00406181
                                                                                                                0x00406182
                                                                                                                0x00406184
                                                                                                                0x0040619e
                                                                                                                0x004061ac
                                                                                                                0x004061b2
                                                                                                                0x004061b4
                                                                                                                0x004061d2
                                                                                                                0x004061d2
                                                                                                                0x004061d2
                                                                                                                0x00000000
                                                                                                                0x004061d2
                                                                                                                0x004061ba
                                                                                                                0x004061c3
                                                                                                                0x004061c6
                                                                                                                0x004061cc
                                                                                                                0x004061d0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004061d0
                                                                                                                0x00406186
                                                                                                                0x00406189
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406198
                                                                                                                0x0040619a
                                                                                                                0x0040619c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040619c
                                                                                                                0x00000000
                                                                                                                0x004061d5
                                                                                                                0x0040615d
                                                                                                                0x00000000
                                                                                                                0x0040611b
                                                                                                                0x00406136
                                                                                                                0x0040613b
                                                                                                                0x0040613e
                                                                                                                0x004061de
                                                                                                                0x004061de
                                                                                                                0x004061e2
                                                                                                                0x004061ea
                                                                                                                0x004061ea
                                                                                                                0x00000000
                                                                                                                0x004061e2
                                                                                                                0x00406148
                                                                                                                0x004061d9
                                                                                                                0x004061d9
                                                                                                                0x004061dc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004061dc
                                                                                                                0x00406119
                                                                                                                0x004060ec
                                                                                                                0x004060f0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004060f2
                                                                                                                0x004060f6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004060f8
                                                                                                                0x004060fc
                                                                                                                0x00000000
                                                                                                                0x004060fe
                                                                                                                0x004060fe
                                                                                                                0x00000000
                                                                                                                0x004060fe
                                                                                                                0x004060fc
                                                                                                                0x00406261
                                                                                                                0x0040626b
                                                                                                                0x00406277
                                                                                                                0x00406277
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 0040615D
                                                                                                                • GetWindowsDirectoryA.KERNEL32(Remove folder: ,00000400,?,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00000000,0040516F,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00000000), ref: 00406170
                                                                                                                • SHGetSpecialFolderLocation.SHELL32(0040516F,7476EA30,?,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00000000,0040516F,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00000000), ref: 004061AC
                                                                                                                • SHGetPathFromIDListA.SHELL32(7476EA30,Remove folder: ), ref: 004061BA
                                                                                                                • CoTaskMemFree.OLE32(7476EA30), ref: 004061C6
                                                                                                                • lstrcatA.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 004061EA
                                                                                                                • lstrlenA.KERNEL32(Remove folder: ,?,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00000000,0040516F,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00000000,00000000,00423A28,7476EA30), ref: 0040623C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                • String ID: 0x0000565B$Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                • API String ID: 717251189-299232420
                                                                                                                • Opcode ID: b5f21783dff86301b55f28ea11f9c7815398c55a2ca1ca21ed943f87329636d9
                                                                                                                • Instruction ID: 0eb145c1bee873094c14c85ea59bbbcbcc52f889deb60e0de917f7e6e63be494
                                                                                                                • Opcode Fuzzy Hash: b5f21783dff86301b55f28ea11f9c7815398c55a2ca1ca21ed943f87329636d9
                                                                                                                • Instruction Fuzzy Hash: F1610171900114AEDF24AF64CC84BBE3BA5AB15314F52417FE913BA2D2C77C49A2CB5E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401759 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 147stringtimeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 560 401759-40177c call 402b2c call 405a15 565 401786-401798 call 406010 call 4059a8 lstrcatA 560->565 566 40177e-401784 call 406010 560->566 572 40179d-4017a3 call 40627a 565->572 566->572 576 4017a8-4017ac 572->576 577 4017ae-4017b8 call 406313 576->577 578 4017df-4017e2 576->578 586 4017ca-4017dc 577->586 587 4017ba-4017c8 CompareFileTime 577->587 580 4017e4-4017e5 call 405b84 578->580 581 4017ea-401806 call 405ba9 578->581 580->581 588 401808-40180b 581->588 589 40187e-4018a7 call 405137 call 402ffb 581->589 586->578 587->586 590 401860-40186a call 405137 588->590 591 40180d-40184f call 406010 * 2 call 406032 call 406010 call 40572c 588->591 603 4018a9-4018ad 589->603 604 4018af-4018bb SetFileTime 589->604 601 401873-401879 590->601 591->576 624 401855-401856 591->624 605 4029c1 601->605 603->604 607 4018c1-4018cc FindCloseChangeNotification 603->607 604->607 609 4029c3-4029c7 605->609 610 4018d2-4018d5 607->610 611 4029b8-4029bb 607->611 612 4018d7-4018e8 call 406032 lstrcatA 610->612 613 4018ea-4018ed call 406032 610->613 611->605 619 4018f2-402353 call 40572c 612->619 613->619 619->609 619->611 624->601 625 401858-401859 624->625 625->590
                                                                                                                C-Code - Quality: 60%
                                                                                                                			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402B2C(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x34) & 0x00000007;
				_t33 = E00405A15(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E004059A8(E00406010(0x40a418, "C:\\Program Files\\Wildix\\WIService")), ??);
				} else {
					_push(0x40a418);
					E00406010();
				}
				E0040627A(0x40a418);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00406313(0x40a418);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x28);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405B84(0x40a418);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405BA9(0x40a418, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00405137(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x42f4a8;
						goto L32;
					} else {
						E00406010(0x40ac18, "0x0000565B");
						E00406010("0x0000565B", 0x40a418);
						E00406032(_t75, 0x40ac18, 0x40a418, "C:\Users\jones\AppData\Local\Temp\nshC8B4.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x20)));
						E00406010("0x0000565B", 0x40ac18);
						_t62 = E0040572C("C:\Users\jones\AppData\Local\Temp\nshC8B4.tmp\System.dll",  *(_t85 - 0x34) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x42f4a8 =  &( *0x42f4a8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x40a418);
								_push(0xfffffffa);
								E00405137();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00405137(0xffffffea,  *(_t85 - 8)); // executed
				 *0x42f4d4 =  *0x42f4d4 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 0xc));
				_push( *((intOrPtr*)(_t85 - 0x2c)));
				_t43 = E00402FFB(); // executed
				 *0x42f4d4 =  *0x42f4d4 - 1;
				__eflags =  *(_t85 - 0x28) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x28) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x28, _t75, _t85 - 0x28); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x24)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x24)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00406032(_t75, _t80, 0x40a418, 0x40a418, 0xffffffee);
					} else {
						E00406032(_t75, _t80, 0x40a418, 0x40a418, 0xffffffe9);
						lstrcatA(0x40a418,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x40a418);
					E0040572C();
					goto L29;
				}
				goto L33;
			}
















                                                                                                                0x00401759
                                                                                                                0x00401760
                                                                                                                0x00401769
                                                                                                                0x0040176c
                                                                                                                0x0040176f
                                                                                                                0x00401774
                                                                                                                0x0040177c
                                                                                                                0x00401798
                                                                                                                0x0040177e
                                                                                                                0x0040177e
                                                                                                                0x0040177f
                                                                                                                0x0040177f
                                                                                                                0x0040179e
                                                                                                                0x004017a8
                                                                                                                0x004017a8
                                                                                                                0x004017ac
                                                                                                                0x004017af
                                                                                                                0x004017b4
                                                                                                                0x004017b6
                                                                                                                0x004017b8
                                                                                                                0x004017bd
                                                                                                                0x004017bd
                                                                                                                0x004017c8
                                                                                                                0x004017c8
                                                                                                                0x004017d9
                                                                                                                0x004017db
                                                                                                                0x004017db
                                                                                                                0x004017dc
                                                                                                                0x004017dc
                                                                                                                0x004017df
                                                                                                                0x004017e2
                                                                                                                0x004017e5
                                                                                                                0x004017e5
                                                                                                                0x004017ec
                                                                                                                0x004017fb
                                                                                                                0x00401800
                                                                                                                0x00401803
                                                                                                                0x00401806
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401808
                                                                                                                0x0040180b
                                                                                                                0x00401865
                                                                                                                0x0040186a
                                                                                                                0x004015b0
                                                                                                                0x00402783
                                                                                                                0x00402783
                                                                                                                0x004029b8
                                                                                                                0x004029bb
                                                                                                                0x004029bb
                                                                                                                0x00000000
                                                                                                                0x0040180d
                                                                                                                0x00401813
                                                                                                                0x0040181e
                                                                                                                0x0040182b
                                                                                                                0x00401836
                                                                                                                0x0040184c
                                                                                                                0x0040184c
                                                                                                                0x0040184f
                                                                                                                0x00000000
                                                                                                                0x00401855
                                                                                                                0x00401855
                                                                                                                0x00401856
                                                                                                                0x00401873
                                                                                                                0x004029c1
                                                                                                                0x004029c1
                                                                                                                0x004029c1
                                                                                                                0x00401858
                                                                                                                0x00401858
                                                                                                                0x00401859
                                                                                                                0x00401492
                                                                                                                0x0040234e
                                                                                                                0x0040234e
                                                                                                                0x0040234e
                                                                                                                0x00401856
                                                                                                                0x0040184f
                                                                                                                0x004029c3
                                                                                                                0x004029c7
                                                                                                                0x004029c7
                                                                                                                0x00401883
                                                                                                                0x00401888
                                                                                                                0x0040188e
                                                                                                                0x0040188f
                                                                                                                0x00401890
                                                                                                                0x00401893
                                                                                                                0x00401896
                                                                                                                0x0040189b
                                                                                                                0x004018a1
                                                                                                                0x004018a5
                                                                                                                0x004018a7
                                                                                                                0x004018af
                                                                                                                0x004018bb
                                                                                                                0x004018a9
                                                                                                                0x004018a9
                                                                                                                0x004018ad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004018ad
                                                                                                                0x004018c4
                                                                                                                0x004018ca
                                                                                                                0x004018cc
                                                                                                                0x00000000
                                                                                                                0x004018d2
                                                                                                                0x004018d2
                                                                                                                0x004018d5
                                                                                                                0x004018ed
                                                                                                                0x004018d7
                                                                                                                0x004018da
                                                                                                                0x004018e3
                                                                                                                0x004018e3
                                                                                                                0x004018f2
                                                                                                                0x004018f7
                                                                                                                0x00402349
                                                                                                                0x00000000
                                                                                                                0x00402349
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Program Files\Wildix\WIService,00000000,00000000,00000031), ref: 00401798
                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Program Files\Wildix\WIService,00000000,00000000,00000031), ref: 004017C2
                                                                                                                  • Part of subcall function 00406010: lstrcpynA.KERNEL32(?,?,00000400,0040333D,Wildix Integration Service v3.11.3 Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040601D
                                                                                                                  • Part of subcall function 00405137: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00000000,00423A28,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                                                                  • Part of subcall function 00405137: lstrlenA.KERNEL32(00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00000000,00423A28,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                                                                  • Part of subcall function 00405137: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00403156,00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00000000,00423A28,7476EA30), ref: 00405193
                                                                                                                  • Part of subcall function 00405137: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\), ref: 004051A5
                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004051CB
                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004051E5
                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32(?,00001013,?,00000000), ref: 004051F3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                • String ID: 0x0000565B$C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\nshC8B4.tmp$C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\System.dll$Call
                                                                                                                • API String ID: 1941528284-3535108654
                                                                                                                • Opcode ID: d2d4c9be4c77887772f7a063183bc6da9d3610935c72e1bf3270bbb4a4cc9717
                                                                                                                • Instruction ID: fcac4804817dd72ce497849c2c59a0292666c96c0e268c836f952ab8254f0f2b
                                                                                                                • Opcode Fuzzy Hash: d2d4c9be4c77887772f7a063183bc6da9d3610935c72e1bf3270bbb4a4cc9717
                                                                                                                • Instruction Fuzzy Hash: 5941E571900114BACF10BBB5CD45E9F3A79EF45369F20823BF412F20E2DA7C8A519A6D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405137 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 627 405137-40514c 628 405202-405206 627->628 629 405152-405164 627->629 630 405166-40516a call 406032 629->630 631 40516f-40517b lstrlenA 629->631 630->631 632 405198-40519c 631->632 633 40517d-40518d lstrlenA 631->633 636 4051ab-4051af 632->636 637 40519e-4051a5 SetWindowTextA 632->637 633->628 635 40518f-405193 lstrcatA 633->635 635->632 638 4051b1-4051f3 SendMessageA * 3 636->638 639 4051f5-4051f7 636->639 637->636 638->639 639->628 640 4051f9-4051fc 639->640 640->628
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405137(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x42ebe4; // 0x1043e
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x42f4d4;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00406032(0, _t39, 0x42a050, 0x42a050, _a4);
					}
					_t26 = lstrlenA(0x42a050);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x42ebc8, 0x42a050); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42a050;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52); // executed
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x42a050)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x42a050, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                                0x0040513d
                                                                                                                0x00405149
                                                                                                                0x0040514c
                                                                                                                0x00405152
                                                                                                                0x0040515e
                                                                                                                0x00405161
                                                                                                                0x00405164
                                                                                                                0x0040516a
                                                                                                                0x0040516a
                                                                                                                0x00405170
                                                                                                                0x00405178
                                                                                                                0x0040517b
                                                                                                                0x00405198
                                                                                                                0x0040519c
                                                                                                                0x004051a5
                                                                                                                0x004051a5
                                                                                                                0x004051af
                                                                                                                0x004051b8
                                                                                                                0x004051c4
                                                                                                                0x004051cb
                                                                                                                0x004051cf
                                                                                                                0x004051d2
                                                                                                                0x004051e5
                                                                                                                0x004051f3
                                                                                                                0x004051f3
                                                                                                                0x004051f7
                                                                                                                0x004051f9
                                                                                                                0x004051fc
                                                                                                                0x00000000
                                                                                                                0x004051fc
                                                                                                                0x0040517d
                                                                                                                0x00405185
                                                                                                                0x0040518d
                                                                                                                0x00405193
                                                                                                                0x00000000
                                                                                                                0x00405193
                                                                                                                0x0040518d
                                                                                                                0x0040517b
                                                                                                                0x00405206

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00000000,00423A28,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                                                                • lstrlenA.KERNEL32(00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00000000,00423A28,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                                                                • lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00403156,00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00000000,00423A28,7476EA30), ref: 00405193
                                                                                                                • SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\), ref: 004051A5
                                                                                                                • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004051CB
                                                                                                                • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004051E5
                                                                                                                • SendMessageA.USER32(?,00001013,?,00000000), ref: 004051F3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\
                                                                                                                • API String ID: 2531174081-1952602683
                                                                                                                • Opcode ID: 2f522a59394b9be444cbcacf3a1b4d18be92345b96de9eacb0d1f76aaf85f54b
                                                                                                                • Instruction ID: 7d4789c60296e211bada9a9e2a19d16c38d622f2d1b0cadef69f4b7d7b7d07eb
                                                                                                                • Opcode Fuzzy Hash: 2f522a59394b9be444cbcacf3a1b4d18be92345b96de9eacb0d1f76aaf85f54b
                                                                                                                • Instruction Fuzzy Hash: CE21A971900118BFDB119FA5CD85ADEBFA9EF08354F04807AF844A6291C7398E408FA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402FFB Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 166COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 641 402ffb-40300f 642 403011 641->642 643 403018-403021 641->643 642->643 644 403023 643->644 645 40302a-40302f 643->645 644->645 646 403031-40303a call 403223 645->646 647 40303f-40304c call 40320d 645->647 646->647 651 403052-403056 647->651 652 4031fb 647->652 653 4031a6-4031a8 651->653 654 40305c-4030a5 GetTickCount 651->654 655 4031fd-4031fe 652->655 656 4031e8-4031eb 653->656 657 4031aa-4031ad 653->657 658 403203 654->658 659 4030ab-4030b3 654->659 660 403206-40320a 655->660 663 4031f0-4031f9 call 40320d 656->663 664 4031ed 656->664 657->658 665 4031af 657->665 658->660 661 4030b5 659->661 662 4030b8-4030c6 call 40320d 659->662 661->662 662->652 674 4030cc-4030d5 662->674 663->652 675 403200 663->675 664->663 668 4031b2-4031b8 665->668 671 4031ba 668->671 672 4031bc-4031ca call 40320d 668->672 671->672 672->652 678 4031cc-4031d8 call 405c50 672->678 677 4030db-4030fb call 4064cd 674->677 675->658 683 403101-403114 GetTickCount 677->683 684 40319e-4031a0 677->684 685 4031a2-4031a4 678->685 686 4031da-4031e4 678->686 687 403116-40311e 683->687 688 403159-40315b 683->688 684->655 685->655 686->668 689 4031e6 686->689 690 403120-403124 687->690 691 403126-403151 MulDiv wsprintfA call 405137 687->691 692 403192-403196 688->692 693 40315d-403161 688->693 689->658 690->688 690->691 700 403156 691->700 692->659 696 40319c 692->696 694 403163-40316a call 405c50 693->694 695 403178-403183 693->695 701 40316f-403171 694->701 699 403186-40318a 695->699 696->658 699->677 702 403190 699->702 700->688 701->685 703 403173-403176 701->703 702->658 703->699
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E00402FFB(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t65;
				long _t70;
				intOrPtr _t75;
				long _t76;
				intOrPtr _t77;
				void* _t78;
				int _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t96;
				signed int _t97;
				int _t98;
				int _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;

				_t97 = _a16;
				_t92 = _a12;
				_v12 = _t97;
				if(_t92 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t92;
				if(_t92 == 0) {
					_v16 = 0x421428;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E00403223( *0x42f478 + _t62);
				}
				if(E0040320D( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t92 != 0) {
							if(_a16 < _t97) {
								_t97 = _a16;
							}
							if(E0040320D(_t92, _t97) != 0) {
								_v8 = _t97;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t92) {
							goto L44;
						}
						_t88 = _v12;
						while(1) {
							_t98 = _a16;
							if(_a16 >= _t88) {
								_t98 = _t88;
							}
							if(E0040320D(0x41d428, _t98) == 0) {
								goto L41;
							}
							if(E00405C50(_a8, 0x41d428, _t98) == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t98;
							_a16 = _a16 - _t98;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x40bd8c =  *0x40bd8c & 0x00000000;
					 *0x40bd88 =  *0x40bd88 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x40b870 = 8;
					 *0x415418 = 0x40d410;
					 *0x415414 = 0x40d410;
					 *0x415410 = 0x415410;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E0040320D(0x41d428, _t99) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t99;
						 *0x40b860 = 0x41d428;
						 *0x40b864 = _t99;
						while(1) {
							_t95 = _v16;
							 *0x40b868 = _t95;
							 *0x40b86c = _v12;
							_t75 = E004064CD("@\xef\xbf							_v24 = _t75;
							if(_t75 < 0) {
								break;
							}
							_t100 =  *0x40b868; // 0x423a28
							_t101 = _t100 - _t95;
							_t76 = GetTickCount();
							_t96 = _t76;
							if(( *0x42f4d4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00405137(0,  &_v88); // executed
								_v20 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t77 =  *0x40b868; // 0x423a28
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_v16 = _t77;
									L23:
									if(_v24 != 1) {
										continue;
									}
									goto L44;
								}
								_t78 = E00405C50(_a8, _v16, _t101); // executed
								if(_t78 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t101;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}

























                                                                                                                0x00403003
                                                                                                                0x00403007
                                                                                                                0x0040300a
                                                                                                                0x0040300f
                                                                                                                0x00403011
                                                                                                                0x00403011
                                                                                                                0x00403018
                                                                                                                0x0040301c
                                                                                                                0x00403021
                                                                                                                0x00403023
                                                                                                                0x00403023
                                                                                                                0x0040302a
                                                                                                                0x0040302f
                                                                                                                0x0040303a
                                                                                                                0x0040303a
                                                                                                                0x0040304c
                                                                                                                0x004031fb
                                                                                                                0x004031fb
                                                                                                                0x00000000
                                                                                                                0x00403052
                                                                                                                0x00403056
                                                                                                                0x004031a8
                                                                                                                0x004031eb
                                                                                                                0x004031ed
                                                                                                                0x004031ed
                                                                                                                0x004031f9
                                                                                                                0x00403200
                                                                                                                0x00403203
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004031f9
                                                                                                                0x004031ad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004031af
                                                                                                                0x004031b2
                                                                                                                0x004031b5
                                                                                                                0x004031b8
                                                                                                                0x004031ba
                                                                                                                0x004031ba
                                                                                                                0x004031ca
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004031d8
                                                                                                                0x004031a2
                                                                                                                0x004031a2
                                                                                                                0x004031fd
                                                                                                                0x004031fd
                                                                                                                0x00000000
                                                                                                                0x004031fd
                                                                                                                0x004031da
                                                                                                                0x004031dd
                                                                                                                0x004031e4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004031e6
                                                                                                                0x00000000
                                                                                                                0x004031b2
                                                                                                                0x00403062
                                                                                                                0x00403064
                                                                                                                0x0040306b
                                                                                                                0x00403072
                                                                                                                0x00403072
                                                                                                                0x00403079
                                                                                                                0x00403081
                                                                                                                0x0040308b
                                                                                                                0x00403090
                                                                                                                0x00403098
                                                                                                                0x004030a2
                                                                                                                0x004030a5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004030ab
                                                                                                                0x004030ab
                                                                                                                0x004030ab
                                                                                                                0x004030b3
                                                                                                                0x004030b5
                                                                                                                0x004030b5
                                                                                                                0x004030c6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004030cc
                                                                                                                0x004030cf
                                                                                                                0x004030d5
                                                                                                                0x004030db
                                                                                                                0x004030db
                                                                                                                0x004030e6
                                                                                                                0x004030ec
                                                                                                                0x004030f1
                                                                                                                0x004030f8
                                                                                                                0x004030fb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403101
                                                                                                                0x00403107
                                                                                                                0x00403109
                                                                                                                0x00403112
                                                                                                                0x00403114
                                                                                                                0x00403142
                                                                                                                0x00403148
                                                                                                                0x00403151
                                                                                                                0x00403156
                                                                                                                0x00403156
                                                                                                                0x0040315b
                                                                                                                0x00403196
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040315d
                                                                                                                0x00403161
                                                                                                                0x00403178
                                                                                                                0x0040317d
                                                                                                                0x00403180
                                                                                                                0x00403183
                                                                                                                0x00403186
                                                                                                                0x0040318a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403190
                                                                                                                0x0040316a
                                                                                                                0x00403171
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403173
                                                                                                                0x00000000
                                                                                                                0x00403173
                                                                                                                0x0040315b
                                                                                                                0x0040319e
                                                                                                                0x00000000
                                                                                                                0x0040319e
                                                                                                                0x00000000
                                                                                                                0x004030ab

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CountTick$wsprintf
                                                                                                                • String ID: (:B$... %d%%$@A
                                                                                                                • API String ID: 551687249-3855023115
                                                                                                                • Opcode ID: fadbfff98126c3f33fc218ff52c7570f2bc54738a50a490896210387b9f65f46
                                                                                                                • Instruction ID: 2f86f0e091d903dd4c8dc1f0d7d1d97a23866136c8ad304ef4da6da149bc5d25
                                                                                                                • Opcode Fuzzy Hash: fadbfff98126c3f33fc218ff52c7570f2bc54738a50a490896210387b9f65f46
                                                                                                                • Instruction Fuzzy Hash: D2518D71801219EBDB10DF65DA44A9E7FB8EF08316F10817BE810B72E1C7789B44CBA9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040206A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 704 40206a-402076 705 402131-402133 704->705 706 40207c-402092 call 402b2c * 2 704->706 707 4022a4-4022a9 call 401423 705->707 715 4020a1-4020af LoadLibraryExA 706->715 716 402094-40209f GetModuleHandleA 706->716 713 4029b8-4029c7 707->713 718 4020b1-4020be GetProcAddress 715->718 719 40212a-40212c 715->719 716->715 716->718 721 4020c0-4020c6 718->721 722 4020fd-402102 call 405137 718->722 719->707 723 4020c8-4020d4 call 401423 721->723 724 4020df-4020fb KiUserCallbackDispatcher 721->724 727 402107-40210a 722->727 723->727 734 4020d6-4020dd 723->734 724->727 727->713 729 402110-402118 call 4037cd 727->729 729->713 733 40211e-402125 FreeLibrary 729->733 733->713 734->727
                                                                                                                C-Code - Quality: 60%
                                                                                                                			E0040206A(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x42f4d8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42f4a8 =  *0x42f4a8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402B2C(0xfffffff0);
				 *(_t34 + 8) = E00402B2C(1);
				if( *((intOrPtr*)(_t34 - 0x24)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00405137(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x2c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, "0x0000565B", 0x40b858, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x2c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x28)) == _t27 && E004037CD(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                0x0040206a
                                                                                                                0x0040206a
                                                                                                                0x0040206f
                                                                                                                0x00402076
                                                                                                                0x00402131
                                                                                                                0x004022a4
                                                                                                                0x004022a4
                                                                                                                0x004029b8
                                                                                                                0x004029bb
                                                                                                                0x004029c7
                                                                                                                0x004029c7
                                                                                                                0x00402085
                                                                                                                0x0040208f
                                                                                                                0x00402092
                                                                                                                0x004020a1
                                                                                                                0x004020a5
                                                                                                                0x004020ab
                                                                                                                0x004020af
                                                                                                                0x0040212a
                                                                                                                0x00000000
                                                                                                                0x0040212a
                                                                                                                0x004020b1
                                                                                                                0x004020ba
                                                                                                                0x004020be
                                                                                                                0x00402102
                                                                                                                0x004020c0
                                                                                                                0x004020c3
                                                                                                                0x004020c6
                                                                                                                0x004020f6
                                                                                                                0x004020c8
                                                                                                                0x004020cb
                                                                                                                0x004020d4
                                                                                                                0x004020d6
                                                                                                                0x004020d6
                                                                                                                0x004020d4
                                                                                                                0x004020c6
                                                                                                                0x0040210a
                                                                                                                0x0040211f
                                                                                                                0x0040211f
                                                                                                                0x00000000
                                                                                                                0x0040210a
                                                                                                                0x00402095
                                                                                                                0x0040209b
                                                                                                                0x0040209f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00402095
                                                                                                                • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020A5
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 004020B5
                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00000400,0x0000565B,0040B858,0040A000,?,00000008,00000001,000000F0), ref: 004020F6
                                                                                                                  • Part of subcall function 00405137: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00000000,00423A28,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                                                                  • Part of subcall function 00405137: lstrlenA.KERNEL32(00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00000000,00423A28,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                                                                  • Part of subcall function 00405137: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00403156,00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00000000,00423A28,7476EA30), ref: 00405193
                                                                                                                  • Part of subcall function 00405137: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\), ref: 004051A5
                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004051CB
                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004051E5
                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32(?,00001013,?,00000000), ref: 004051F3
                                                                                                                • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040211F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Librarylstrlen$AddressCallbackDispatcherFreeHandleLoadModuleProcTextUserWindowlstrcat
                                                                                                                • String ID: 0x0000565B
                                                                                                                • API String ID: 4236411475-2500309308
                                                                                                                • Opcode ID: 532ce0de4b0eb58012e9db3c58e41f5788510b7f5f76953fa1d2d9dfe9513583
                                                                                                                • Instruction ID: 166643d80e3f452ca3a3677f95ea327ecca8534a485506fba34b2def260d9046
                                                                                                                • Opcode Fuzzy Hash: 532ce0de4b0eb58012e9db3c58e41f5788510b7f5f76953fa1d2d9dfe9513583
                                                                                                                • Instruction Fuzzy Hash: EA21C671900214ABCF217FA4CF89AAE7A74AF15318F20413BF601B62D0D6FD49829A5E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004055FD Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 735 4055fd-405648 CreateDirectoryA 736 40564a-40564c 735->736 737 40564e-40565b GetLastError 735->737 738 405675-405677 736->738 737->738 739 40565d-405671 SetFileSecurityA 737->739 739->736 740 405673 GetLastError 739->740 740->738
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004055FD(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40837c;
				_v36.Group = 0x40837c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40836c;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                                                0x00405608
                                                                                                                0x0040560c
                                                                                                                0x0040560f
                                                                                                                0x00405615
                                                                                                                0x00405619
                                                                                                                0x0040561d
                                                                                                                0x00405625
                                                                                                                0x0040562c
                                                                                                                0x00405632
                                                                                                                0x00405639
                                                                                                                0x00405640
                                                                                                                0x00405648
                                                                                                                0x0040564a
                                                                                                                0x00000000
                                                                                                                0x0040564a
                                                                                                                0x00405654
                                                                                                                0x0040565b
                                                                                                                0x00405671
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405673
                                                                                                                0x00405677

                                                                                                                APIs
                                                                                                                • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405640
                                                                                                                • GetLastError.KERNEL32 ref: 00405654
                                                                                                                • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405669
                                                                                                                • GetLastError.KERNEL32 ref: 00405673
                                                                                                                Strings
                                                                                                                • C:\Users\user\Desktop, xrefs: 004055FD
                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405623
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                                                                                • API String ID: 3449924974-2028306314
                                                                                                                • Opcode ID: 3f07113bbed92aa299f899006a5ac68722d9e9d13463f273e10feef126da3ab7
                                                                                                                • Instruction ID: eb9787142c6b7489d22a19a099e3bfbf20428df61be735a73e08cf58b85abbae
                                                                                                                • Opcode Fuzzy Hash: 3f07113bbed92aa299f899006a5ac68722d9e9d13463f273e10feef126da3ab7
                                                                                                                • Instruction Fuzzy Hash: 89010871C00219EAEF009FA1C904BEFBBB8EB14354F00847AD545B6290DB7996088FA9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040633A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 741 40633a-40635a GetSystemDirectoryA 742 40635c 741->742 743 40635e-406360 741->743 742->743 744 406370-406372 743->744 745 406362-40636a 743->745 747 406373-4063a5 wsprintfA LoadLibraryExA 744->747 745->744 746 40636c-40636e 745->746 746->747
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040633A(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                                                                                0x00406351
                                                                                                                0x0040635a
                                                                                                                0x0040635c
                                                                                                                0x0040635c
                                                                                                                0x00406360
                                                                                                                0x00406372
                                                                                                                0x0040636c
                                                                                                                0x0040636c
                                                                                                                0x0040636c
                                                                                                                0x00406376
                                                                                                                0x0040638a
                                                                                                                0x0040639e
                                                                                                                0x004063a5

                                                                                                                APIs
                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 00406351
                                                                                                                • wsprintfA.USER32 ref: 0040638A
                                                                                                                • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040639E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                • String ID: %s%s.dll$UXTHEME$\
                                                                                                                • API String ID: 2200240437-4240819195
                                                                                                                • Opcode ID: 99878a05f639d6717cee7e73d8174e66263622090e4b33b6bcde024c159c7dc8
                                                                                                                • Instruction ID: 4d0fdf3fe302aa3e605d302367287b0bc06203fc89102858e08200231af957cf
                                                                                                                • Opcode Fuzzy Hash: 99878a05f639d6717cee7e73d8174e66263622090e4b33b6bcde024c159c7dc8
                                                                                                                • Instruction Fuzzy Hash: 9EF0F670510609ABEB24AB74DD0DFEB366CAB08305F14057AAA86E11D1EA78D9358BDC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405BD8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 748 405bd8-405be2 749 405be3-405c0e GetTickCount GetTempFileNameA 748->749 750 405c10-405c12 749->750 751 405c1d-405c1f 749->751 750->749 752 405c14 750->752 753 405c17-405c1a 751->753 752->753
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405BD8(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3b4; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                                                                                                0x00405bdc
                                                                                                                0x00405be2
                                                                                                                0x00405be3
                                                                                                                0x00405be3
                                                                                                                0x00405be8
                                                                                                                0x00405be9
                                                                                                                0x00405bec
                                                                                                                0x00405bf6
                                                                                                                0x00405c03
                                                                                                                0x00405c06
                                                                                                                0x00405c0e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405c12
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405c14
                                                                                                                0x00000000
                                                                                                                0x00405c14
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetTickCount.KERNEL32 ref: 00405BEC
                                                                                                                • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000006,00000008,0000000A), ref: 00405C06
                                                                                                                Strings
                                                                                                                • "C:\Users\user\Desktop\SetupWIService.exe", xrefs: 00405BD8
                                                                                                                • nsa, xrefs: 00405BE3
                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BDB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                • String ID: "C:\Users\user\Desktop\SetupWIService.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                • API String ID: 1716503409-1085235570
                                                                                                                • Opcode ID: 81a8a72dc23b4af90602e2553ee1124644ae594fa0167b908fb3a738e8e2aa10
                                                                                                                • Instruction ID: 7981c9ddf24778652055132877b92488972f9a5eb9cf132aa873dca7e4a118a1
                                                                                                                • Opcode Fuzzy Hash: 81a8a72dc23b4af90602e2553ee1124644ae594fa0167b908fb3a738e8e2aa10
                                                                                                                • Instruction Fuzzy Hash: 0FF082363183046BEB109F56DD04B9B7BA9DFD2750F14803BFA489B290D6B4A9548B58
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401D41 Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 754 401d41-401d45 755 401d54-401d58 GetDlgItem 754->755 756 401d47-401d52 call 402b0a 754->756 758 401d5e-401d87 755->758 756->758 760 401d91 758->760 761 401d89-401d8f call 402b2c 758->761 763 401d95-401de5 GetClientRect LoadImageA SendMessageA 760->763 761->763 765 4029b8-4029c7 763->765 766 401deb-401ded 763->766 766->765 767 401df3-401dfa DeleteObject 766->767 767->765
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E00401D41(int __edx) {
				struct HWND__* _t24;
				CHAR* _t30;
				long _t39;
				void* _t40;
				void* _t44;
				signed int _t46;
				int _t50;
				signed int _t53;
				void* _t57;

				_t48 = __edx;
				if(( *(_t57 - 0x2b) & 0x00000001) == 0) {
					_t24 = GetDlgItem( *(_t57 - 8), __edx);
				} else {
					_t24 = E00402B0A(1);
					 *(_t57 - 0x10) = _t48;
				}
				_t46 =  *(_t57 - 0x2c);
				 *(_t57 + 8) = _t24;
				 *(_t57 - 8) = _t46 >> 0x1f;
				_t50 = _t46 & 0x00000003;
				_t53 = _t46 & 0x00000004;
				 *(_t57 - 0x1c) = _t46 >> 0x0000001e & 0x00000001;
				if((_t46 & 0x00010000) == 0) {
					_t30 =  *(_t57 - 0x34) & 0x0000ffff;
				} else {
					_t30 = E00402B2C(_t44);
				}
				 *(_t57 - 0xc) = _t30;
				GetClientRect( *(_t57 + 8), _t57 - 0x58);
				asm("sbb esi, esi");
				_t39 = LoadImageA( ~_t53 &  *0x42f400,  *(_t57 - 0xc), _t50,  *(_t57 - 0x50) *  *(_t57 - 8),  *(_t57 - 0x4c) *  *(_t57 - 0x1c),  *(_t57 - 0x2c) & 0x0000fef0); // executed
				_t40 = SendMessageA( *(_t57 + 8), 0x172, _t50, _t39); // executed
				if(_t40 != _t44 && _t50 == _t44) {
					DeleteObject(_t40);
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t57 - 4));
				return 0;
			}












                                                                                                                0x00401d41
                                                                                                                0x00401d45
                                                                                                                0x00401d58
                                                                                                                0x00401d47
                                                                                                                0x00401d49
                                                                                                                0x00401d4f
                                                                                                                0x00401d4f
                                                                                                                0x00401d5e
                                                                                                                0x00401d61
                                                                                                                0x00401d6b
                                                                                                                0x00401d72
                                                                                                                0x00401d78
                                                                                                                0x00401d84
                                                                                                                0x00401d87
                                                                                                                0x00401d91
                                                                                                                0x00401d89
                                                                                                                0x00401d8a
                                                                                                                0x00401d8a
                                                                                                                0x00401d95
                                                                                                                0x00401d9f
                                                                                                                0x00401dc4
                                                                                                                0x00401dcd
                                                                                                                0x00401ddd
                                                                                                                0x00401de5
                                                                                                                0x00401df4
                                                                                                                0x00401df4
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 1849352358-0
                                                                                                                • Opcode ID: 00f1612270fd0f543acd8efcffc28e16e01318b1b3b826732ee9862bf9fbfd2f
                                                                                                                • Instruction ID: 7a7dd6c208c7a4d57f36c402fdb0fe657614a2e015b6db45afd3f1aca9992802
                                                                                                                • Opcode Fuzzy Hash: 00f1612270fd0f543acd8efcffc28e16e01318b1b3b826732ee9862bf9fbfd2f
                                                                                                                • Instruction Fuzzy Hash: 30215172E00109AFDB05DF98DE44AEEBBB9FB58310F10403AF945F62A1CB789941CB58
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401C0A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 59%
                                                                                                                			E00401C0A(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402B0A(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402B0A(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x20) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402B2C(0x33);
				}
				__eflags =  *(_t64 - 0x20) & 0x00000002;
				if(( *(_t64 - 0x20) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402B2C(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x38)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402B2C();
					_t32 = E00402B2C();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32); // executed
					goto L10;
				} else {
					_t61 = E00402B0A();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402B0A(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x20) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8)); // executed
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x34)) >= _t46) {
					_push( *(_t64 - 0xc));
					E00405F6E();
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                                                0x00401c0a
                                                                                                                0x00401c0c
                                                                                                                0x00401c13
                                                                                                                0x00401c16
                                                                                                                0x00401c19
                                                                                                                0x00401c23
                                                                                                                0x00401c27
                                                                                                                0x00401c2a
                                                                                                                0x00401c33
                                                                                                                0x00401c33
                                                                                                                0x00401c36
                                                                                                                0x00401c3a
                                                                                                                0x00401c43
                                                                                                                0x00401c43
                                                                                                                0x00401c46
                                                                                                                0x00401c4a
                                                                                                                0x00401c4c
                                                                                                                0x00401ca1
                                                                                                                0x00401ca3
                                                                                                                0x00401cac
                                                                                                                0x00401cb4
                                                                                                                0x00401cb7
                                                                                                                0x00401cb7
                                                                                                                0x00401cc0
                                                                                                                0x00000000
                                                                                                                0x00401c4e
                                                                                                                0x00401c55
                                                                                                                0x00401c57
                                                                                                                0x00401c5a
                                                                                                                0x00401c60
                                                                                                                0x00401c67
                                                                                                                0x00401c6a
                                                                                                                0x00401c92
                                                                                                                0x00401cc6
                                                                                                                0x00401cc6
                                                                                                                0x00401c6c
                                                                                                                0x00401c7a
                                                                                                                0x00401c82
                                                                                                                0x00401c85
                                                                                                                0x00401c85
                                                                                                                0x00401c6a
                                                                                                                0x00401cc9
                                                                                                                0x00401ccc
                                                                                                                0x00401cd2
                                                                                                                0x00402960
                                                                                                                0x00402960
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C7A
                                                                                                                • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C92
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                • String ID: !
                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                • Opcode ID: d1a5455d7aacc09bf912e97d7887ce2258fe7abf1a6a230a252a42dd7e2e40c1
                                                                                                                • Instruction ID: f2250e9d7a54984aac42e0f48c7b57cae310fb8b86675e6ff90c870375dfe4cb
                                                                                                                • Opcode Fuzzy Hash: d1a5455d7aacc09bf912e97d7887ce2258fe7abf1a6a230a252a42dd7e2e40c1
                                                                                                                • Instruction Fuzzy Hash: 4D216BB1944208BEEF06AFA4D98AAAD7FB5EB44304F10447EF501B61D1C7B88640DB18
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040243D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E0040243D(void* __eax, int __ebx, intOrPtr __edx, void* __eflags) {
				void* _t18;
				void* _t19;
				int _t22;
				long _t23;
				int _t28;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t35;
				void* _t37;
				void* _t40;

				_t40 = __eflags;
				_t31 = __edx;
				_t28 = __ebx;
				_t35 =  *((intOrPtr*)(_t37 - 0x24));
				_t32 = __eax;
				 *(_t37 - 0x10) =  *(_t37 - 0x20);
				 *(_t37 - 0x4c) = E00402B2C(2);
				_t18 = E00402B2C(0x11);
				 *(_t37 - 4) = 1;
				_t19 = E00402BBC(_t40, _t32, _t18, 2); // executed
				 *(_t37 + 8) = _t19;
				if(_t19 != __ebx) {
					_t22 = 0;
					if(_t35 == 1) {
						E00402B2C(0x23);
						_t22 = lstrlenA(0x40ac18) + 1;
					}
					if(_t35 == 4) {
						 *0x40ac18 = E00402B0A(3);
						 *((intOrPtr*)(_t37 - 0x44)) = _t31;
						_t22 = _t35;
					}
					if(_t35 == 3) {
						_t22 = E00402FFB( *((intOrPtr*)(_t37 - 0x28)), _t28, 0x40ac18, 0xc00);
					}
					_t23 = RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x4c), _t28,  *(_t37 - 0x10), 0x40ac18, _t22); // executed
					if(_t23 == 0) {
						 *(_t37 - 4) = _t28;
					}
					_push( *(_t37 + 8));
					RegCloseKey(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *(_t37 - 4);
				return 0;
			}













                                                                                                                0x0040243d
                                                                                                                0x0040243d
                                                                                                                0x0040243d
                                                                                                                0x0040243d
                                                                                                                0x00402440
                                                                                                                0x00402447
                                                                                                                0x00402451
                                                                                                                0x00402454
                                                                                                                0x0040245d
                                                                                                                0x00402464
                                                                                                                0x0040246b
                                                                                                                0x0040246e
                                                                                                                0x00402474
                                                                                                                0x0040247e
                                                                                                                0x00402482
                                                                                                                0x0040248d
                                                                                                                0x0040248d
                                                                                                                0x00402491
                                                                                                                0x0040249b
                                                                                                                0x004024a1
                                                                                                                0x004024a4
                                                                                                                0x004024a4
                                                                                                                0x004024a8
                                                                                                                0x004024b4
                                                                                                                0x004024b4
                                                                                                                0x004024c5
                                                                                                                0x004024cd
                                                                                                                0x004024cf
                                                                                                                0x004024cf
                                                                                                                0x004024d2
                                                                                                                0x004025a9
                                                                                                                0x004025a9
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nshC8B4.tmp,00000023,00000011,00000002), ref: 00402488
                                                                                                                • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nshC8B4.tmp,00000000,00000011,00000002), ref: 004024C5
                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nshC8B4.tmp,00000000,00000011,00000002), ref: 004025A9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseValuelstrlen
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp
                                                                                                                • API String ID: 2655323295-2504134488
                                                                                                                • Opcode ID: f1dd4037575d159028695845c9c4be7eecc0a8903ea0084234afb2cd50fea4d1
                                                                                                                • Instruction ID: 559559637a649bcd28a1cc64439ef7fed2494afba8ff337a7fe29a68e97d1b61
                                                                                                                • Opcode Fuzzy Hash: f1dd4037575d159028695845c9c4be7eecc0a8903ea0084234afb2cd50fea4d1
                                                                                                                • Instruction Fuzzy Hash: 26115E71E00218AFEB01AFA58E49EAE7AB4EB48314F21443BF504B71C1D6F95D419B68
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405A96 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E00405A96(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00406010(0x42bc78, _a4);
				_t21 = E00405A41(0x42bc78);
				if(_t21 != 0) {
					E0040627A(_t21);
					if(( *0x42f41c & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x42bc78;
						while(1) {
							_t11 = lstrlenA(0x42bc78);
							_push(0x42bc78);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00406313();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E004059EF(0x42bc78);
								continue;
							} else {
								goto L1;
							}
						}
						E004059A8();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                                                0x00405aa2
                                                                                                                0x00405aad
                                                                                                                0x00405ab1
                                                                                                                0x00405ab8
                                                                                                                0x00405ac4
                                                                                                                0x00405ad0
                                                                                                                0x00405ad0
                                                                                                                0x00405ae8
                                                                                                                0x00405ae9
                                                                                                                0x00405af0
                                                                                                                0x00405af1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405ad4
                                                                                                                0x00405adb
                                                                                                                0x00405ae3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405adb
                                                                                                                0x00405af3
                                                                                                                0x00405af9
                                                                                                                0x00000000
                                                                                                                0x00405b07
                                                                                                                0x00405ac6
                                                                                                                0x00405aca
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405aca
                                                                                                                0x00405ab3
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00406010: lstrcpynA.KERNEL32(?,?,00000400,0040333D,Wildix Integration Service v3.11.3 Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040601D
                                                                                                                  • Part of subcall function 00405A41: CharNextA.USER32(?,?,C:\,?,00405AAD,C:\,C:\,7476FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A4F
                                                                                                                  • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A54
                                                                                                                  • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A68
                                                                                                                • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,7476FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405AE9
                                                                                                                • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,7476FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,7476FA90,C:\Users\user\AppData\Local\Temp\), ref: 00405AF9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                                                                                • API String ID: 3248276644-3049482934
                                                                                                                • Opcode ID: a0e90dbc06f1550ade5f4dfcb0fddeac6c7db65a8ba4490088ce0944d0043635
                                                                                                                • Instruction ID: 19c9bca0149f7da3aa3ccb8fe98c792d35a3de88cc2685bd8f8020a319c38c36
                                                                                                                • Opcode Fuzzy Hash: a0e90dbc06f1550ade5f4dfcb0fddeac6c7db65a8ba4490088ce0944d0043635
                                                                                                                • Instruction Fuzzy Hash: 94F0F425305D6116DA22323A5D85AAF2A44CED632471A073BF852B12C3DB3C89439DFE
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402C2E Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E00402C2E(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				char _v272;
				void* _t19;
				signed int _t25;
				intOrPtr* _t27;
				signed int _t32;
				signed int _t33;
				signed int _t34;

				_t33 = _a12;
				_t34 = _t33 & 0x00000300;
				_t32 = _t33 & 0x00000001;
				_t19 = E00405E96(__eflags, _a4, _a8, _t34 | 0x00000008,  &_v8); // executed
				if(_t19 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _t32;
						if(__eflags != 0) {
							RegCloseKey(_v8);
							return 0x3eb;
						}
						_t25 = E00402C2E(__eflags, _v8,  &_v272, _a12);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E004063A8(3);
					if(_t27 == 0) {
						return RegDeleteKeyA(_a4, _a8);
					}
					return  *_t27(_a4, _a8, _t34, 0);
				}
				return _t19;
			}











                                                                                                                0x00402c39
                                                                                                                0x00402c42
                                                                                                                0x00402c4b
                                                                                                                0x00402c57
                                                                                                                0x00402c5e
                                                                                                                0x00402c82
                                                                                                                0x00402c68
                                                                                                                0x00402c6a
                                                                                                                0x00402cbd
                                                                                                                0x00000000
                                                                                                                0x00402cc3
                                                                                                                0x00402c79
                                                                                                                0x00402c7e
                                                                                                                0x00402c80
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402c80
                                                                                                                0x00402c9c
                                                                                                                0x00402ca4
                                                                                                                0x00402cab
                                                                                                                0x00000000
                                                                                                                0x00402cd0
                                                                                                                0x00000000
                                                                                                                0x00402cb6
                                                                                                                0x00402cda

                                                                                                                APIs
                                                                                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402C93
                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402C9C
                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402CBD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Close$Enum
                                                                                                                • String ID:
                                                                                                                • API String ID: 464197530-0
                                                                                                                • Opcode ID: effb832a44eae474ef75c518ed00afd6638a3a1b55d5a88c518eff5d822b0912
                                                                                                                • Instruction ID: 2c23bb11d6ae01cf130d195ddd5538b48d854d6e1d77fd04796d14e07e1bb179
                                                                                                                • Opcode Fuzzy Hash: effb832a44eae474ef75c518ed00afd6638a3a1b55d5a88c518eff5d822b0912
                                                                                                                • Instruction Fuzzy Hash: 70116A32504109FBEF129F90DF09B9E7B6DEB54340F204036BD45B61E0E7B59E15ABA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 87%
                                                                                                                			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402B2C(0xfffffff0);
				_t13 = E00405A41(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E004059D3(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E0040567A(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x2c)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x2c)) == _t26 || E00405697(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E004055FD(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x30)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406010("C:\\Program Files\\Wildix\\WIService", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                                                                                0x004015bb
                                                                                                                0x004015c2
                                                                                                                0x004015c5
                                                                                                                0x004015ca
                                                                                                                0x004015ce
                                                                                                                0x004015d0
                                                                                                                0x004015d8
                                                                                                                0x004015da
                                                                                                                0x004015dc
                                                                                                                0x004015e0
                                                                                                                0x004015e3
                                                                                                                0x004015fb
                                                                                                                0x004015fc
                                                                                                                0x004015e5
                                                                                                                0x004015e5
                                                                                                                0x004015e8
                                                                                                                0x00000000
                                                                                                                0x004015f3
                                                                                                                0x004015f4
                                                                                                                0x004015f4
                                                                                                                0x004015e8
                                                                                                                0x00401603
                                                                                                                0x0040160a
                                                                                                                0x00401617
                                                                                                                0x00401617
                                                                                                                0x0040160c
                                                                                                                0x0040160d
                                                                                                                0x00401615
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401615
                                                                                                                0x0040160a
                                                                                                                0x0040161a
                                                                                                                0x0040161d
                                                                                                                0x0040161f
                                                                                                                0x00401620
                                                                                                                0x004015d0
                                                                                                                0x00401627
                                                                                                                0x00401652
                                                                                                                0x004022a4
                                                                                                                0x00401629
                                                                                                                0x0040162b
                                                                                                                0x00401636
                                                                                                                0x0040163c
                                                                                                                0x00401644
                                                                                                                0x0040164a
                                                                                                                0x0040164a
                                                                                                                0x00401644
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405A41: CharNextA.USER32(?,?,C:\,?,00405AAD,C:\,C:\,7476FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A4F
                                                                                                                  • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A54
                                                                                                                  • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A68
                                                                                                                • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                                                                                  • Part of subcall function 004055FD: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405640
                                                                                                                • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Program Files\Wildix\WIService,00000000,00000000,000000F0), ref: 0040163C
                                                                                                                Strings
                                                                                                                • C:\Program Files\Wildix\WIService, xrefs: 00401631
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                • String ID: C:\Program Files\Wildix\WIService
                                                                                                                • API String ID: 1892508949-2436880260
                                                                                                                • Opcode ID: 08a3087bb2a30077ba34e7e92968e352eff6a2b7baf1aa2c3a4ea80dfe544a50
                                                                                                                • Instruction ID: 1afb8a6b6fc663fc0b529d5452f3d1f5a7876e1f873962654dbae4e79628cbca
                                                                                                                • Opcode Fuzzy Hash: 08a3087bb2a30077ba34e7e92968e352eff6a2b7baf1aa2c3a4ea80dfe544a50
                                                                                                                • Instruction Fuzzy Hash: 08112731508141EBCB217FB54D41A7F36B4AE96324F68093FE4D1B22E2D63D4842AA2F
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401EC3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 69%
                                                                                                                			E00401EC3(void* __ecx, void* __eflags) {
				intOrPtr _t20;
				void* _t39;
				void* _t42;
				void* _t47;

				_t42 = __ecx;
				_t45 = E00402B2C(_t39);
				_t20 = E00402B2C(0x31);
				_t43 = E00402B2C(0x22);
				E00402B2C(0x15);
				E00401423(0xffffffec);
				 *(_t47 - 0x80) =  *(_t47 - 0x24);
				 *((intOrPtr*)(_t47 - 0x7c)) =  *((intOrPtr*)(_t47 - 8));
				 *((intOrPtr*)(_t47 - 0x68)) =  *((intOrPtr*)(_t47 - 0x28));
				asm("sbb eax, eax");
				 *((intOrPtr*)(_t47 - 0x74)) = _t20;
				 *(_t47 - 0x78) =  ~( *_t19) & _t45;
				asm("sbb eax, eax");
				 *(_t47 - 0x6c) = "C:\\Program Files\\Wildix\\WIService";
				 *(_t47 - 0x70) =  ~( *_t21) & _t43;
				if(E004056F2(_t47 - 0x84) == 0) {
					 *((intOrPtr*)(_t47 - 4)) = 1;
				} else {
					if(( *(_t47 - 0x80) & 0x00000040) != 0) {
						E0040641D(_t42,  *((intOrPtr*)(_t47 - 0x4c)));
						_push( *((intOrPtr*)(_t47 - 0x4c)));
						FindCloseChangeNotification(); // executed
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t47 - 4));
				return 0;
			}







                                                                                                                0x00401ec3
                                                                                                                0x00401ecb
                                                                                                                0x00401ecd
                                                                                                                0x00401edd
                                                                                                                0x00401edf
                                                                                                                0x00401ee6
                                                                                                                0x00401eee
                                                                                                                0x00401ef4
                                                                                                                0x00401efa
                                                                                                                0x00401f01
                                                                                                                0x00401f03
                                                                                                                0x00401f08
                                                                                                                0x00401f0f
                                                                                                                0x00401f11
                                                                                                                0x00401f1a
                                                                                                                0x00401f2b
                                                                                                                0x00402783
                                                                                                                0x00401f31
                                                                                                                0x00401f35
                                                                                                                0x00401f3e
                                                                                                                0x00401f43
                                                                                                                0x00401f8d
                                                                                                                0x00401f8d
                                                                                                                0x00401f35
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                  • Part of subcall function 004056F2: ShellExecuteExA.SHELL32(?,004044E5,?), ref: 00405701
                                                                                                                  • Part of subcall function 0040641D: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040642E
                                                                                                                  • Part of subcall function 0040641D: GetExitCodeProcess.KERNELBASE ref: 00406450
                                                                                                                • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401F8D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ChangeCloseCodeExecuteExitFindNotificationObjectProcessShellSingleWait
                                                                                                                • String ID: @$C:\Program Files\Wildix\WIService
                                                                                                                • API String ID: 4215836453-3745962701
                                                                                                                • Opcode ID: cf3c511861800785f352644d97d65b582d51a86a7b2ce5ffa791d17948a500f0
                                                                                                                • Instruction ID: 577b900a760e5ca89da3760b6b8950c99b83f280e087cd582299b2594771d0cd
                                                                                                                • Opcode Fuzzy Hash: cf3c511861800785f352644d97d65b582d51a86a7b2ce5ffa791d17948a500f0
                                                                                                                • Instruction Fuzzy Hash: 66113D71E042049ACB11EFB98A45A8DBFF4AF08314F64057BE450F72C2D7B88805DF18
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405EF7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E00405EF7(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x400;
				_t21 = E00405E96(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8); // executed
					_t21 = RegCloseKey(_a20); // executed
					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                                                0x00405f05
                                                                                                                0x00405f07
                                                                                                                0x00405f1f
                                                                                                                0x00405f24
                                                                                                                0x00405f29
                                                                                                                0x00405f66
                                                                                                                0x00405f66
                                                                                                                0x00405f2b
                                                                                                                0x00405f3d
                                                                                                                0x00405f48
                                                                                                                0x00405f4e
                                                                                                                0x00405f58
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405f58
                                                                                                                0x00405f6b

                                                                                                                APIs
                                                                                                                • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,00000400,Remove folder: ,?,?,?,?,00000002,Remove folder: ,?,0040613B,80000002), ref: 00405F3D
                                                                                                                • RegCloseKey.KERNELBASE(?,?,0040613B,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,?,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\), ref: 00405F48
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseQueryValue
                                                                                                                • String ID: Remove folder:
                                                                                                                • API String ID: 3356406503-1958208860
                                                                                                                • Opcode ID: 074503bd4819f587f33d8f4257f8029770edcc3592d90d126d241b317bef6944
                                                                                                                • Instruction ID: 2ff6a7a209fcbf00177f68e0cac6a7fed3d2e9df1b1dc864ec66af95abe17f1f
                                                                                                                • Opcode Fuzzy Hash: 074503bd4819f587f33d8f4257f8029770edcc3592d90d126d241b317bef6944
                                                                                                                • Instruction Fuzzy Hash: 63017C7250060AABDF228F61CD09FDB3FA8EF59364F04403AF955E2190D2B8DA54CFA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004056AF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004056AF(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x42c078->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x42c078,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                0x004056b8
                                                                                                                0x004056d8
                                                                                                                0x004056e0
                                                                                                                0x004056e5
                                                                                                                0x00000000
                                                                                                                0x004056eb
                                                                                                                0x004056ef

                                                                                                                APIs
                                                                                                                • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C078,Error launching installer), ref: 004056D8
                                                                                                                • CloseHandle.KERNEL32(?), ref: 004056E5
                                                                                                                Strings
                                                                                                                • Error launching installer, xrefs: 004056C2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                • String ID: Error launching installer
                                                                                                                • API String ID: 3712363035-66219284
                                                                                                                • Opcode ID: a2b9ecb8406674d5a7d1aded78611502900df459338db245270d40db8d5eaf79
                                                                                                                • Instruction ID: d682804100e664e073205113f6b11307167482a28e2818ee20dd6d85df95f7a7
                                                                                                                • Opcode Fuzzy Hash: a2b9ecb8406674d5a7d1aded78611502900df459338db245270d40db8d5eaf79
                                                                                                                • Instruction Fuzzy Hash: CFE046F0640209BFEB109FA0EE49F7F7AADEB00704F404521BD00F2190EA7498088A7C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403798 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00403798() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x429834; // 0x0
				_t3 = E0040377D(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8)); // executed
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x429834 =  *0x429834 & 0x00000000;
				return _t3;
			}







                                                                                                                0x00403799
                                                                                                                0x004037a1
                                                                                                                0x004037a8
                                                                                                                0x004037ab
                                                                                                                0x004037ab
                                                                                                                0x004037ad
                                                                                                                0x004037b2
                                                                                                                0x004037b9
                                                                                                                0x004037bf
                                                                                                                0x004037c3
                                                                                                                0x004037c4
                                                                                                                0x004037cc

                                                                                                                APIs
                                                                                                                • FreeLibrary.KERNELBASE(?,7476FA90,00000000,C:\Users\user\AppData\Local\Temp\,00403770,0040358A,?,?,00000006,00000008,0000000A), ref: 004037B2
                                                                                                                • GlobalFree.KERNEL32 ref: 004037B9
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00403798
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Free$GlobalLibrary
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                • API String ID: 1100898210-3081826266
                                                                                                                • Opcode ID: 248c780681ff10c09d9810c58c710ba8abcca500869ff380da07a7f320702544
                                                                                                                • Instruction ID: 06ba742c3ad1fb67bc09d12af4c86e1058789e05b1a36190638fabe2eea0851a
                                                                                                                • Opcode Fuzzy Hash: 248c780681ff10c09d9810c58c710ba8abcca500869ff380da07a7f320702544
                                                                                                                • Instruction Fuzzy Hash: EAE0C27352212097C7312F15EE04B1AB7A86F86F22F09403AE8407B2A087741C438BCC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401B63 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 59%
                                                                                                                			E00401B63(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x2c));
				_t30 =  *0x40b858; // 0x6bc610
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x404); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E00406032(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x34)));
						_t11 =  *0x40b858; // 0x6bc610
						 *_t34 = _t11;
						 *0x40b858 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x6bc614
							E00406010(_t33, _t2);
							_push(_t30);
							 *0x40b858 =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								E00406010(0x40a418, _t30 + 4);
								_t21 =  *0x40b858; // 0x6bc610
								E00406010(_t32, _t21 + 4);
								_t24 =  *0x40b858; // 0x6bc610
								_push(0x40a418);
								_push(_t24 + 4);
								E00406010();
								L15:
								 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E00406032(_t27, _t30, _t33, _t27, 0xffffffe8));
					E0040572C();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}













                                                                                                                0x00401b63
                                                                                                                0x00401b63
                                                                                                                0x00401b66
                                                                                                                0x00401b6e
                                                                                                                0x00401bb6
                                                                                                                0x00401be4
                                                                                                                0x00401bed
                                                                                                                0x00401bef
                                                                                                                0x00401bf3
                                                                                                                0x00401bf8
                                                                                                                0x00401bfd
                                                                                                                0x00401bff
                                                                                                                0x00401bb8
                                                                                                                0x00401bba
                                                                                                                0x00402783
                                                                                                                0x00401bc0
                                                                                                                0x00401bc0
                                                                                                                0x00401bc5
                                                                                                                0x00401bcc
                                                                                                                0x00401bcd
                                                                                                                0x00401bd2
                                                                                                                0x00401bd2
                                                                                                                0x00401bba
                                                                                                                0x00000000
                                                                                                                0x00401b70
                                                                                                                0x00401b70
                                                                                                                0x00401b70
                                                                                                                0x00401b73
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401b79
                                                                                                                0x00401b7d
                                                                                                                0x00000000
                                                                                                                0x00401b7f
                                                                                                                0x00401b81
                                                                                                                0x00000000
                                                                                                                0x00401b87
                                                                                                                0x00401b87
                                                                                                                0x00401b91
                                                                                                                0x00401b96
                                                                                                                0x00401ba0
                                                                                                                0x00401ba5
                                                                                                                0x00401baa
                                                                                                                0x00401bae
                                                                                                                0x004028d6
                                                                                                                0x004029b8
                                                                                                                0x004029bb
                                                                                                                0x004029c1
                                                                                                                0x004029c1
                                                                                                                0x00401b81
                                                                                                                0x00000000
                                                                                                                0x00401b7d
                                                                                                                0x0040233b
                                                                                                                0x00402348
                                                                                                                0x00402349
                                                                                                                0x0040234e
                                                                                                                0x0040234e
                                                                                                                0x004029c3
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • GlobalFree.KERNEL32 ref: 00401BD2
                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401BE4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$AllocFree
                                                                                                                • String ID: Call
                                                                                                                • API String ID: 3394109436-1824292864
                                                                                                                • Opcode ID: 6d7ff2a269b29df243dac5a31b31c390212993cd2cb387205d16563d3155f2c3
                                                                                                                • Instruction ID: d4b557a109d17d81ab43e8b3f8c0bc9708487bd5a7f62e569783b32eaae16c6e
                                                                                                                • Opcode Fuzzy Hash: 6d7ff2a269b29df243dac5a31b31c390212993cd2cb387205d16563d3155f2c3
                                                                                                                • Instruction Fuzzy Hash: 8D2193B2640140ABC710FFA8DA88A5E73ADEB44314B21843BF142F72D1D77899919B9D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040254C Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E0040254C(int* __ebx, intOrPtr __edx, char* __esi) {
				void* _t9;
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				void* _t22;
				char* _t24;
				void* _t26;
				void* _t29;

				_t24 = __esi;
				_t21 = __edx;
				_t16 = __ebx;
				_t9 = E00402B6C(_t29, 0x20019); // executed
				_t22 = _t9;
				_t10 = E00402B0A(3);
				 *((intOrPtr*)(_t26 - 0x10)) = _t21;
				 *__esi = __ebx;
				if(_t22 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x24)) == __ebx) {
						_t13 = RegEnumValueA(_t22, _t10, __esi, _t26 + 8, __ebx, __ebx, __ebx, __ebx); // executed
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyA(_t22, _t10, __esi, 0x3ff);
					}
					_t24[0x3ff] = _t16;
					_push(_t22); // executed
					RegCloseKey(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}












                                                                                                                0x0040254c
                                                                                                                0x0040254c
                                                                                                                0x0040254c
                                                                                                                0x00402551
                                                                                                                0x00402558
                                                                                                                0x0040255a
                                                                                                                0x00402562
                                                                                                                0x00402565
                                                                                                                0x00402567
                                                                                                                0x00402783
                                                                                                                0x0040256d
                                                                                                                0x00402575
                                                                                                                0x00402578
                                                                                                                0x00402591
                                                                                                                0x00402597
                                                                                                                0x00402599
                                                                                                                0x0040259b
                                                                                                                0x0040259b
                                                                                                                0x0040257a
                                                                                                                0x0040257e
                                                                                                                0x0040257e
                                                                                                                0x004025a2
                                                                                                                0x004025a8
                                                                                                                0x004025a9
                                                                                                                0x004025a9
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 0040257E
                                                                                                                • RegEnumValueA.KERNELBASE(00000000,00000000,?,?), ref: 00402591
                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nshC8B4.tmp,00000000,00000011,00000002), ref: 004025A9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Enum$CloseValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 397863658-0
                                                                                                                • Opcode ID: 37e738cec324d61a2f70768af6b191aeff6b55d76fe7f4a5df61323c4f48b18c
                                                                                                                • Instruction ID: 759f5540e81814690deb71b34766d19dbbd7be08400e999f0e3afb18397e9514
                                                                                                                • Opcode Fuzzy Hash: 37e738cec324d61a2f70768af6b191aeff6b55d76fe7f4a5df61323c4f48b18c
                                                                                                                • Instruction Fuzzy Hash: 7501BCB1A01205FFE7119F699E89ABF7ABCEB40344F10003EF442B62C0D6F84E049669
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405790 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 41%
                                                                                                                			E00405790(void* __eflags, CHAR* _a4, signed int _a8) {
				int _t9;
				long _t13;
				CHAR* _t14;

				_t14 = _a4;
				_t13 = E00405B84(_t14);
				if(_t13 == 0xffffffff) {
					L8:
					return 0;
				}
				_push(_t14);
				if((_a8 & 0x00000001) == 0) {
					_t9 = DeleteFileA(); // executed
				} else {
					_t9 = RemoveDirectoryA(); // executed
				}
				if(_t9 == 0) {
					if((_a8 & 0x00000004) == 0) {
						SetFileAttributesA(_t14, _t13);
					}
					goto L8;
				} else {
					return 1;
				}
			}






                                                                                                                0x00405791
                                                                                                                0x0040579c
                                                                                                                0x004057a1
                                                                                                                0x004057d1
                                                                                                                0x00000000
                                                                                                                0x004057d1
                                                                                                                0x004057a8
                                                                                                                0x004057a9
                                                                                                                0x004057b3
                                                                                                                0x004057ab
                                                                                                                0x004057ab
                                                                                                                0x004057ab
                                                                                                                0x004057bb
                                                                                                                0x004057c7
                                                                                                                0x004057cb
                                                                                                                0x004057cb
                                                                                                                0x00000000
                                                                                                                0x004057bd
                                                                                                                0x00000000
                                                                                                                0x004057bf

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405B84: GetFileAttributesA.KERNELBASE(?,?,0040579C,?,?,00000000,0040597F,?,?,?,?), ref: 00405B89
                                                                                                                  • Part of subcall function 00405B84: SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405B9D
                                                                                                                • RemoveDirectoryA.KERNELBASE(?,?,?,00000000,0040597F), ref: 004057AB
                                                                                                                • DeleteFileA.KERNELBASE(?,?,?,00000000,0040597F), ref: 004057B3
                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 004057CB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                • String ID:
                                                                                                                • API String ID: 1655745494-0
                                                                                                                • Opcode ID: 1b58439dbc4d5c75e8d4a1b60800a1a05f091bf10d9841f58e7402e1275724a5
                                                                                                                • Instruction ID: 506f0000beea922c53fa0ef56bc3bb9d2703a559d1119bf8978eeb103538cabb
                                                                                                                • Opcode Fuzzy Hash: 1b58439dbc4d5c75e8d4a1b60800a1a05f091bf10d9841f58e7402e1275724a5
                                                                                                                • Instruction Fuzzy Hash: 6CE0E531115AA197D61057308E0CB5B3AA8DF86328F19093BF992B31D0C7784446DA7E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040641D Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040641D(void* __ecx, void* _a4) {
				long _v8;
				long _t6;

				_t6 = WaitForSingleObject(_a4, 0x64);
				while(_t6 == 0x102) {
					E004063E4(0xf);
					_t6 = WaitForSingleObject(_a4, 0x64);
				}
				GetExitCodeProcess(_a4,  &_v8); // executed
				return _v8;
			}





                                                                                                                0x0040642e
                                                                                                                0x00406445
                                                                                                                0x00406439
                                                                                                                0x00406443
                                                                                                                0x00406443
                                                                                                                0x00406450
                                                                                                                0x0040645c

                                                                                                                APIs
                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064), ref: 0040642E
                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406443
                                                                                                                • GetExitCodeProcess.KERNELBASE ref: 00406450
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ObjectSingleWait$CodeExitProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 2567322000-0
                                                                                                                • Opcode ID: ba1f5f7b1c079a3fea216180ff6ccd943cd28908d0f0f38788cddc90b9a261d1
                                                                                                                • Instruction ID: 6f56b437189419413ec573bccc3706163814273e018c7f0254a54b1a0f200d97
                                                                                                                • Opcode Fuzzy Hash: ba1f5f7b1c079a3fea216180ff6ccd943cd28908d0f0f38788cddc90b9a261d1
                                                                                                                • Instruction Fuzzy Hash: 20E09271600118BBDB009B44CD06E9E7B6EDB44704F118037BA01B6191D7B59E21AAA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404077 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00404077(int _a4) {
				long _t3;

				if(_a4 == 0x78) {
					 *0x42ebcc =  *0x42ebcc + 1;
				}
				_t3 = SendMessageA( *0x42f408, 0x408, _a4, 0); // executed
				return _t3;
			}




                                                                                                                0x0040407c
                                                                                                                0x0040407e
                                                                                                                0x0040407e
                                                                                                                0x00404095
                                                                                                                0x0040409b

                                                                                                                APIs
                                                                                                                • SendMessageA.USER32(00000408,?,00000000,00403CD8), ref: 00404095
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID: x
                                                                                                                • API String ID: 3850602802-2363233923
                                                                                                                • Opcode ID: d0add7324732fce91589cd8bfabcb93b1107eecee7d8e80373a82594021fe62f
                                                                                                                • Instruction ID: 6e6e0ac04f30e7c890d5ef3c8d8e3b01949096d6229b6743b87dfda34c58e9b9
                                                                                                                • Opcode Fuzzy Hash: d0add7324732fce91589cd8bfabcb93b1107eecee7d8e80373a82594021fe62f
                                                                                                                • Instruction Fuzzy Hash: BBC012B1244202AADB209B01DF04F167A30BBA0702F60803DF791210B186701422DF1C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004024DA Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E004024DA(int* __ebx, char* __esi) {
				void* _t17;
				char* _t18;
				long _t21;
				void* _t33;
				void* _t37;
				void* _t40;

				_t35 = __esi;
				_t27 = __ebx;
				_t17 = E00402B6C(_t40, 0x20019); // executed
				_t33 = _t17;
				_t18 = E00402B2C(0x33);
				 *__esi = __ebx;
				if(_t33 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x10) = 0x400;
					_t21 = RegQueryValueExA(_t33, _t18, __ebx, _t37 + 8, __esi, _t37 - 0x10); // executed
					if(_t21 != 0) {
						L7:
						 *_t35 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x24) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x24) == __ebx;
							E00405F6E(__esi,  *__esi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x24);
								_t35[0x3ff] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t33); // executed
					RegCloseKey(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *(_t37 - 4);
				return 0;
			}









                                                                                                                0x004024da
                                                                                                                0x004024da
                                                                                                                0x004024df
                                                                                                                0x004024e6
                                                                                                                0x004024e8
                                                                                                                0x004024ef
                                                                                                                0x004024f1
                                                                                                                0x00402783
                                                                                                                0x004024f7
                                                                                                                0x004024fa
                                                                                                                0x0040250a
                                                                                                                0x00402515
                                                                                                                0x00402545
                                                                                                                0x00402545
                                                                                                                0x00402547
                                                                                                                0x00402517
                                                                                                                0x0040251b
                                                                                                                0x00402534
                                                                                                                0x0040253b
                                                                                                                0x0040253e
                                                                                                                0x0040251d
                                                                                                                0x00402520
                                                                                                                0x0040252b
                                                                                                                0x004025a2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402520
                                                                                                                0x0040251b
                                                                                                                0x004025a8
                                                                                                                0x004025a9
                                                                                                                0x004025a9
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • RegQueryValueExA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040250A
                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nshC8B4.tmp,00000000,00000011,00000002), ref: 004025A9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseQueryValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3356406503-0
                                                                                                                • Opcode ID: a37d31d288198b64adb47b8aa86d19c7af9168ca8919097579984168ba4b2254
                                                                                                                • Instruction ID: 8c7c89e59df7b4709da067e0fd7ec9be99446db0afc11a297a964fac99c2b4a6
                                                                                                                • Opcode Fuzzy Hash: a37d31d288198b64adb47b8aa86d19c7af9168ca8919097579984168ba4b2254
                                                                                                                • Instruction Fuzzy Hash: E5116A71901205EEDB11CF64CA599AEBAB4AB19348F60447FE042B62C0D6B88A45DB6D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 59%
                                                                                                                			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42f450;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42ebec =  *0x42ebec + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42ebec, 0x7530,  *0x42ebd4), 0); // executed
					}
				}
				return 0;
			}











                                                                                                                0x0040138a
                                                                                                                0x004013fa
                                                                                                                0x0040139b
                                                                                                                0x004013a0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004013a2
                                                                                                                0x004013a3
                                                                                                                0x004013ad
                                                                                                                0x00000000
                                                                                                                0x00401404
                                                                                                                0x004013b0
                                                                                                                0x004013b7
                                                                                                                0x004013bd
                                                                                                                0x004013be
                                                                                                                0x004013c0
                                                                                                                0x004013c2
                                                                                                                0x004013b9
                                                                                                                0x004013b9
                                                                                                                0x004013ba
                                                                                                                0x004013ba
                                                                                                                0x004013c9
                                                                                                                0x004013cb
                                                                                                                0x004013f4
                                                                                                                0x004013f4
                                                                                                                0x004013c9
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: 3ffebd5fca59fb87aab51f7597ede924ce92eaed1a0ec0a619fe9c5b1ad01a7d
                                                                                                                • Instruction ID: 5ed4d9c38c73c282456bb639181f16eab54b9a7fb1a82fe129ff52a3f74c88ba
                                                                                                                • Opcode Fuzzy Hash: 3ffebd5fca59fb87aab51f7597ede924ce92eaed1a0ec0a619fe9c5b1ad01a7d
                                                                                                                • Instruction Fuzzy Hash: B101F4317242109BE7199B399D04B6A3698E710719F54823FF852F61F1D678EC028B4C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004023E8 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004023E8(void* __ebx, void* __edx) {
				long _t6;
				void* _t9;
				long _t11;
				void* _t13;
				long _t18;
				void* _t20;
				void* _t22;
				void* _t23;

				_t13 = __ebx;
				_t26 =  *(_t23 - 0x24) - __ebx;
				_t20 = __edx;
				if( *(_t23 - 0x24) != __ebx) {
					_t6 = E00402BEA(_t20, E00402B2C(0x22),  *(_t23 - 0x24) >> 1); // executed
					_t18 = _t6;
					goto L4;
				} else {
					_t9 = E00402B6C(_t26, 2); // executed
					_t22 = _t9;
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t11 = RegDeleteValueA(_t22, E00402B2C(0x33)); // executed
						_t18 = _t11; // executed
						RegCloseKey(_t22); // executed
						L4:
						if(_t18 != _t13) {
							goto L6;
						}
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}











                                                                                                                0x004023e8
                                                                                                                0x004023e8
                                                                                                                0x004023eb
                                                                                                                0x004023ed
                                                                                                                0x00402429
                                                                                                                0x0040242e
                                                                                                                0x00000000
                                                                                                                0x004023ef
                                                                                                                0x004023f1
                                                                                                                0x004023f6
                                                                                                                0x004023fa
                                                                                                                0x00402783
                                                                                                                0x00402783
                                                                                                                0x00402400
                                                                                                                0x00402409
                                                                                                                0x00402410
                                                                                                                0x00402412
                                                                                                                0x00402430
                                                                                                                0x00402432
                                                                                                                0x00000000
                                                                                                                0x00402438
                                                                                                                0x00402432
                                                                                                                0x004023fa
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • RegDeleteValueA.KERNELBASE(00000000,00000000,00000033), ref: 00402409
                                                                                                                • RegCloseKey.KERNELBASE(00000000), ref: 00402412
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseDeleteValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 2831762973-0
                                                                                                                • Opcode ID: e7d8a32b6411c19df594e44ef8f442ab4c5114c567b1e7e96baca4bbbe39ce49
                                                                                                                • Instruction ID: 992cd2d97de9e3103286cc81bf95427654d5587fd7cb6228862516595ad29640
                                                                                                                • Opcode Fuzzy Hash: e7d8a32b6411c19df594e44ef8f442ab4c5114c567b1e7e96baca4bbbe39ce49
                                                                                                                • Instruction Fuzzy Hash: 17F0BB32A00120ABD701AFB89B4DBAE72B9DB54314F15017FF502B72C1D5F85E01876D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405209 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 50%
                                                                                                                			E00405209(signed int __eax) {
				intOrPtr _v0;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t12;

				_t11 =  *0x42f448;
				_t10 =  *0x42f44c;
				__imp__OleInitialize(0);
				 *0x42f4d8 =  *0x42f4d8 | __eax;
				E004040EA(0);
				if(_t10 != 0) {
					_t12 = _t11 + 0xc;
					while(1) {
						_t10 = _t10 - 1;
						if(( *(_t12 - 4) & 0x00000001) != 0 && E00401389( *_t12, _v0) != 0) {
							break;
						}
						_t12 = _t12 + 0x418;
						if(_t10 != 0) {
							continue;
						} else {
						}
						goto L7;
					}
					 *0x42f4ac =  *0x42f4ac + 1;
				}
				L7:
				E004040EA(0x404); // executed
				__imp__OleUninitialize(); // executed
				return  *0x42f4ac;
			}







                                                                                                                0x0040520a
                                                                                                                0x00405211
                                                                                                                0x00405219
                                                                                                                0x0040521f
                                                                                                                0x00405227
                                                                                                                0x0040522e
                                                                                                                0x00405230
                                                                                                                0x00405233
                                                                                                                0x00405233
                                                                                                                0x00405238
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405249
                                                                                                                0x00405251
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405253
                                                                                                                0x00000000
                                                                                                                0x00405251
                                                                                                                0x00405255
                                                                                                                0x00405255
                                                                                                                0x0040525b
                                                                                                                0x00405260
                                                                                                                0x00405265
                                                                                                                0x00405272

                                                                                                                APIs
                                                                                                                • OleInitialize.OLE32(00000000), ref: 00405219
                                                                                                                  • Part of subcall function 004040EA: SendMessageA.USER32(00020506,00000000,00000000,00000000), ref: 004040FC
                                                                                                                • OleUninitialize.OLE32(00000404,00000000), ref: 00405265
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeMessageSendUninitialize
                                                                                                                • String ID:
                                                                                                                • API String ID: 2896919175-0
                                                                                                                • Opcode ID: ff5a6a7b65a814117e5c60406d4b68c11f41b4a06df9feb66e55404f69fd7fd5
                                                                                                                • Instruction ID: 9a3391529ab878983223843ca161e5b6bea3d4eac8d78fefe4e57b08d02bc963
                                                                                                                • Opcode Fuzzy Hash: ff5a6a7b65a814117e5c60406d4b68c11f41b4a06df9feb66e55404f69fd7fd5
                                                                                                                • Instruction Fuzzy Hash: 7CF02E76600A009BE7607B419D00B2773B0EFE4304F89407EEF84B32E0C6B4480A8E2D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401E8F Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 00401EAD
                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 00401EB8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$EnableShow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1136574915-0
                                                                                                                • Opcode ID: 60579c61b8fc3e92e0b20083f3f7482ea71f5cfdf734f7dc30cff7867d3a32c3
                                                                                                                • Instruction ID: 7fbf7b0d0ba3701f7dde453fb78fdd8a50fc9e37effb985a404cedd6fc5a31c1
                                                                                                                • Opcode Fuzzy Hash: 60579c61b8fc3e92e0b20083f3f7482ea71f5cfdf734f7dc30cff7867d3a32c3
                                                                                                                • Instruction Fuzzy Hash: 72E09272A04210DFD705DFA8AA849AE73B4FB40325F10093BE102F11C1C7B44840866C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004063A8 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004063A8(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a240);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a240));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a244));
				}
				_t5 = E0040633A(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                                                0x004063b0
                                                                                                                0x004063b3
                                                                                                                0x004063ba
                                                                                                                0x004063c2
                                                                                                                0x004063ce
                                                                                                                0x00000000
                                                                                                                0x004063d5
                                                                                                                0x004063c5
                                                                                                                0x004063cc
                                                                                                                0x00000000
                                                                                                                0x004063dd
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(?,?,?,004032DE,0000000A), ref: 004063BA
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 004063D5
                                                                                                                  • Part of subcall function 0040633A: GetSystemDirectoryA.KERNEL32 ref: 00406351
                                                                                                                  • Part of subcall function 0040633A: wsprintfA.USER32 ref: 0040638A
                                                                                                                  • Part of subcall function 0040633A: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040639E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 2547128583-0
                                                                                                                • Opcode ID: dd9300423111a071ed2c714751f7876f95e5d132df45129638b184150075da19
                                                                                                                • Instruction ID: 650a49b09a3c495eabc0f371936d9c907298e200c4f2363c251d84495e191d7a
                                                                                                                • Opcode Fuzzy Hash: dd9300423111a071ed2c714751f7876f95e5d132df45129638b184150075da19
                                                                                                                • Instruction Fuzzy Hash: B4E08C32604220ABD2106A74AE0493B72A89E94710302083EF947F2240DB389C3697AD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405BA9 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E00405BA9(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                0x00405bad
                                                                                                                0x00405bba
                                                                                                                0x00405bcf
                                                                                                                0x00405bd5

                                                                                                                APIs
                                                                                                                • GetFileAttributesA.KERNELBASE(00000003,00402E04,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405BAD
                                                                                                                • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BCF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$AttributesCreate
                                                                                                                • String ID:
                                                                                                                • API String ID: 415043291-0
                                                                                                                • Opcode ID: 80243517f436f95d2d00e5b5224d95f101b34955670c918b0becce4e09b30ec3
                                                                                                                • Instruction ID: 6905ba7dec075751c4c8bdaf1e97cd52a4ed4154a0977e2bcfee25d1bc4df630
                                                                                                                • Opcode Fuzzy Hash: 80243517f436f95d2d00e5b5224d95f101b34955670c918b0becce4e09b30ec3
                                                                                                                • Instruction Fuzzy Hash: F5D09E31254201EFEF098F20DE16F2EBBA2EB94B00F11952CB682944E1DA715819AB19
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405B84 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405B84(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





                                                                                                                0x00405b89
                                                                                                                0x00405b8f
                                                                                                                0x00405b94
                                                                                                                0x00405b9d
                                                                                                                0x00405b9d
                                                                                                                0x00405ba6

                                                                                                                APIs
                                                                                                                • GetFileAttributesA.KERNELBASE(?,?,0040579C,?,?,00000000,0040597F,?,?,?,?), ref: 00405B89
                                                                                                                • SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405B9D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 3188754299-0
                                                                                                                • Opcode ID: a53a5738952024e77fe51bdf82e6835a24f68a8863f167a8e3b3ad13dd9f075c
                                                                                                                • Instruction ID: 89bb1c08115ccb47c9876ad1094a3663263f91dea81084495bed50ebcc9a35d2
                                                                                                                • Opcode Fuzzy Hash: a53a5738952024e77fe51bdf82e6835a24f68a8863f167a8e3b3ad13dd9f075c
                                                                                                                • Instruction Fuzzy Hash: B7D0C972504421ABD2102728AE0889BBBA5DB542717028A36F9A5A22B1DB304C569A99
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403753 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00403753() {
				void* _t1;
				void* _t3;
				signed int _t6;

				_t1 =  *0x40a018; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
					_t6 =  *0x40a018;
				}
				E00403798();
				_t3 = E004057D8(_t6, "C:\\Users\\jones\\AppData\\Local\\Temp\\nshC8B4.tmp\\", 7); // executed
				return _t3;
			}






                                                                                                                0x00403753
                                                                                                                0x0040375b
                                                                                                                0x0040375e
                                                                                                                0x00403764
                                                                                                                0x00403764
                                                                                                                0x00403764
                                                                                                                0x0040376b
                                                                                                                0x00403777
                                                                                                                0x0040377c

                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,0040358A,?,?,00000006,00000008,0000000A), ref: 0040375E
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\, xrefs: 00403772
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\
                                                                                                                • API String ID: 2962429428-3589958043
                                                                                                                • Opcode ID: 4bfc4a86c4512e3107b8fb86be471d5238cf24995b86bfa467bc0e008276a2a3
                                                                                                                • Instruction ID: fc3c4bd29221364ca44687d693abbcbbd121fb750d4ff3e3919dc32638d5829b
                                                                                                                • Opcode Fuzzy Hash: 4bfc4a86c4512e3107b8fb86be471d5238cf24995b86bfa467bc0e008276a2a3
                                                                                                                • Instruction Fuzzy Hash: F6C012B0540700B6C5647F799E8F9053A545B41736F608726B0B8F20F1C73C4659556F
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040567A Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040567A(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                                                0x00405680
                                                                                                                0x00405688
                                                                                                                0x00000000
                                                                                                                0x0040568e
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • CreateDirectoryA.KERNELBASE(?,00000000,0040325E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 00405680
                                                                                                                • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 0040568E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateDirectoryErrorLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 1375471231-0
                                                                                                                • Opcode ID: f012ed4f2e447eb03a7c1a9074efbf4aa4d4dcf66ab1e3e2b7403bfb804529af
                                                                                                                • Instruction ID: cb450b3a329ff4c2b820c3640ee2c86a22e1ba63869c3c930ac7c2b00640337e
                                                                                                                • Opcode Fuzzy Hash: f012ed4f2e447eb03a7c1a9074efbf4aa4d4dcf66ab1e3e2b7403bfb804529af
                                                                                                                • Instruction Fuzzy Hash: B3C04C302145029EDA515B319E08B1B7A59AB90781F528839654AE81B0DE768455DD2E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401F48 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 78%
                                                                                                                			E00401F48(void* __ecx) {
				void* _t8;
				void* _t12;
				void* _t14;
				void* _t16;
				void* _t17;
				void* _t20;
				void* _t22;

				_t16 = __ecx;
				_t19 = E00402B2C(_t14);
				E00405137(0xffffffeb, _t6); // executed
				_t8 = E004056AF(_t19); // executed
				_t20 = _t8;
				if(_t20 == _t14) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x2c)) != _t14) {
						_t12 = E0040641D(_t16, _t20); // executed
						if( *((intOrPtr*)(_t22 - 0x30)) < _t14) {
							if(_t12 != _t14) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E00405F6E(_t17, _t12);
						}
					}
					_push(_t20); // executed
					FindCloseChangeNotification(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}










                                                                                                                0x00401f48
                                                                                                                0x00401f4e
                                                                                                                0x00401f53
                                                                                                                0x00401f59
                                                                                                                0x00401f5e
                                                                                                                0x00401f62
                                                                                                                0x00402783
                                                                                                                0x00401f68
                                                                                                                0x00401f6b
                                                                                                                0x00401f6e
                                                                                                                0x00401f76
                                                                                                                0x00401f83
                                                                                                                0x00401f85
                                                                                                                0x00401f85
                                                                                                                0x00401f78
                                                                                                                0x00401f7a
                                                                                                                0x00401f7a
                                                                                                                0x00401f76
                                                                                                                0x00401f8c
                                                                                                                0x00401f8d
                                                                                                                0x00401f8d
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405137: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00000000,00423A28,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                                                                  • Part of subcall function 00405137: lstrlenA.KERNEL32(00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00000000,00423A28,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                                                                  • Part of subcall function 00405137: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00403156,00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,00000000,00423A28,7476EA30), ref: 00405193
                                                                                                                  • Part of subcall function 00405137: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nshC8B4.tmp\), ref: 004051A5
                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004051CB
                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004051E5
                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32(?,00001013,?,00000000), ref: 004051F3
                                                                                                                  • Part of subcall function 004056AF: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C078,Error launching installer), ref: 004056D8
                                                                                                                  • Part of subcall function 004056AF: CloseHandle.KERNEL32(?), ref: 004056E5
                                                                                                                • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401F8D
                                                                                                                  • Part of subcall function 0040641D: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040642E
                                                                                                                  • Part of subcall function 0040641D: GetExitCodeProcess.KERNELBASE ref: 00406450
                                                                                                                  • Part of subcall function 00405F6E: wsprintfA.USER32 ref: 00405F7B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 1543427666-0
                                                                                                                • Opcode ID: f8363799d4078e813ba25254c12b07cb01106bdfe0a7eb29a0760d46d4749358
                                                                                                                • Instruction ID: 496c5526ea8919913ac139df2c9003272b56504e991eb5cf70cacdc6c7c0cc95
                                                                                                                • Opcode Fuzzy Hash: f8363799d4078e813ba25254c12b07cb01106bdfe0a7eb29a0760d46d4749358
                                                                                                                • Instruction Fuzzy Hash: B2F09072A04121ABCB21BBA59A849EF72A8DF41314F51017BE901B72D1C37C0A428ABE
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004026EF Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 40%
                                                                                                                			E004026EF(intOrPtr __edx, void* __eflags) {
				long _t7;
				long _t9;
				LONG* _t11;
				void* _t13;
				intOrPtr _t14;
				void* _t17;
				void* _t19;

				_t14 = __edx;
				_push(ds);
				if(__eflags != 0) {
					_t7 = E00402B0A(2);
					_pop(_t13);
					 *((intOrPtr*)(_t19 - 0x10)) = _t14;
					_t9 = SetFilePointer(E00405F87(_t13, _t17), _t7, _t11,  *(_t19 - 0x28)); // executed
					if( *((intOrPtr*)(_t19 - 0x30)) >= _t11) {
						_push(_t9);
						E00405F6E();
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}










                                                                                                                0x004026ef
                                                                                                                0x004026ef
                                                                                                                0x004026f0
                                                                                                                0x004026f8
                                                                                                                0x004026fd
                                                                                                                0x004026fe
                                                                                                                0x0040270d
                                                                                                                0x00402716
                                                                                                                0x0040295e
                                                                                                                0x00402960
                                                                                                                0x00402960
                                                                                                                0x00402716
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 0040270D
                                                                                                                  • Part of subcall function 00405F6E: wsprintfA.USER32 ref: 00405F7B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FilePointerwsprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 327478801-0
                                                                                                                • Opcode ID: e2356404ccad4a8935ddbf8fc280853e41599541898f6f199fb76157ee16f907
                                                                                                                • Instruction ID: 342abdd748c97434aad0a636f6a3342ea7e6d44647dfd0d52b4034c74de68662
                                                                                                                • Opcode Fuzzy Hash: e2356404ccad4a8935ddbf8fc280853e41599541898f6f199fb76157ee16f907
                                                                                                                • Instruction Fuzzy Hash: 32E06DB2700215ABD702ABA4AE89DBF776CEB44314F10043BF200F10C0C6B948428A69
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040273B Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 41%
                                                                                                                			E0040273B(char __ebx, void* __ecx, char* __esi, void* __eflags) {
				void* _t5;
				int _t8;
				char _t11;
				void* _t15;
				void* _t19;

				_t17 = __esi;
				_t11 = __ebx;
				_t5 = E00405F87(__ecx, _t15);
				if(_t5 == __ebx) {
					L2:
					 *((intOrPtr*)(_t19 - 4)) = 1;
					 *_t17 = _t11;
				} else {
					_t8 = FindNextFileA(_t5, _t19 - 0x1c8); // executed
					if(_t8 != 0) {
						_push(_t19 - 0x19c);
						_push(__esi);
						E00406010();
					} else {
						goto L2;
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}








                                                                                                                0x0040273b
                                                                                                                0x0040273b
                                                                                                                0x0040273c
                                                                                                                0x00402743
                                                                                                                0x00402757
                                                                                                                0x00402757
                                                                                                                0x0040275e
                                                                                                                0x00402745
                                                                                                                0x0040274d
                                                                                                                0x00402755
                                                                                                                0x0040279c
                                                                                                                0x0040279d
                                                                                                                0x004028d6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402755
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • FindNextFileA.KERNELBASE(00000000,?), ref: 0040274D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileFindNext
                                                                                                                • String ID:
                                                                                                                • API String ID: 2029273394-0
                                                                                                                • Opcode ID: 6c16fb3265d5434a67bbc3a754364c03fa3765a95b5e2a99f6dd1015abf345d3
                                                                                                                • Instruction ID: d4e75fc674a14897d4eb9114d760336efd11fbe9bbc54defada1aced3dc9a7b2
                                                                                                                • Opcode Fuzzy Hash: 6c16fb3265d5434a67bbc3a754364c03fa3765a95b5e2a99f6dd1015abf345d3
                                                                                                                • Instruction Fuzzy Hash: E7E06D726001159BD711EBA49A88AAEB3ACEB15314F60447BD142F31C0E6B999869B29
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405EC4 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405EC4(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00405E1B(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExA(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                                                0x00405ece
                                                                                                                0x00405ed7
                                                                                                                0x00405eed
                                                                                                                0x00000000
                                                                                                                0x00405eed
                                                                                                                0x00405edb
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • RegCreateKeyExA.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402BDD,00000000,?,?), ref: 00405EED
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Create
                                                                                                                • String ID:
                                                                                                                • API String ID: 2289755597-0
                                                                                                                • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                • Instruction ID: 1d4fb08659ff36ace7b23f5759770be8a1f2413d8495cc917bdfefdc51ec9cff
                                                                                                                • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                • Instruction Fuzzy Hash: 64E0E67201050DBEDF195F50DD0AD7B371DE704304F10492EFA45D5150E6B5AA716B78
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405C50 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405C50(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                0x00405c54
                                                                                                                0x00405c64
                                                                                                                0x00405c6c
                                                                                                                0x00000000
                                                                                                                0x00405c73
                                                                                                                0x00000000
                                                                                                                0x00405c75

                                                                                                                APIs
                                                                                                                • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004031D6,00000000,0041D428,000000FF,0041D428,000000FF,000000FF,00000004,00000000), ref: 00405C64
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 3934441357-0
                                                                                                                • Opcode ID: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
                                                                                                                • Instruction ID: df976955bb7b77361248817f919be03bb6bd2f6f3b4dc1c0c3d16748aaf5f5c5
                                                                                                                • Opcode Fuzzy Hash: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
                                                                                                                • Instruction Fuzzy Hash: 65E0EC3221476EABEF509F559D04EEB7B6CEB06360F004436FE25E2550D631E9219BA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405C21 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405C21(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                0x00405c25
                                                                                                                0x00405c35
                                                                                                                0x00405c3d
                                                                                                                0x00000000
                                                                                                                0x00405c44
                                                                                                                0x00000000
                                                                                                                0x00405c46

                                                                                                                APIs
                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403220,00000000,00000000,0040304A,000000FF,00000004,00000000,00000000,00000000), ref: 00405C35
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 2738559852-0
                                                                                                                • Opcode ID: c828ac78080eafadef002e80ceae40fa9d69551b6ff84e56452d6cc727993955
                                                                                                                • Instruction ID: 6d14d449f293f6f00ca5a49b865ea561f53b7d8d8b79739f6419f9b8fb6d3ad5
                                                                                                                • Opcode Fuzzy Hash: c828ac78080eafadef002e80ceae40fa9d69551b6ff84e56452d6cc727993955
                                                                                                                • Instruction Fuzzy Hash: 9EE0EC3221476AABEF109E559C00EEB7B6CEB05361F008836F915E3150D631E8219FA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405E96 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405E96(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00405E1B(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExA(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                                                0x00405ea0
                                                                                                                0x00405ea7
                                                                                                                0x00405eba
                                                                                                                0x00000000
                                                                                                                0x00405eba
                                                                                                                0x00405eab
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,?,?,?,?,?,00405F24,?,?,?,?,00000002,Remove folder: ), ref: 00405EBA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Open
                                                                                                                • String ID:
                                                                                                                • API String ID: 71445658-0
                                                                                                                • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                • Instruction ID: 4562f56e26d1b405a4b2aa3aa7a0366252bc09d65f2ff82b9814b1ce5e7315b9
                                                                                                                • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                • Instruction Fuzzy Hash: 19D0EC3200020DBADF115F90DD05FAB3B2EEB04310F004426FA45A50A0D775D630AA58
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040409E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040409E(intOrPtr _a12) {
				intOrPtr _v0;
				struct HWND__* _v4;
				int _t7;
				void* _t8;
				void* _t9;
				void* _t10;

				_t7 = SetDlgItemTextA(_v4, _v0 + 0x3e8, E00406032(_t8, _t9, _t10, 0, _a12)); // executed
				return _t7;
			}









                                                                                                                0x004040b8
                                                                                                                0x004040bd

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ItemText
                                                                                                                • String ID:
                                                                                                                • API String ID: 3367045223-0
                                                                                                                • Opcode ID: 3342009c4bcc52ea6558533371d894f69e84579cd7c87dcd0a7fc8e4b7aae4f8
                                                                                                                • Instruction ID: 6a473d6abd2afb14868c07d698b52ed5b96812309ea8467a529f180f5ae5c3ae
                                                                                                                • Opcode Fuzzy Hash: 3342009c4bcc52ea6558533371d894f69e84579cd7c87dcd0a7fc8e4b7aae4f8
                                                                                                                • Instruction Fuzzy Hash: 7BC04C75188300FFD641E769CC42F1FB7DDEFA4716F40C52EB15CA11D1C63589209A26
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004040EA Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004040EA(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x42ebd8; // 0x20506
				if(_t2 != 0) {
					_t3 = SendMessageA(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                                                                0x004040ea
                                                                                                                0x004040f1
                                                                                                                0x004040fc
                                                                                                                0x00000000
                                                                                                                0x004040fc
                                                                                                                0x00404102

                                                                                                                APIs
                                                                                                                • SendMessageA.USER32(00020506,00000000,00000000,00000000), ref: 004040FC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: 72d0fdd0e21cb56c477cf419d385c95605940825065c69d2cee1e8d6d2b2924a
                                                                                                                • Instruction ID: 7943fe6562f209d381c89a283f4c80e3b99f892abcbfa0530db3e7c971cb473d
                                                                                                                • Opcode Fuzzy Hash: 72d0fdd0e21cb56c477cf419d385c95605940825065c69d2cee1e8d6d2b2924a
                                                                                                                • Instruction Fuzzy Hash: D1C04C717406006AEA20CB519D4DF0677556750B01F5484797351E50D0C674E850DA1C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403223 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00403223(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                0x00403231
                                                                                                                0x00403237

                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402F89,?), ref: 00403231
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FilePointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 973152223-0
                                                                                                                • Opcode ID: af556f1437a27586b8d302be8c6d190c2fb2fb51029204f11d8d070fc2108142
                                                                                                                • Instruction ID: 81fdcbbc46e9ac73494c3809a02cbb86869920566b24394b282a4516d046c7b0
                                                                                                                • Opcode Fuzzy Hash: af556f1437a27586b8d302be8c6d190c2fb2fb51029204f11d8d070fc2108142
                                                                                                                • Instruction Fuzzy Hash: 32B01231140300BFDA214F00DF09F057B21AB90700F10C034B384780F086711075EB0D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004040D3 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004040D3(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x42f408, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                                                0x004040e1
                                                                                                                0x004040e7

                                                                                                                APIs
                                                                                                                • SendMessageA.USER32(00000028,?,00000001,00403F03), ref: 004040E1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: 2bf10b83fa6dd9bc40a18547b02fbce2a65827e50004d0a7ab2884d4d9fdcea2
                                                                                                                • Instruction ID: 0adc9c0e194aa77c868d6ef978719a9753de7db756a7c543b14a3307e76eee0a
                                                                                                                • Opcode Fuzzy Hash: 2bf10b83fa6dd9bc40a18547b02fbce2a65827e50004d0a7ab2884d4d9fdcea2
                                                                                                                • Instruction Fuzzy Hash: B2B09235280A00AAEA215B00DE09F467A62A764701F408038B240250B1CAB200A6DB18
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004040C0 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004040C0(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x42a86c, _a4); // executed
				return _t2;
			}




                                                                                                                0x004040ca
                                                                                                                0x004040d0

                                                                                                                APIs
                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00403E9C), ref: 004040CA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 2492992576-0
                                                                                                                • Opcode ID: a5e593389213340eb0093cabe197c3c64578a6f34cb7028dbabfa569c0510a2c
                                                                                                                • Instruction ID: d750239a91494785f156a03a2b8d5ac9aaa4eec5ddabb582aaccf4f48b9497e5
                                                                                                                • Opcode Fuzzy Hash: a5e593389213340eb0093cabe197c3c64578a6f34cb7028dbabfa569c0510a2c
                                                                                                                • Instruction Fuzzy Hash: C9A012710000009BCB015B00EF04C057F61AB507007018434A2404003186310432FF1D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004014D6(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402B0A(_t7);
				 *((intOrPtr*)(_t13 - 0x10)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                                                                                0x004014d6
                                                                                                                0x004014d7
                                                                                                                0x004014e0
                                                                                                                0x004014e3
                                                                                                                0x004014e7
                                                                                                                0x004014e7
                                                                                                                0x004014e9
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • Sleep.KERNELBASE(00000000), ref: 004014E9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Sleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 3472027048-0
                                                                                                                • Opcode ID: 304e40c09ca84ea39dbdbc89486c3f13133389b82dc946018d0dbde829e4e3d0
                                                                                                                • Instruction ID: bd841e02301729f6c733b5dcab67e03884b535d4bcf0bc385101bf129f75e5b0
                                                                                                                • Opcode Fuzzy Hash: 304e40c09ca84ea39dbdbc89486c3f13133389b82dc946018d0dbde829e4e3d0
                                                                                                                • Instruction Fuzzy Hash: A6D05E73B10201CBD710EBB8AE8485F73B8E7503257604837D542F2191E6B8C9428668
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004059D3 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004059D3(CHAR* _a4, intOrPtr _a8) {
				CHAR* _t3;
				char _t4;

				_t3 = _a4;
				while(1) {
					_t4 =  *_t3;
					if(_t4 == 0) {
						break;
					}
					if(_t4 != _a8) {
						_t3 = CharNextA(_t3); // executed
						continue;
					}
					break;
				}
				return _t3;
			}





                                                                                                                0x004059d3
                                                                                                                0x004059e6
                                                                                                                0x004059e6
                                                                                                                0x004059ea
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004059dd
                                                                                                                0x004059e0
                                                                                                                0x00000000
                                                                                                                0x004059e0
                                                                                                                0x00000000
                                                                                                                0x004059dd
                                                                                                                0x004059ec

                                                                                                                APIs
                                                                                                                • CharNextA.USER32(?,00403378,"C:\Users\user\Desktop\SetupWIService.exe",00000020,"C:\Users\user\Desktop\SetupWIService.exe",00000000,?,00000006,00000008,0000000A), ref: 004059E0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharNext
                                                                                                                • String ID:
                                                                                                                • API String ID: 3213498283-0
                                                                                                                • Opcode ID: b3d75e14ea0bc4fa348e11ce3f4095a46dc29e6244dbf990e81a5bdbde5f45a4
                                                                                                                • Instruction ID: fb46cbef96bab5e8de83f3e70455494bb3dc5217d55310dbd9e97dfd5a00caf8
                                                                                                                • Opcode Fuzzy Hash: b3d75e14ea0bc4fa348e11ce3f4095a46dc29e6244dbf990e81a5bdbde5f45a4
                                                                                                                • Instruction Fuzzy Hash: 17C0807040C540E7C5105720912556B7FE49B52310F6484DBF4C173251C1345C008F25
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 00404530 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 274stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 78%
                                                                                                                			E00404530(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;
				void* _t205;

				_t156 = __edx;
				_t82 =  *0x42a048; // 0x678964
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + "0x0000565B";
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405710(0x3fb, _t146);
					E0040627A(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405710(0x3fb, _t146);
							if(E00405A96(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00406010(0x429840, _t146);
							_t87 = E004063A8(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406010(0x429840, _t146);
								_t89 = E00405A41(0x429840);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x429840,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x429840) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x429840,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E004059EF(0x429840);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x429840) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E004049C4(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42ebdc; // 0x684cf5
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E004049AC(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x429830);
									} else {
										E004048E7(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42f4c4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E004040C0(0 | _v8 == _t158);
								if(_v8 == _t158) {
									_t205 =  *0x42a860 - _t158; // 0x0
									if(_t205 == 0) {
										E00404489();
									}
								}
								 *0x42a860 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x42a870;
							_v60 = E00404881;
							_v56 = _t146;
							_v68 = E00406032(_t146, 0x42a870, _t166, 0x429c48, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004059A8(_t146);
								_t125 =  *((intOrPtr*)( *0x42f414 + 0x11c));
								if( *((intOrPtr*)( *0x42f414 + 0x11c)) != 0 && _t146 == "C:\\Program Files\\Wildix\\WIService") {
									E00406032(_t146, 0x42a870, _t166, 0, _t125);
									if(lstrcmpiA(0x42e3a0, 0x42a870) != 0) {
										lstrcatA(_t146, 0x42e3a0);
									}
								}
								 *0x42a860 =  *0x42a860 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					} else {
						_a8 = 0x40f;
						goto L12;
					}
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405A15(_t146) != 0 && E00405A41(_t146) == 0) {
						E004059A8(_t146);
					}
					 *0x42ebd8 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E0040409E(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E0040409E(_t166);
					E004040D3(_t165);
					_t138 = E004063A8(7);
					if(_t138 == 0) {
						L53:
						return E00404105(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}















































                                                                                                                0x00404530
                                                                                                                0x00404536
                                                                                                                0x0040453c
                                                                                                                0x00404549
                                                                                                                0x00404557
                                                                                                                0x0040455a
                                                                                                                0x00404562
                                                                                                                0x00404568
                                                                                                                0x00404568
                                                                                                                0x00404574
                                                                                                                0x00404577
                                                                                                                0x004045e5
                                                                                                                0x004045ec
                                                                                                                0x004046c3
                                                                                                                0x004046ca
                                                                                                                0x004046d9
                                                                                                                0x004046d9
                                                                                                                0x004046dd
                                                                                                                0x004046e7
                                                                                                                0x004046f4
                                                                                                                0x004046f6
                                                                                                                0x004046f6
                                                                                                                0x00404704
                                                                                                                0x0040470b
                                                                                                                0x00404712
                                                                                                                0x00404715
                                                                                                                0x0040474c
                                                                                                                0x0040474e
                                                                                                                0x00404754
                                                                                                                0x00404759
                                                                                                                0x0040475d
                                                                                                                0x0040475f
                                                                                                                0x0040475f
                                                                                                                0x0040477b
                                                                                                                0x00000000
                                                                                                                0x0040477d
                                                                                                                0x00404780
                                                                                                                0x0040478e
                                                                                                                0x00404794
                                                                                                                0x00404795
                                                                                                                0x00404798
                                                                                                                0x0040479b
                                                                                                                0x00000000
                                                                                                                0x0040479b
                                                                                                                0x00404717
                                                                                                                0x00404719
                                                                                                                0x0040471d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040471f
                                                                                                                0x0040471f
                                                                                                                0x0040472c
                                                                                                                0x00404731
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404735
                                                                                                                0x00404737
                                                                                                                0x00404737
                                                                                                                0x0040473f
                                                                                                                0x00404741
                                                                                                                0x00404744
                                                                                                                0x00404747
                                                                                                                0x0040474a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040474a
                                                                                                                0x004047a7
                                                                                                                0x004047b1
                                                                                                                0x004047b4
                                                                                                                0x004047b7
                                                                                                                0x004047be
                                                                                                                0x004047be
                                                                                                                0x004047c0
                                                                                                                0x004047c0
                                                                                                                0x004047c5
                                                                                                                0x004047c7
                                                                                                                0x004047cf
                                                                                                                0x004047d6
                                                                                                                0x004047d8
                                                                                                                0x004047e3
                                                                                                                0x004047e3
                                                                                                                0x004047d8
                                                                                                                0x004047ea
                                                                                                                0x004047f3
                                                                                                                0x004047fd
                                                                                                                0x00404805
                                                                                                                0x00404820
                                                                                                                0x00404807
                                                                                                                0x00404810
                                                                                                                0x00404810
                                                                                                                0x00404805
                                                                                                                0x00404825
                                                                                                                0x0040482a
                                                                                                                0x0040482f
                                                                                                                0x00404838
                                                                                                                0x00404838
                                                                                                                0x00404841
                                                                                                                0x00404843
                                                                                                                0x00404843
                                                                                                                0x0040484f
                                                                                                                0x00404857
                                                                                                                0x00404859
                                                                                                                0x0040485f
                                                                                                                0x00404861
                                                                                                                0x00404861
                                                                                                                0x0040485f
                                                                                                                0x00404866
                                                                                                                0x00000000
                                                                                                                0x00404866
                                                                                                                0x00404715
                                                                                                                0x004046cc
                                                                                                                0x004046d3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004046d3
                                                                                                                0x004045f2
                                                                                                                0x004045fb
                                                                                                                0x00404615
                                                                                                                0x0040461a
                                                                                                                0x00404624
                                                                                                                0x0040462b
                                                                                                                0x00404637
                                                                                                                0x0040463a
                                                                                                                0x0040463d
                                                                                                                0x00404644
                                                                                                                0x0040464c
                                                                                                                0x0040464f
                                                                                                                0x00404653
                                                                                                                0x0040465a
                                                                                                                0x00404662
                                                                                                                0x004046bc
                                                                                                                0x00404664
                                                                                                                0x00404665
                                                                                                                0x0040466c
                                                                                                                0x00404676
                                                                                                                0x0040467e
                                                                                                                0x0040468b
                                                                                                                0x0040469f
                                                                                                                0x004046a3
                                                                                                                0x004046a3
                                                                                                                0x0040469f
                                                                                                                0x004046a8
                                                                                                                0x004046b5
                                                                                                                0x004046b5
                                                                                                                0x00404662
                                                                                                                0x00000000
                                                                                                                0x0040461a
                                                                                                                0x00404608
                                                                                                                0x00000000
                                                                                                                0x0040460e
                                                                                                                0x0040460e
                                                                                                                0x00000000
                                                                                                                0x0040460e
                                                                                                                0x00404579
                                                                                                                0x00404586
                                                                                                                0x0040458f
                                                                                                                0x0040459c
                                                                                                                0x0040459c
                                                                                                                0x004045a3
                                                                                                                0x004045a9
                                                                                                                0x004045b2
                                                                                                                0x004045b5
                                                                                                                0x004045b8
                                                                                                                0x004045c0
                                                                                                                0x004045c3
                                                                                                                0x004045c6
                                                                                                                0x004045cc
                                                                                                                0x004045d3
                                                                                                                0x004045da
                                                                                                                0x0040486c
                                                                                                                0x0040487e
                                                                                                                0x004045e0
                                                                                                                0x004045e3
                                                                                                                0x00000000
                                                                                                                0x004045e3
                                                                                                                0x004045da

                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32 ref: 0040457F
                                                                                                                • SetWindowTextA.USER32(00000000,?), ref: 004045A9
                                                                                                                • SHBrowseForFolderA.SHELL32(?,00429C48,?), ref: 0040465A
                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404665
                                                                                                                • lstrcmpiA.KERNEL32(Remove folder: ,Wildix Integration Service v3.11.3 Setup ,00000000,?,?), ref: 00404697
                                                                                                                • lstrcatA.KERNEL32(?,Remove folder: ), ref: 004046A3
                                                                                                                • SetDlgItemTextA.USER32 ref: 004046B5
                                                                                                                  • Part of subcall function 00405710: GetDlgItemTextA.USER32 ref: 00405723
                                                                                                                  • Part of subcall function 0040627A: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SetupWIService.exe",7476FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062D2
                                                                                                                  • Part of subcall function 0040627A: CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004062DF
                                                                                                                  • Part of subcall function 0040627A: CharNextA.USER32(?,"C:\Users\user\Desktop\SetupWIService.exe",7476FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062E4
                                                                                                                  • Part of subcall function 0040627A: CharPrevA.USER32(?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062F4
                                                                                                                • GetDiskFreeSpaceA.KERNEL32(00429840,?,?,0000040F,?,00429840,00429840,?,00000001,00429840,?,?,000003FB,?), ref: 00404773
                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040478E
                                                                                                                  • Part of subcall function 004048E7: lstrlenA.KERNEL32(Wildix Integration Service v3.11.3 Setup ,Wildix Integration Service v3.11.3 Setup ,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404802,000000DF,00000000,00000400,?), ref: 00404985
                                                                                                                  • Part of subcall function 004048E7: wsprintfA.USER32 ref: 0040498D
                                                                                                                  • Part of subcall function 004048E7: SetDlgItemTextA.USER32 ref: 004049A0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                • String ID: 0x0000565B$A$C:\Program Files\Wildix\WIService$Remove folder: $Wildix Integration Service v3.11.3 Setup
                                                                                                                • API String ID: 2624150263-1947673845
                                                                                                                • Opcode ID: f8c5b323b79a30612e5f20638997160abd30a80c2805ffb51c5d0b55a3138d2a
                                                                                                                • Instruction ID: 05eea3de79cf24fe9bb33e9012793c4f482d3b98f46f23a5f19240ee3c7d349e
                                                                                                                • Opcode Fuzzy Hash: f8c5b323b79a30612e5f20638997160abd30a80c2805ffb51c5d0b55a3138d2a
                                                                                                                • Instruction Fuzzy Hash: 78A160B1900218ABDB11AFA6CD45AAF77B8AF85314F14843BF601B62D1D77C8A418B6D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004067ED Relevance: .3, Instructions: 334COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E004067ED(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E00406F5C( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x408400; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x408400; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E00406FC4( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M00406F1C))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x42e388;
												if( *0x42e388 != 0) {
													L22:
													_t412 =  *0x40a40c; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x40a410; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x42d204; // 0x42db08
													_t446[5] = _t414;
													_t415 =  *0x42d200; // 0x42e308
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x42d208;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x42d688;
													if(_t416 < 0x42d688) {
														L15:
														__eflags = _t416 - 0x42d444;
														_t438 = 8;
														if(_t416 > 0x42d444) {
															__eflags = _t416 - 0x42d608;
															if(_t416 >= 0x42d608) {
																__eflags = _t416 - 0x42d668;
																if(_t416 < 0x42d668) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E00406FC4(0x42d208, 0x120, 0x101, 0x408414, 0x408454, 0x42d204, 0x40a40c, 0x42db08, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x42d208, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x42d208 + _t440;
														E00406FC4(0x42d208, 0x1e, 0, 0x408494, 0x4084d0, 0x42d200, 0x40a410, 0x42db08, _t448 - 8);
														 *0x42e388 =  *0x42e388 + 1;
														__eflags =  *0x42e388;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405B64( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E00406FC4( &(__esi[3]), __edi, 0x101, 0x408414, 0x408454, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E00406FC4(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x408494, 0x4084d0, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                                                                                                0x004067ed
                                                                                                                0x004067ed
                                                                                                                0x004067ed
                                                                                                                0x004067ed
                                                                                                                0x004067ed
                                                                                                                0x004067f1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004067f7
                                                                                                                0x004067f7
                                                                                                                0x004067fa
                                                                                                                0x004067fd
                                                                                                                0x00406802
                                                                                                                0x00406804
                                                                                                                0x00406807
                                                                                                                0x0040680a
                                                                                                                0x0040680d
                                                                                                                0x0040680d
                                                                                                                0x00406810
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406812
                                                                                                                0x00406812
                                                                                                                0x00406815
                                                                                                                0x0040681a
                                                                                                                0x0040681c
                                                                                                                0x0040681f
                                                                                                                0x00406825
                                                                                                                0x00406584
                                                                                                                0x00406584
                                                                                                                0x00406587
                                                                                                                0x0040658d
                                                                                                                0x00406593
                                                                                                                0x0040659c
                                                                                                                0x004065a2
                                                                                                                0x004065a5
                                                                                                                0x004065ac
                                                                                                                0x004065b1
                                                                                                                0x004065b7
                                                                                                                0x004065c2
                                                                                                                0x004065c2
                                                                                                                0x0040682b
                                                                                                                0x0040682b
                                                                                                                0x00406835
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040683b
                                                                                                                0x0040683b
                                                                                                                0x0040683f
                                                                                                                0x00406842
                                                                                                                0x00406842
                                                                                                                0x00406846
                                                                                                                0x0040684c
                                                                                                                0x0040684c
                                                                                                                0x0040684f
                                                                                                                0x00406852
                                                                                                                0x00406858
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040685a
                                                                                                                0x0040687c
                                                                                                                0x0040687c
                                                                                                                0x0040687f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040685c
                                                                                                                0x00406860
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406866
                                                                                                                0x00406866
                                                                                                                0x00406869
                                                                                                                0x0040686c
                                                                                                                0x00406871
                                                                                                                0x00406873
                                                                                                                0x00406876
                                                                                                                0x00406879
                                                                                                                0x00406879
                                                                                                                0x00406881
                                                                                                                0x00406881
                                                                                                                0x00406887
                                                                                                                0x0040688a
                                                                                                                0x0040688d
                                                                                                                0x0040688d
                                                                                                                0x00406894
                                                                                                                0x00406898
                                                                                                                0x0040689c
                                                                                                                0x0040689f
                                                                                                                0x004068a2
                                                                                                                0x004068a8
                                                                                                                0x004068ad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004068af
                                                                                                                0x004068c3
                                                                                                                0x004068c3
                                                                                                                0x004068c7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004068b1
                                                                                                                0x004068b4
                                                                                                                0x004068b4
                                                                                                                0x004068bb
                                                                                                                0x004068c0
                                                                                                                0x004068c0
                                                                                                                0x004068c0
                                                                                                                0x004068c9
                                                                                                                0x004068c9
                                                                                                                0x004068cc
                                                                                                                0x004068da
                                                                                                                0x004068e0
                                                                                                                0x004068e5
                                                                                                                0x004068eb
                                                                                                                0x004068f1
                                                                                                                0x004068f7
                                                                                                                0x004068fe
                                                                                                                0x00406912
                                                                                                                0x00406912
                                                                                                                0x00406ee1
                                                                                                                0x00406ee1
                                                                                                                0x00406ee1
                                                                                                                0x00406ee6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040651e
                                                                                                                0x0040651e
                                                                                                                0x00000000
                                                                                                                0x00406b19
                                                                                                                0x00406b19
                                                                                                                0x00406b1d
                                                                                                                0x00406b20
                                                                                                                0x00406b23
                                                                                                                0x00406b26
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406b2c
                                                                                                                0x00406b2c
                                                                                                                0x00406b51
                                                                                                                0x00406b51
                                                                                                                0x00406b51
                                                                                                                0x00406b53
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406b31
                                                                                                                0x00406b31
                                                                                                                0x00406b35
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406b3b
                                                                                                                0x00406b3b
                                                                                                                0x00406b3e
                                                                                                                0x00406b41
                                                                                                                0x00406b44
                                                                                                                0x00406b46
                                                                                                                0x00406b48
                                                                                                                0x00406b4b
                                                                                                                0x00406b4e
                                                                                                                0x00406b4e
                                                                                                                0x00406b4e
                                                                                                                0x00406b55
                                                                                                                0x00406b55
                                                                                                                0x00406b5d
                                                                                                                0x00406b60
                                                                                                                0x00406b63
                                                                                                                0x00406b66
                                                                                                                0x00406b6a
                                                                                                                0x00406b6d
                                                                                                                0x00406b6f
                                                                                                                0x00406b72
                                                                                                                0x00406b74
                                                                                                                0x00406b88
                                                                                                                0x00406b88
                                                                                                                0x00406b8b
                                                                                                                0x00406ba5
                                                                                                                0x00406ba5
                                                                                                                0x00406ba8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406bae
                                                                                                                0x00406bae
                                                                                                                0x00406bb1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406bb7
                                                                                                                0x00406bb7
                                                                                                                0x00000000
                                                                                                                0x00406bb7
                                                                                                                0x00406b8d
                                                                                                                0x00406b90
                                                                                                                0x00406b97
                                                                                                                0x00406b9a
                                                                                                                0x00000000
                                                                                                                0x00406b9a
                                                                                                                0x00406b76
                                                                                                                0x00406b7a
                                                                                                                0x00406b7d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406bc2
                                                                                                                0x00406bc2
                                                                                                                0x00406be7
                                                                                                                0x00406be7
                                                                                                                0x00406be7
                                                                                                                0x00406be9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406bc7
                                                                                                                0x00406bc7
                                                                                                                0x00406bcb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406bd1
                                                                                                                0x00406bd1
                                                                                                                0x00406bd4
                                                                                                                0x00406bd7
                                                                                                                0x00406bda
                                                                                                                0x00406bdc
                                                                                                                0x00406bde
                                                                                                                0x00406be1
                                                                                                                0x00406be4
                                                                                                                0x00406be4
                                                                                                                0x00406be4
                                                                                                                0x00406beb
                                                                                                                0x00406bf3
                                                                                                                0x00406bf6
                                                                                                                0x00406bf9
                                                                                                                0x00406bfb
                                                                                                                0x00406bfe
                                                                                                                0x00406bfe
                                                                                                                0x00406c00
                                                                                                                0x00406c04
                                                                                                                0x00406c07
                                                                                                                0x00406c0a
                                                                                                                0x00406c0d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406c13
                                                                                                                0x00406c13
                                                                                                                0x00406c38
                                                                                                                0x00406c38
                                                                                                                0x00406c38
                                                                                                                0x00406c3a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406c18
                                                                                                                0x00406c18
                                                                                                                0x00406c1c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406c22
                                                                                                                0x00406c22
                                                                                                                0x00406c25
                                                                                                                0x00406c28
                                                                                                                0x00406c2b
                                                                                                                0x00406c2d
                                                                                                                0x00406c2f
                                                                                                                0x00406c32
                                                                                                                0x00406c35
                                                                                                                0x00406c35
                                                                                                                0x00406c35
                                                                                                                0x00406c3c
                                                                                                                0x00406c3c
                                                                                                                0x00406c44
                                                                                                                0x00406c47
                                                                                                                0x00406c4a
                                                                                                                0x00406c4d
                                                                                                                0x00406c51
                                                                                                                0x00406c54
                                                                                                                0x00406c56
                                                                                                                0x00406c59
                                                                                                                0x00406c5c
                                                                                                                0x00406c76
                                                                                                                0x00406c76
                                                                                                                0x00406c79
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406c7f
                                                                                                                0x00406c7f
                                                                                                                0x00406c82
                                                                                                                0x00406c89
                                                                                                                0x00000000
                                                                                                                0x00406c89
                                                                                                                0x00406c5e
                                                                                                                0x00406c61
                                                                                                                0x00406c68
                                                                                                                0x00406c6b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406c91
                                                                                                                0x00406c91
                                                                                                                0x00406cb6
                                                                                                                0x00406cb6
                                                                                                                0x00406cb6
                                                                                                                0x00406cb8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406c96
                                                                                                                0x00406c96
                                                                                                                0x00406c9a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406ca0
                                                                                                                0x00406ca0
                                                                                                                0x00406ca3
                                                                                                                0x00406ca6
                                                                                                                0x00406ca9
                                                                                                                0x00406cab
                                                                                                                0x00406cad
                                                                                                                0x00406cb0
                                                                                                                0x00406cb3
                                                                                                                0x00406cb3
                                                                                                                0x00406cb3
                                                                                                                0x00406cba
                                                                                                                0x00406cc2
                                                                                                                0x00406cc5
                                                                                                                0x00406cc8
                                                                                                                0x00406cca
                                                                                                                0x00406ccd
                                                                                                                0x00406ccd
                                                                                                                0x00406ccf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406cd5
                                                                                                                0x00406cd5
                                                                                                                0x00406cd8
                                                                                                                0x00406cdd
                                                                                                                0x00406cdf
                                                                                                                0x00406ce5
                                                                                                                0x00406ce7
                                                                                                                0x00406cfc
                                                                                                                0x00406cfe
                                                                                                                0x00406cfe
                                                                                                                0x00406ce9
                                                                                                                0x00406cef
                                                                                                                0x00406cf1
                                                                                                                0x00406cf3
                                                                                                                0x00406cf3
                                                                                                                0x00406d00
                                                                                                                0x00406d04
                                                                                                                0x00406d07
                                                                                                                0x00406d0d
                                                                                                                0x00406d0d
                                                                                                                0x00406d10
                                                                                                                0x00406d10
                                                                                                                0x00406d10
                                                                                                                0x00406d12
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406d18
                                                                                                                0x00406d18
                                                                                                                0x00406d1e
                                                                                                                0x00406d20
                                                                                                                0x00406d45
                                                                                                                0x00406d48
                                                                                                                0x00406d4e
                                                                                                                0x00406d53
                                                                                                                0x00406d59
                                                                                                                0x00406d5f
                                                                                                                0x00406d61
                                                                                                                0x00406d64
                                                                                                                0x00406d6d
                                                                                                                0x00406d73
                                                                                                                0x00406d73
                                                                                                                0x00406d66
                                                                                                                0x00406d68
                                                                                                                0x00406d6a
                                                                                                                0x00406d6a
                                                                                                                0x00406d75
                                                                                                                0x00406d7b
                                                                                                                0x00406d7d
                                                                                                                0x00406d80
                                                                                                                0x00406d82
                                                                                                                0x00406d88
                                                                                                                0x00406d8a
                                                                                                                0x00406d8c
                                                                                                                0x00406d8e
                                                                                                                0x00406d90
                                                                                                                0x00406d93
                                                                                                                0x00406d9c
                                                                                                                0x00406d9f
                                                                                                                0x00406d9f
                                                                                                                0x00406d95
                                                                                                                0x00406d95
                                                                                                                0x00406d98
                                                                                                                0x00406d98
                                                                                                                0x00406d93
                                                                                                                0x00406d8a
                                                                                                                0x00406da1
                                                                                                                0x00406da3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406da3
                                                                                                                0x00406d22
                                                                                                                0x00406d22
                                                                                                                0x00406d28
                                                                                                                0x00406d2e
                                                                                                                0x00406d30
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406d32
                                                                                                                0x00406d32
                                                                                                                0x00406d34
                                                                                                                0x00406d36
                                                                                                                0x00406d3f
                                                                                                                0x00406d3f
                                                                                                                0x00406d38
                                                                                                                0x00406d38
                                                                                                                0x00406d3b
                                                                                                                0x00406d3b
                                                                                                                0x00406d41
                                                                                                                0x00406d43
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406da9
                                                                                                                0x00406da9
                                                                                                                0x00406dae
                                                                                                                0x00406db0
                                                                                                                0x00406db1
                                                                                                                0x00406db2
                                                                                                                0x00406db3
                                                                                                                0x00406db9
                                                                                                                0x00406dbc
                                                                                                                0x00406dbf
                                                                                                                0x00406dc2
                                                                                                                0x00406dc4
                                                                                                                0x00406dca
                                                                                                                0x00406dca
                                                                                                                0x00406dcd
                                                                                                                0x00406dcd
                                                                                                                0x00406dcd
                                                                                                                0x00406dcd
                                                                                                                0x00406dd6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406ddb
                                                                                                                0x00406ddb
                                                                                                                0x00406dde
                                                                                                                0x00406de1
                                                                                                                0x00406de3
                                                                                                                0x00406e7a
                                                                                                                0x00406e7a
                                                                                                                0x00406e7d
                                                                                                                0x00406e7f
                                                                                                                0x00406e80
                                                                                                                0x00406e81
                                                                                                                0x00406e84
                                                                                                                0x00000000
                                                                                                                0x00406e84
                                                                                                                0x00406de9
                                                                                                                0x00406de9
                                                                                                                0x00406def
                                                                                                                0x00406df1
                                                                                                                0x00406e16
                                                                                                                0x00406e19
                                                                                                                0x00406e1f
                                                                                                                0x00406e24
                                                                                                                0x00406e2a
                                                                                                                0x00406e30
                                                                                                                0x00406e32
                                                                                                                0x00406e35
                                                                                                                0x00406e3e
                                                                                                                0x00406e44
                                                                                                                0x00406e44
                                                                                                                0x00406e37
                                                                                                                0x00406e39
                                                                                                                0x00406e3b
                                                                                                                0x00406e3b
                                                                                                                0x00406e46
                                                                                                                0x00406e4c
                                                                                                                0x00406e4e
                                                                                                                0x00406e51
                                                                                                                0x00406e53
                                                                                                                0x00406e59
                                                                                                                0x00406e5b
                                                                                                                0x00406e5d
                                                                                                                0x00406e5f
                                                                                                                0x00406e61
                                                                                                                0x00406e64
                                                                                                                0x00406e6d
                                                                                                                0x00406e70
                                                                                                                0x00406e70
                                                                                                                0x00406e66
                                                                                                                0x00406e66
                                                                                                                0x00406e69
                                                                                                                0x00406e69
                                                                                                                0x00406e64
                                                                                                                0x00406e5b
                                                                                                                0x00406e72
                                                                                                                0x00406e74
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406e74
                                                                                                                0x00406df3
                                                                                                                0x00406df3
                                                                                                                0x00406df9
                                                                                                                0x00406dff
                                                                                                                0x00406e01
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406e03
                                                                                                                0x00406e03
                                                                                                                0x00406e05
                                                                                                                0x00406e07
                                                                                                                0x00406e0e
                                                                                                                0x00406e0e
                                                                                                                0x00406e10
                                                                                                                0x00406e09
                                                                                                                0x00406e09
                                                                                                                0x00406e0b
                                                                                                                0x00406e0b
                                                                                                                0x00406e12
                                                                                                                0x00406e14
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406e8c
                                                                                                                0x00406e8c
                                                                                                                0x00406e8f
                                                                                                                0x00406e91
                                                                                                                0x00406e94
                                                                                                                0x00406e97
                                                                                                                0x00406e97
                                                                                                                0x00406e97
                                                                                                                0x00406e97
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406545
                                                                                                                0x00406529
                                                                                                                0x00000000
                                                                                                                0x0040652f
                                                                                                                0x00406532
                                                                                                                0x0040653c
                                                                                                                0x0040653f
                                                                                                                0x00406542
                                                                                                                0x00000000
                                                                                                                0x00406542
                                                                                                                0x00406529
                                                                                                                0x0040654d
                                                                                                                0x00406550
                                                                                                                0x00406554
                                                                                                                0x0040655e
                                                                                                                0x00406568
                                                                                                                0x0040656b
                                                                                                                0x00406571
                                                                                                                0x004066a5
                                                                                                                0x004066a7
                                                                                                                0x004066ad
                                                                                                                0x004066b0
                                                                                                                0x004066b3
                                                                                                                0x00000000
                                                                                                                0x004066b3
                                                                                                                0x00406577
                                                                                                                0x00406577
                                                                                                                0x00406578
                                                                                                                0x004065d0
                                                                                                                0x004065d0
                                                                                                                0x004065d7
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x00406682
                                                                                                                0x00406685
                                                                                                                0x0040668a
                                                                                                                0x0040668d
                                                                                                                0x00406692
                                                                                                                0x00406695
                                                                                                                0x0040669a
                                                                                                                0x0040669d
                                                                                                                0x0040669d
                                                                                                                0x00000000
                                                                                                                0x004065dd
                                                                                                                0x004065dd
                                                                                                                0x004065dd
                                                                                                                0x004065dd
                                                                                                                0x004065e1
                                                                                                                0x004065e1
                                                                                                                0x00406603
                                                                                                                0x00406606
                                                                                                                0x00406608
                                                                                                                0x0040660b
                                                                                                                0x00406610
                                                                                                                0x004065e6
                                                                                                                0x004065e6
                                                                                                                0x004065eb
                                                                                                                0x004065ed
                                                                                                                0x004065ef
                                                                                                                0x004065f4
                                                                                                                0x004065fa
                                                                                                                0x004065ff
                                                                                                                0x00406601
                                                                                                                0x00406601
                                                                                                                0x004065f6
                                                                                                                0x004065f6
                                                                                                                0x004065f6
                                                                                                                0x004065f4
                                                                                                                0x00000000
                                                                                                                0x00406612
                                                                                                                0x0040663f
                                                                                                                0x00406644
                                                                                                                0x00406646
                                                                                                                0x00406647
                                                                                                                0x00406649
                                                                                                                0x0040664a
                                                                                                                0x0040664a
                                                                                                                0x0040664a
                                                                                                                0x00406672
                                                                                                                0x00406677
                                                                                                                0x00406677
                                                                                                                0x00000000
                                                                                                                0x00406677
                                                                                                                0x00406610
                                                                                                                0x004065d7
                                                                                                                0x0040657a
                                                                                                                0x0040657a
                                                                                                                0x0040657b
                                                                                                                0x004065c5
                                                                                                                0x00000000
                                                                                                                0x004065c5
                                                                                                                0x0040657d
                                                                                                                0x0040657e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004066da
                                                                                                                0x004066da
                                                                                                                0x004066da
                                                                                                                0x004066dd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004066ba
                                                                                                                0x004066ba
                                                                                                                0x004066be
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004066c4
                                                                                                                0x004066c4
                                                                                                                0x004066c7
                                                                                                                0x004066ca
                                                                                                                0x004066cf
                                                                                                                0x004066d1
                                                                                                                0x004066d4
                                                                                                                0x004066d7
                                                                                                                0x004066d7
                                                                                                                0x004066d7
                                                                                                                0x004066df
                                                                                                                0x004066df
                                                                                                                0x004066e2
                                                                                                                0x004066e4
                                                                                                                0x004066e9
                                                                                                                0x004066ec
                                                                                                                0x004066ee
                                                                                                                0x004066f1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004066f7
                                                                                                                0x004066f7
                                                                                                                0x004066f9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004066ff
                                                                                                                0x004066ff
                                                                                                                0x00406703
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406709
                                                                                                                0x00406709
                                                                                                                0x0040670c
                                                                                                                0x0040670e
                                                                                                                0x004067ac
                                                                                                                0x004067ac
                                                                                                                0x004067af
                                                                                                                0x004067b1
                                                                                                                0x004067b1
                                                                                                                0x004067b4
                                                                                                                0x004067b7
                                                                                                                0x004067b9
                                                                                                                0x004067bb
                                                                                                                0x004067bd
                                                                                                                0x004067bd
                                                                                                                0x004067c6
                                                                                                                0x004067cb
                                                                                                                0x004067ce
                                                                                                                0x004067d1
                                                                                                                0x004067d4
                                                                                                                0x004067d7
                                                                                                                0x004067d7
                                                                                                                0x004067d7
                                                                                                                0x004067da
                                                                                                                0x004067e0
                                                                                                                0x004067e0
                                                                                                                0x004067e6
                                                                                                                0x004067e6
                                                                                                                0x004067e6
                                                                                                                0x00000000
                                                                                                                0x004067da
                                                                                                                0x00406714
                                                                                                                0x00406714
                                                                                                                0x0040671a
                                                                                                                0x0040671d
                                                                                                                0x0040671f
                                                                                                                0x0040674a
                                                                                                                0x0040674d
                                                                                                                0x00406753
                                                                                                                0x00406758
                                                                                                                0x0040675e
                                                                                                                0x00406764
                                                                                                                0x00406766
                                                                                                                0x00406769
                                                                                                                0x00406772
                                                                                                                0x00406778
                                                                                                                0x00406778
                                                                                                                0x0040676b
                                                                                                                0x0040676d
                                                                                                                0x0040676f
                                                                                                                0x0040676f
                                                                                                                0x0040677a
                                                                                                                0x00406780
                                                                                                                0x00406783
                                                                                                                0x00406785
                                                                                                                0x00406787
                                                                                                                0x0040678d
                                                                                                                0x0040678f
                                                                                                                0x00406791
                                                                                                                0x00406794
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x0040679f
                                                                                                                0x00406796
                                                                                                                0x00406796
                                                                                                                0x00406799
                                                                                                                0x00406799
                                                                                                                0x004067a1
                                                                                                                0x004067a1
                                                                                                                0x0040678f
                                                                                                                0x004067a4
                                                                                                                0x004067a6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004067a6
                                                                                                                0x00406721
                                                                                                                0x00406721
                                                                                                                0x00406727
                                                                                                                0x0040672d
                                                                                                                0x0040672f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406731
                                                                                                                0x00406731
                                                                                                                0x00406733
                                                                                                                0x00406735
                                                                                                                0x00406738
                                                                                                                0x0040673f
                                                                                                                0x0040673f
                                                                                                                0x00406741
                                                                                                                0x0040673a
                                                                                                                0x0040673a
                                                                                                                0x0040673c
                                                                                                                0x0040673c
                                                                                                                0x00406743
                                                                                                                0x00406745
                                                                                                                0x00406748
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040684c
                                                                                                                0x0040684f
                                                                                                                0x00406852
                                                                                                                0x00406858
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406a2f
                                                                                                                0x00406a2f
                                                                                                                0x00406a2f
                                                                                                                0x00406a32
                                                                                                                0x00406a35
                                                                                                                0x00406a37
                                                                                                                0x00406a3a
                                                                                                                0x00406a40
                                                                                                                0x00406a47
                                                                                                                0x00406a49
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040691d
                                                                                                                0x0040691d
                                                                                                                0x00406945
                                                                                                                0x00406945
                                                                                                                0x00406945
                                                                                                                0x00406947
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406925
                                                                                                                0x00406925
                                                                                                                0x00406929
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040692f
                                                                                                                0x0040692f
                                                                                                                0x00406932
                                                                                                                0x00406935
                                                                                                                0x00406938
                                                                                                                0x0040693a
                                                                                                                0x0040693c
                                                                                                                0x0040693f
                                                                                                                0x00406942
                                                                                                                0x00406942
                                                                                                                0x00406942
                                                                                                                0x00406949
                                                                                                                0x00406949
                                                                                                                0x00406951
                                                                                                                0x00406954
                                                                                                                0x0040695a
                                                                                                                0x0040695d
                                                                                                                0x00406961
                                                                                                                0x00406965
                                                                                                                0x00406968
                                                                                                                0x0040696b
                                                                                                                0x00406983
                                                                                                                0x00406983
                                                                                                                0x00406986
                                                                                                                0x00406994
                                                                                                                0x00406997
                                                                                                                0x00406988
                                                                                                                0x00406988
                                                                                                                0x0040698a
                                                                                                                0x00406991
                                                                                                                0x00406991
                                                                                                                0x004069c0
                                                                                                                0x004069c0
                                                                                                                0x004069c0
                                                                                                                0x004069c3
                                                                                                                0x004069c5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004069a0
                                                                                                                0x004069a0
                                                                                                                0x004069a4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004069aa
                                                                                                                0x004069aa
                                                                                                                0x004069ad
                                                                                                                0x004069b0
                                                                                                                0x004069b3
                                                                                                                0x004069b5
                                                                                                                0x004069b7
                                                                                                                0x004069ba
                                                                                                                0x004069bd
                                                                                                                0x004069bd
                                                                                                                0x004069bd
                                                                                                                0x004069c7
                                                                                                                0x004069c7
                                                                                                                0x004069c9
                                                                                                                0x004069cb
                                                                                                                0x004069d6
                                                                                                                0x004069d9
                                                                                                                0x004069dc
                                                                                                                0x004069de
                                                                                                                0x004069e0
                                                                                                                0x004069e2
                                                                                                                0x004069e5
                                                                                                                0x004069e8
                                                                                                                0x004069ed
                                                                                                                0x004069f0
                                                                                                                0x004069f3
                                                                                                                0x004069f6
                                                                                                                0x004069fd
                                                                                                                0x00406a00
                                                                                                                0x00406a02
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406a08
                                                                                                                0x00406a08
                                                                                                                0x00406a0c
                                                                                                                0x00406a1d
                                                                                                                0x00406a1d
                                                                                                                0x00406a1d
                                                                                                                0x00406a1f
                                                                                                                0x00406a1f
                                                                                                                0x00406a23
                                                                                                                0x00406a23
                                                                                                                0x00406a23
                                                                                                                0x00406a25
                                                                                                                0x00406a26
                                                                                                                0x00406a29
                                                                                                                0x00406a29
                                                                                                                0x00406a29
                                                                                                                0x00406a2c
                                                                                                                0x00000000
                                                                                                                0x00406a2c
                                                                                                                0x00406a0e
                                                                                                                0x00406a0e
                                                                                                                0x00406a11
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406a17
                                                                                                                0x00406a17
                                                                                                                0x00000000
                                                                                                                0x00406a17
                                                                                                                0x0040696d
                                                                                                                0x0040696d
                                                                                                                0x0040696f
                                                                                                                0x00406971
                                                                                                                0x00406974
                                                                                                                0x00406977
                                                                                                                0x0040697b
                                                                                                                0x0040697b
                                                                                                                0x00406a4f
                                                                                                                0x00406a4f
                                                                                                                0x00406a52
                                                                                                                0x00406a59
                                                                                                                0x00406a5d
                                                                                                                0x00406a5f
                                                                                                                0x00406a62
                                                                                                                0x00406a65
                                                                                                                0x00406a6a
                                                                                                                0x00406a6d
                                                                                                                0x00406a6f
                                                                                                                0x00406a70
                                                                                                                0x00406a73
                                                                                                                0x00406a7e
                                                                                                                0x00406a81
                                                                                                                0x00406a98
                                                                                                                0x00406a9d
                                                                                                                0x00406aa4
                                                                                                                0x00406aa9
                                                                                                                0x00406aad
                                                                                                                0x00406aaf
                                                                                                                0x00406aaf
                                                                                                                0x00406aaf
                                                                                                                0x00406ab2
                                                                                                                0x00406ab4
                                                                                                                0x00000000
                                                                                                                0x00406aba
                                                                                                                0x00406aba
                                                                                                                0x00406abe
                                                                                                                0x00406ac9
                                                                                                                0x00406adc
                                                                                                                0x00406ae1
                                                                                                                0x00406ae6
                                                                                                                0x00406ae8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406aee
                                                                                                                0x00406aee
                                                                                                                0x00406af1
                                                                                                                0x00406af3
                                                                                                                0x00406b01
                                                                                                                0x00406b01
                                                                                                                0x00406b04
                                                                                                                0x00406b04
                                                                                                                0x00406b07
                                                                                                                0x00406b0a
                                                                                                                0x00406b0d
                                                                                                                0x00406b10
                                                                                                                0x00406b13
                                                                                                                0x00406b16
                                                                                                                0x00000000
                                                                                                                0x00406b16
                                                                                                                0x00406af5
                                                                                                                0x00406af5
                                                                                                                0x00406afb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406afb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406e9a
                                                                                                                0x00406e9a
                                                                                                                0x00406ea0
                                                                                                                0x00406ea6
                                                                                                                0x00406eab
                                                                                                                0x00406eb1
                                                                                                                0x00406eb7
                                                                                                                0x00406eb9
                                                                                                                0x00406ebc
                                                                                                                0x00406ec5
                                                                                                                0x00406ecb
                                                                                                                0x00406ecb
                                                                                                                0x00406ebe
                                                                                                                0x00406ec0
                                                                                                                0x00406ec2
                                                                                                                0x00406ec2
                                                                                                                0x00406ecd
                                                                                                                0x00406ecf
                                                                                                                0x00406ed2
                                                                                                                0x00406f0d
                                                                                                                0x00406f0d
                                                                                                                0x00000000
                                                                                                                0x00406ed4
                                                                                                                0x00406ed4
                                                                                                                0x00406ed4
                                                                                                                0x00406eda
                                                                                                                0x00406edd
                                                                                                                0x00406edf
                                                                                                                0x00406f14
                                                                                                                0x00406f16
                                                                                                                0x00000000
                                                                                                                0x00406f16
                                                                                                                0x00000000
                                                                                                                0x00406edf
                                                                                                                0x00000000
                                                                                                                0x0040651e
                                                                                                                0x00406eec
                                                                                                                0x00000000
                                                                                                                0x00406eec
                                                                                                                0x00406900
                                                                                                                0x00406902
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406904
                                                                                                                0x00406904
                                                                                                                0x00406907
                                                                                                                0x00000000
                                                                                                                0x00406907
                                                                                                                0x0040684c
                                                                                                                0x0040680d
                                                                                                                0x00406ef1
                                                                                                                0x00406ef4
                                                                                                                0x00406ef6
                                                                                                                0x00406eff
                                                                                                                0x00406f05
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 82a44bc8fd526afdff965e1cd5e7f2d0a246497ca5c27b0c944ad4ba04d420dd
                                                                                                                • Instruction ID: dc39b55080118b2a9f2c57fc2b953182458e36931565741e2945480d6a34e330
                                                                                                                • Opcode Fuzzy Hash: 82a44bc8fd526afdff965e1cd5e7f2d0a246497ca5c27b0c944ad4ba04d420dd
                                                                                                                • Instruction Fuzzy Hash: D2E19A7190070ADFDB24CF58D890BAAB7F1EB44305F15842EE897A76C1D738AA95CF44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406FC4 Relevance: .3, Instructions: 300COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00406FC4(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x42d688 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x42d688;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x42d688 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                                                                                0x00406fcf
                                                                                                                0x00406fd7
                                                                                                                0x00406fdb
                                                                                                                0x00406fdd
                                                                                                                0x00406fe0
                                                                                                                0x00406fe2
                                                                                                                0x00406fe2
                                                                                                                0x00406fe4
                                                                                                                0x00406feb
                                                                                                                0x00406fed
                                                                                                                0x00406fed
                                                                                                                0x00406ff3
                                                                                                                0x00407008
                                                                                                                0x00407010
                                                                                                                0x00407012
                                                                                                                0x00407014
                                                                                                                0x00407017
                                                                                                                0x00407018
                                                                                                                0x00407018
                                                                                                                0x0040701e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00407020
                                                                                                                0x00407023
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00407023
                                                                                                                0x00407027
                                                                                                                0x0040702a
                                                                                                                0x0040702c
                                                                                                                0x0040702c
                                                                                                                0x0040702f
                                                                                                                0x00407035
                                                                                                                0x00407036
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00407036
                                                                                                                0x0040703b
                                                                                                                0x0040703e
                                                                                                                0x00407040
                                                                                                                0x00407040
                                                                                                                0x00407046
                                                                                                                0x00407048
                                                                                                                0x00407059
                                                                                                                0x0040704c
                                                                                                                0x00407050
                                                                                                                0x004072f5
                                                                                                                0x00000000
                                                                                                                0x004072f5
                                                                                                                0x00407056
                                                                                                                0x00407057
                                                                                                                0x00407057
                                                                                                                0x0040705f
                                                                                                                0x00407062
                                                                                                                0x00407066
                                                                                                                0x00407068
                                                                                                                0x0040706a
                                                                                                                0x0040706d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00407075
                                                                                                                0x0040707b
                                                                                                                0x0040707d
                                                                                                                0x0040707f
                                                                                                                0x00407080
                                                                                                                0x00407095
                                                                                                                0x00407095
                                                                                                                0x00407098
                                                                                                                0x0040709a
                                                                                                                0x0040709a
                                                                                                                0x0040709c
                                                                                                                0x004070a1
                                                                                                                0x004070a3
                                                                                                                0x004070aa
                                                                                                                0x004070ac
                                                                                                                0x004070b4
                                                                                                                0x004070b4
                                                                                                                0x004070b6
                                                                                                                0x004070b7
                                                                                                                0x004070c6
                                                                                                                0x004070ca
                                                                                                                0x004070ce
                                                                                                                0x004070d1
                                                                                                                0x004070d4
                                                                                                                0x004070d9
                                                                                                                0x004070dc
                                                                                                                0x004070e2
                                                                                                                0x004070e9
                                                                                                                0x004070ef
                                                                                                                0x004072e8
                                                                                                                0x004072e8
                                                                                                                0x004072ed
                                                                                                                0x004072fc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004072ed
                                                                                                                0x004070fc
                                                                                                                0x004070ff
                                                                                                                0x00407102
                                                                                                                0x00407105
                                                                                                                0x00407109
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00407114
                                                                                                                0x00407117
                                                                                                                0x00407118
                                                                                                                0x0040711a
                                                                                                                0x00407120
                                                                                                                0x00407123
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00407129
                                                                                                                0x0040712a
                                                                                                                0x0040712d
                                                                                                                0x00407130
                                                                                                                0x00407133
                                                                                                                0x00407139
                                                                                                                0x0040713b
                                                                                                                0x0040713b
                                                                                                                0x00407143
                                                                                                                0x00407147
                                                                                                                0x0040714c
                                                                                                                0x00407171
                                                                                                                0x00407177
                                                                                                                0x00407179
                                                                                                                0x0040717b
                                                                                                                0x0040717e
                                                                                                                0x00407187
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040714e
                                                                                                                0x0040714e
                                                                                                                0x00407157
                                                                                                                0x0040715b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040716c
                                                                                                                0x0040716c
                                                                                                                0x0040716f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040715f
                                                                                                                0x00407162
                                                                                                                0x00407164
                                                                                                                0x00407168
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040716a
                                                                                                                0x0040716a
                                                                                                                0x00000000
                                                                                                                0x0040716c
                                                                                                                0x00407190
                                                                                                                0x00407196
                                                                                                                0x004071a0
                                                                                                                0x004071a2
                                                                                                                0x004071a7
                                                                                                                0x004071a9
                                                                                                                0x004071df
                                                                                                                0x004071ab
                                                                                                                0x004071ab
                                                                                                                0x004071ae
                                                                                                                0x004071b1
                                                                                                                0x004071bb
                                                                                                                0x004071be
                                                                                                                0x004071c5
                                                                                                                0x004071d0
                                                                                                                0x004071d7
                                                                                                                0x004071d7
                                                                                                                0x004071e1
                                                                                                                0x004071e4
                                                                                                                0x004071e6
                                                                                                                0x004071ec
                                                                                                                0x004071ec
                                                                                                                0x004071f5
                                                                                                                0x004071f8
                                                                                                                0x004071fd
                                                                                                                0x0040720c
                                                                                                                0x00407214
                                                                                                                0x00407219
                                                                                                                0x0040723d
                                                                                                                0x00407245
                                                                                                                0x00407249
                                                                                                                0x0040724f
                                                                                                                0x0040721b
                                                                                                                0x00407229
                                                                                                                0x0040722c
                                                                                                                0x00407232
                                                                                                                0x00407232
                                                                                                                0x00407253
                                                                                                                0x0040720e
                                                                                                                0x0040720e
                                                                                                                0x0040720e
                                                                                                                0x00407264
                                                                                                                0x00407268
                                                                                                                0x00407274
                                                                                                                0x0040726f
                                                                                                                0x00407272
                                                                                                                0x00407272
                                                                                                                0x0040727c
                                                                                                                0x00407281
                                                                                                                0x00407289
                                                                                                                0x00407285
                                                                                                                0x00407287
                                                                                                                0x00407287
                                                                                                                0x0040728f
                                                                                                                0x00407291
                                                                                                                0x00407298
                                                                                                                0x004072a2
                                                                                                                0x004072ac
                                                                                                                0x004072c8
                                                                                                                0x004072cc
                                                                                                                0x00407111
                                                                                                                0x00407117
                                                                                                                0x00407118
                                                                                                                0x0040711a
                                                                                                                0x00407120
                                                                                                                0x00407123
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00407123
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004072ae
                                                                                                                0x004072ae
                                                                                                                0x004072ae
                                                                                                                0x004072b3
                                                                                                                0x004072bc
                                                                                                                0x004072c5
                                                                                                                0x00000000
                                                                                                                0x004072c5
                                                                                                                0x004072d2
                                                                                                                0x004072d2
                                                                                                                0x004072d5
                                                                                                                0x004072dc
                                                                                                                0x004072df
                                                                                                                0x00000000
                                                                                                                0x00407102
                                                                                                                0x00407082
                                                                                                                0x00407084
                                                                                                                0x00407084
                                                                                                                0x00407088
                                                                                                                0x0040708b
                                                                                                                0x0040708c
                                                                                                                0x0040708c
                                                                                                                0x00000000
                                                                                                                0x00407084
                                                                                                                0x00406ff8
                                                                                                                0x00406ffe
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fca4b55698b2abcc8e5cbf272b741b12ffb4e3b740e9774b5bdfc5da95159218
                                                                                                                • Instruction ID: 2f0950e66cb79552dca6b2fc49cb98149526550dbc918883d7c1b9af38c738a1
                                                                                                                • Opcode Fuzzy Hash: fca4b55698b2abcc8e5cbf272b741b12ffb4e3b740e9774b5bdfc5da95159218
                                                                                                                • Instruction Fuzzy Hash: 42C13831E042598BCF18CF68D4905EEB7B2BF99314F25827ED8567B380D734A942CB95
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404AA3 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E00404AA3(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				void* _t205;
				intOrPtr _t206;
				intOrPtr _t208;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t287;
				long _t290;
				void* _t291;
				signed int _t300;
				signed int _t308;
				void* _t309;
				void* _t310;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x42f448;
				_v28 =  *0x42f414 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x42f41d & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E004049F1(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x418 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x42f41c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x42a854; // 0x0
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x42a868; // 0x0
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x42a854 = 0;
								 *0x42a868 = 0;
								 *0x42f480 = 0;
							}
							if(_a8 != 0x40f) {
								L88:
								if(_a8 == 0x420 && ( *0x42f41d & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L91;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404A71();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_t205 =  *0x42a868; // 0x0
									_v36 = _t205;
									_t206 =  *0x42f448;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42f44c <= 0) {
										L86:
										InvalidateRect(_v8, 0, 1);
										_t208 =  *0x42ebdc; // 0x684cf5
										if( *((intOrPtr*)(_t208 + 0x10)) != 0) {
											E004049AC(0x3ff, 0xfffffffb, E004049C4(5));
										}
										goto L88;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x106]);
									} while (_v24 <  *0x42f44c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x42a868);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L91;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L91;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x42f480 = _a4;
					_v20 = 2;
					 *0x42a868 = GlobalAlloc(0x40,  *0x42f44c << 2);
					_t264 = LoadImageA( *0x42f400, 0x6e, 0, 0, 0, 0);
					 *0x42a85c =  *0x42a85c | 0xffffffff;
					_v16 = _t264;
					 *0x42a864 = SetWindowLongA(_v8, 0xfffffffc, E004050AB);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x42a854 = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x42a854);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E00406032(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E0040409E(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E0040409E(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x42f44c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										_t287 = SendMessageA(_v8, 0x1100, 0,  &_v88);
										_t309 =  *0x42a868; // 0x0
										 *(_t309 + _t329 * 4) = _t287;
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_t310 =  *0x42a868; // 0x0
									_v36 = 1;
									 *(_t310 + _t329 * 4) = _t290;
									_t291 =  *0x42a868; // 0x0
									_v16 =  *(_t291 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x418]);
							_v32 = _t316;
						} while (_t329 <  *0x42f44c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004040D3(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004040D3(_v12);
								L91:
								return E00404105(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}































































                                                                                                                0x00404ac1
                                                                                                                0x00404ac9
                                                                                                                0x00404ad1
                                                                                                                0x00404ad7
                                                                                                                0x00404aef
                                                                                                                0x00404af2
                                                                                                                0x00404af3
                                                                                                                0x00404d20
                                                                                                                0x00404d27
                                                                                                                0x00404d3b
                                                                                                                0x00404d29
                                                                                                                0x00404d2b
                                                                                                                0x00404d2e
                                                                                                                0x00404d2f
                                                                                                                0x00404d36
                                                                                                                0x00404d36
                                                                                                                0x00404d47
                                                                                                                0x00404d55
                                                                                                                0x00404d58
                                                                                                                0x00404d6e
                                                                                                                0x00404de3
                                                                                                                0x00404de6
                                                                                                                0x00404de8
                                                                                                                0x00404df2
                                                                                                                0x00404e00
                                                                                                                0x00404e00
                                                                                                                0x00404e02
                                                                                                                0x00404e0c
                                                                                                                0x00404e12
                                                                                                                0x00404e15
                                                                                                                0x00404e18
                                                                                                                0x00404e33
                                                                                                                0x00404e1a
                                                                                                                0x00404e24
                                                                                                                0x00404e24
                                                                                                                0x00404e18
                                                                                                                0x00404e0c
                                                                                                                0x00000000
                                                                                                                0x00404de6
                                                                                                                0x00404d73
                                                                                                                0x00404d7e
                                                                                                                0x00404d83
                                                                                                                0x00404d8a
                                                                                                                0x00404d8f
                                                                                                                0x00404d93
                                                                                                                0x00404d9e
                                                                                                                0x00404d9e
                                                                                                                0x00404da2
                                                                                                                0x00404da6
                                                                                                                0x00404daa
                                                                                                                0x00404dbd
                                                                                                                0x00404dac
                                                                                                                0x00404dac
                                                                                                                0x00404db3
                                                                                                                0x00404db9
                                                                                                                0x00404db5
                                                                                                                0x00404db5
                                                                                                                0x00404db5
                                                                                                                0x00404db3
                                                                                                                0x00404dc1
                                                                                                                0x00404dc3
                                                                                                                0x00404dd6
                                                                                                                0x00404dd9
                                                                                                                0x00404ddc
                                                                                                                0x00404ddc
                                                                                                                0x00404da6
                                                                                                                0x00000000
                                                                                                                0x00404d93
                                                                                                                0x00404d75
                                                                                                                0x00404d7c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404e36
                                                                                                                0x00404e36
                                                                                                                0x00404e3d
                                                                                                                0x00404eae
                                                                                                                0x00404eb6
                                                                                                                0x00404ebe
                                                                                                                0x00404ebe
                                                                                                                0x00404ec7
                                                                                                                0x00404ec9
                                                                                                                0x00404ed0
                                                                                                                0x00404ed3
                                                                                                                0x00404ed3
                                                                                                                0x00404ed9
                                                                                                                0x00404ee0
                                                                                                                0x00404ee3
                                                                                                                0x00404ee3
                                                                                                                0x00404ee9
                                                                                                                0x00404eef
                                                                                                                0x00404ef5
                                                                                                                0x00404ef5
                                                                                                                0x00404f02
                                                                                                                0x00405058
                                                                                                                0x0040505f
                                                                                                                0x0040507c
                                                                                                                0x00405082
                                                                                                                0x00405094
                                                                                                                0x00405094
                                                                                                                0x00000000
                                                                                                                0x00404f08
                                                                                                                0x00404f0a
                                                                                                                0x00404f0f
                                                                                                                0x00404f14
                                                                                                                0x00404f19
                                                                                                                0x00404f1b
                                                                                                                0x00404f1b
                                                                                                                0x00404f1c
                                                                                                                0x00404f1d
                                                                                                                0x00404f1f
                                                                                                                0x00404f1f
                                                                                                                0x00404f27
                                                                                                                0x00404f68
                                                                                                                0x00404f6a
                                                                                                                0x00404f6f
                                                                                                                0x00404f7a
                                                                                                                0x00404f7d
                                                                                                                0x00404f82
                                                                                                                0x00404f89
                                                                                                                0x00404f8c
                                                                                                                0x0040502e
                                                                                                                0x00405034
                                                                                                                0x0040503a
                                                                                                                0x00405042
                                                                                                                0x00405053
                                                                                                                0x00405053
                                                                                                                0x00000000
                                                                                                                0x00405042
                                                                                                                0x00404f92
                                                                                                                0x00404f95
                                                                                                                0x00404f9b
                                                                                                                0x00404fa0
                                                                                                                0x00404fa2
                                                                                                                0x00404fa4
                                                                                                                0x00404faa
                                                                                                                0x00404fb1
                                                                                                                0x00404fb6
                                                                                                                0x00404fbd
                                                                                                                0x00404fc0
                                                                                                                0x00404fc0
                                                                                                                0x00404fc7
                                                                                                                0x00404fd3
                                                                                                                0x00404fd7
                                                                                                                0x00404fd9
                                                                                                                0x00404fd9
                                                                                                                0x00404fc9
                                                                                                                0x00404fcb
                                                                                                                0x00404fcb
                                                                                                                0x00404ff9
                                                                                                                0x00405005
                                                                                                                0x00405014
                                                                                                                0x00405014
                                                                                                                0x00405016
                                                                                                                0x00405019
                                                                                                                0x00405022
                                                                                                                0x00000000
                                                                                                                0x00404f29
                                                                                                                0x00404f34
                                                                                                                0x00404f37
                                                                                                                0x00404f3c
                                                                                                                0x00404f3e
                                                                                                                0x00404f42
                                                                                                                0x00404f52
                                                                                                                0x00404f5c
                                                                                                                0x00404f5e
                                                                                                                0x00404f61
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404f44
                                                                                                                0x00404f44
                                                                                                                0x00404f4a
                                                                                                                0x00404f4c
                                                                                                                0x00404f4c
                                                                                                                0x00404f4d
                                                                                                                0x00404f4e
                                                                                                                0x00000000
                                                                                                                0x00404f44
                                                                                                                0x00404f27
                                                                                                                0x00404f02
                                                                                                                0x00404e45
                                                                                                                0x00000000
                                                                                                                0x00404e5b
                                                                                                                0x00404e65
                                                                                                                0x00404e6a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404e7c
                                                                                                                0x00404e81
                                                                                                                0x00404e8d
                                                                                                                0x00404e8d
                                                                                                                0x00404e8f
                                                                                                                0x00404e9e
                                                                                                                0x00404ea0
                                                                                                                0x00404ea4
                                                                                                                0x00404ea7
                                                                                                                0x00000000
                                                                                                                0x00404ea7
                                                                                                                0x00404e45
                                                                                                                0x00404af9
                                                                                                                0x00404afc
                                                                                                                0x00404aff
                                                                                                                0x00404b0f
                                                                                                                0x00404b22
                                                                                                                0x00404b2d
                                                                                                                0x00404b33
                                                                                                                0x00404b41
                                                                                                                0x00404b54
                                                                                                                0x00404b59
                                                                                                                0x00404b64
                                                                                                                0x00404b6d
                                                                                                                0x00404b83
                                                                                                                0x00404b93
                                                                                                                0x00404b9f
                                                                                                                0x00404b9f
                                                                                                                0x00404ba4
                                                                                                                0x00404baa
                                                                                                                0x00404bac
                                                                                                                0x00404baf
                                                                                                                0x00404bb4
                                                                                                                0x00404bb9
                                                                                                                0x00404bbb
                                                                                                                0x00404bbb
                                                                                                                0x00404bdb
                                                                                                                0x00404bdb
                                                                                                                0x00404bdd
                                                                                                                0x00404bde
                                                                                                                0x00404be3
                                                                                                                0x00404be9
                                                                                                                0x00404bed
                                                                                                                0x00404bf2
                                                                                                                0x00404bfa
                                                                                                                0x00404bfe
                                                                                                                0x00404c03
                                                                                                                0x00404c08
                                                                                                                0x00404c10
                                                                                                                0x00404c13
                                                                                                                0x00404ce2
                                                                                                                0x00404cf5
                                                                                                                0x00000000
                                                                                                                0x00404c19
                                                                                                                0x00404c1c
                                                                                                                0x00404c1f
                                                                                                                0x00404c22
                                                                                                                0x00404c22
                                                                                                                0x00404c27
                                                                                                                0x00404c30
                                                                                                                0x00404c33
                                                                                                                0x00404c37
                                                                                                                0x00404c3a
                                                                                                                0x00404c3d
                                                                                                                0x00404c46
                                                                                                                0x00404c4f
                                                                                                                0x00404c52
                                                                                                                0x00404c55
                                                                                                                0x00404c58
                                                                                                                0x00404c96
                                                                                                                0x00404cb9
                                                                                                                0x00404cbb
                                                                                                                0x00404cc1
                                                                                                                0x00404c98
                                                                                                                0x00404ca7
                                                                                                                0x00404ca7
                                                                                                                0x00404c5a
                                                                                                                0x00404c5d
                                                                                                                0x00404c6b
                                                                                                                0x00404c75
                                                                                                                0x00404c77
                                                                                                                0x00404c7d
                                                                                                                0x00404c84
                                                                                                                0x00404c87
                                                                                                                0x00404c8f
                                                                                                                0x00404c8f
                                                                                                                0x00404c58
                                                                                                                0x00404cc7
                                                                                                                0x00404cc8
                                                                                                                0x00404cd4
                                                                                                                0x00404cd4
                                                                                                                0x00404ce0
                                                                                                                0x00404cfb
                                                                                                                0x00404cfe
                                                                                                                0x00404d1b
                                                                                                                0x00000000
                                                                                                                0x00404d00
                                                                                                                0x00404d05
                                                                                                                0x00404d0e
                                                                                                                0x00405096
                                                                                                                0x004050a8
                                                                                                                0x004050a8
                                                                                                                0x00404cfe
                                                                                                                0x00000000
                                                                                                                0x00404ce0
                                                                                                                0x00404c13

                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32 ref: 00404ABA
                                                                                                                • GetDlgItem.USER32 ref: 00404AC7
                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404B16
                                                                                                                • LoadImageA.USER32 ref: 00404B2D
                                                                                                                • SetWindowLongA.USER32 ref: 00404B47
                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404B59
                                                                                                                • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404B6D
                                                                                                                • SendMessageA.USER32(?,00001109,00000002), ref: 00404B83
                                                                                                                • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404B8F
                                                                                                                • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404B9F
                                                                                                                • DeleteObject.GDI32(00000110), ref: 00404BA4
                                                                                                                • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404BCF
                                                                                                                • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404BDB
                                                                                                                • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404C75
                                                                                                                • SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404CA5
                                                                                                                  • Part of subcall function 004040D3: SendMessageA.USER32(00000028,?,00000001,00403F03), ref: 004040E1
                                                                                                                • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404CB9
                                                                                                                • GetWindowLongA.USER32 ref: 00404CE7
                                                                                                                • SetWindowLongA.USER32 ref: 00404CF5
                                                                                                                • ShowWindow.USER32(?,00000005), ref: 00404D05
                                                                                                                • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404E00
                                                                                                                • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404E65
                                                                                                                • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404E7A
                                                                                                                • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404E9E
                                                                                                                • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404EBE
                                                                                                                • ImageList_Destroy.COMCTL32(00000000), ref: 00404ED3
                                                                                                                • GlobalFree.KERNEL32 ref: 00404EE3
                                                                                                                • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404F5C
                                                                                                                • SendMessageA.USER32(?,00001102,?,?), ref: 00405005
                                                                                                                • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00405014
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00405034
                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00405082
                                                                                                                • GetDlgItem.USER32 ref: 0040508D
                                                                                                                • ShowWindow.USER32(00000000), ref: 00405094
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                • String ID: $M$N
                                                                                                                • API String ID: 2564846305-813528018
                                                                                                                • Opcode ID: 7979eb89c2ba789210c478efbd40ca5770d0cf58fb7a2a7deeb4f629e08dd5c3
                                                                                                                • Instruction ID: b93138f0eedc2449d1e9bfda9be5258a8e47cdb0f0c7c2118b7039f3366b9e37
                                                                                                                • Opcode Fuzzy Hash: 7979eb89c2ba789210c478efbd40ca5770d0cf58fb7a2a7deeb4f629e08dd5c3
                                                                                                                • Instruction Fuzzy Hash: AA026EB0900209AFEB20DFA5DD45AAE7BB5FB44314F14813AF614B62E0C7799D52CF58
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404209 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E00404209(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				intOrPtr _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				signed int _t106;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L11:
						__eflags = _a8 - 0x4e;
						if(_a8 != 0x4e) {
							__eflags = _a8 - 0x40b;
							if(_a8 == 0x40b) {
								 *0x42983c =  *0x42983c + 1;
								__eflags =  *0x42983c;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00404105(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x70b;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b) {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x201;
							if( *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
								_t100 =  *((intOrPtr*)(_t110 + 0x1c));
								_t109 =  *((intOrPtr*)(_t110 + 0x18));
								_v12 = _t100;
								__eflags = _t100 - _t109 - 0x800;
								_v16 = _t109;
								_v8 = 0x42e3a0;
								if(_t100 - _t109 < 0x800) {
									SendMessageA(_t52, 0x44b, 0,  &_v16);
									SetCursor(LoadCursorA(0, 0x7f02));
									_push(1);
									E004044AD(_a4, _v8);
									SetCursor(LoadCursorA(0, 0x7f00));
									_t110 = _a16;
								}
							}
						}
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x700;
						if( *((intOrPtr*)(_t110 + 8)) != 0x700) {
							goto L26;
						} else {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x100;
							if( *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
								goto L26;
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0xd;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x42f408, 0x111, 1, 0);
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0x1b;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x42f408, 0x10, 0, 0);
							}
							return 1;
						}
					}
					__eflags = _a12 >> 0x10;
					if(_a12 >> 0x10 != 0) {
						goto L25;
					}
					__eflags =  *0x42983c; // 0x0
					if(__eflags != 0) {
						goto L25;
					}
					_t103 =  *0x42a048; // 0x678964
					_t25 = _t103 + 0x14; // 0x678978
					_t112 = _t25;
					__eflags =  *_t112 & 0x00000020;
					if(( *_t112 & 0x00000020) == 0) {
						goto L25;
					}
					_t106 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
					__eflags = _t106;
					 *_t112 = _t106;
					E004040C0(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
					E00404489();
					goto L11;
				} else {
					_t98 = _a16;
					_t113 =  *(_t98 + 0x30);
					if(_t113 < 0) {
						_t107 =  *0x42ebdc; // 0x684cf5
						_t113 =  *(_t107 - 4 + _t113 * 4);
					}
					_push( *((intOrPtr*)(_t98 + 0x34)));
					_t114 = _t113 +  *0x42f458;
					_push(0x22);
					_a16 =  *_t114;
					_v12 = _v12 & 0x00000000;
					_t115 = _t114 + 1;
					_v16 = _t115;
					_v8 = E004041D4;
					E0040409E(_a4);
					_push( *((intOrPtr*)(_t98 + 0x38)));
					_push(0x23);
					E0040409E(_a4);
					CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
					E004040C0( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
					_t99 = GetDlgItem(_a4, 0x3e8);
					E004040D3(_t99);
					SendMessageA(_t99, 0x45b, 1, 0);
					_t86 =  *( *0x42f414 + 0x68);
					if(_t86 < 0) {
						_t86 = GetSysColor( ~_t86);
					}
					SendMessageA(_t99, 0x443, 0, _t86);
					SendMessageA(_t99, 0x445, 0, 0x4010000);
					SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
					 *0x42983c = 0;
					SendMessageA(_t99, 0x449, _a16,  &_v16);
					 *0x42983c = 0;
					return 0;
				}
			}




















                                                                                                                0x00404219
                                                                                                                0x0040432b
                                                                                                                0x0040433e
                                                                                                                0x0040439a
                                                                                                                0x0040439a
                                                                                                                0x0040439e
                                                                                                                0x00404464
                                                                                                                0x0040446b
                                                                                                                0x0040446d
                                                                                                                0x0040446d
                                                                                                                0x0040446d
                                                                                                                0x00404473
                                                                                                                0x00404473
                                                                                                                0x00404476
                                                                                                                0x00000000
                                                                                                                0x0040447d
                                                                                                                0x004043ac
                                                                                                                0x004043ae
                                                                                                                0x004043b1
                                                                                                                0x004043b8
                                                                                                                0x004043ba
                                                                                                                0x004043c1
                                                                                                                0x004043c3
                                                                                                                0x004043c6
                                                                                                                0x004043c9
                                                                                                                0x004043ce
                                                                                                                0x004043d4
                                                                                                                0x004043d7
                                                                                                                0x004043de
                                                                                                                0x004043ec
                                                                                                                0x00404404
                                                                                                                0x00404406
                                                                                                                0x0040440e
                                                                                                                0x0040441d
                                                                                                                0x0040441f
                                                                                                                0x0040441f
                                                                                                                0x004043de
                                                                                                                0x004043c1
                                                                                                                0x00404422
                                                                                                                0x00404429
                                                                                                                0x00000000
                                                                                                                0x0040442b
                                                                                                                0x0040442b
                                                                                                                0x00404432
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404434
                                                                                                                0x00404438
                                                                                                                0x00404449
                                                                                                                0x00404449
                                                                                                                0x0040444b
                                                                                                                0x0040444f
                                                                                                                0x0040445d
                                                                                                                0x0040445d
                                                                                                                0x00000000
                                                                                                                0x00404461
                                                                                                                0x00404429
                                                                                                                0x00404346
                                                                                                                0x00404349
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404351
                                                                                                                0x00404357
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040435d
                                                                                                                0x00404363
                                                                                                                0x00404363
                                                                                                                0x00404366
                                                                                                                0x00404369
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040438c
                                                                                                                0x0040438c
                                                                                                                0x0040438e
                                                                                                                0x00404390
                                                                                                                0x00404395
                                                                                                                0x00000000
                                                                                                                0x0040421f
                                                                                                                0x0040421f
                                                                                                                0x00404222
                                                                                                                0x00404227
                                                                                                                0x00404229
                                                                                                                0x00404238
                                                                                                                0x00404238
                                                                                                                0x0040423f
                                                                                                                0x00404242
                                                                                                                0x00404244
                                                                                                                0x00404249
                                                                                                                0x00404252
                                                                                                                0x00404258
                                                                                                                0x00404264
                                                                                                                0x00404267
                                                                                                                0x00404270
                                                                                                                0x00404275
                                                                                                                0x00404278
                                                                                                                0x0040427d
                                                                                                                0x00404294
                                                                                                                0x0040429b
                                                                                                                0x004042ae
                                                                                                                0x004042b1
                                                                                                                0x004042c6
                                                                                                                0x004042cd
                                                                                                                0x004042d2
                                                                                                                0x004042d7
                                                                                                                0x004042d7
                                                                                                                0x004042e6
                                                                                                                0x004042f5
                                                                                                                0x00404307
                                                                                                                0x0040430c
                                                                                                                0x0040431c
                                                                                                                0x0040431e
                                                                                                                0x00000000
                                                                                                                0x00404324

                                                                                                                APIs
                                                                                                                • CheckDlgButton.USER32 ref: 00404294
                                                                                                                • GetDlgItem.USER32 ref: 004042A8
                                                                                                                • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004042C6
                                                                                                                • GetSysColor.USER32(?), ref: 004042D7
                                                                                                                • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004042E6
                                                                                                                • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004042F5
                                                                                                                • lstrlenA.KERNEL32(?), ref: 004042F8
                                                                                                                • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404307
                                                                                                                • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040431C
                                                                                                                • GetDlgItem.USER32 ref: 0040437E
                                                                                                                • SendMessageA.USER32(00000000), ref: 00404381
                                                                                                                • GetDlgItem.USER32 ref: 004043AC
                                                                                                                • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004043EC
                                                                                                                • LoadCursorA.USER32 ref: 004043FB
                                                                                                                • SetCursor.USER32(00000000), ref: 00404404
                                                                                                                • LoadCursorA.USER32 ref: 0040441A
                                                                                                                • SetCursor.USER32(00000000), ref: 0040441D
                                                                                                                • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404449
                                                                                                                • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040445D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                • String ID: N$Remove folder:
                                                                                                                • API String ID: 3103080414-3051863454
                                                                                                                • Opcode ID: 448c26d367fa4ce24fea73f86f3c1ebcb169a2680b3cc918c82a0762cc84cb42
                                                                                                                • Instruction ID: e1855738532d9be41fcebd9a9c4146cd0e241e622fdf0fb061f71f1fb699f553
                                                                                                                • Opcode Fuzzy Hash: 448c26d367fa4ce24fea73f86f3c1ebcb169a2680b3cc918c82a0762cc84cb42
                                                                                                                • Instruction Fuzzy Hash: 2661A4B1A40208BFDB109F61DD45F6A7B69FB84314F00803AFB057A1D1C7B8A952CF98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42f414;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "Wildix Integration Service v3.11.3 Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42f408;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                                                0x0040100a
                                                                                                                0x00401039
                                                                                                                0x00401047
                                                                                                                0x0040104d
                                                                                                                0x00401051
                                                                                                                0x0040105b
                                                                                                                0x00401061
                                                                                                                0x00401064
                                                                                                                0x004010f3
                                                                                                                0x00401089
                                                                                                                0x0040108c
                                                                                                                0x004010a6
                                                                                                                0x004010bd
                                                                                                                0x004010cc
                                                                                                                0x004010cf
                                                                                                                0x004010d5
                                                                                                                0x004010d9
                                                                                                                0x004010e4
                                                                                                                0x004010ed
                                                                                                                0x004010ef
                                                                                                                0x004010ef
                                                                                                                0x00401100
                                                                                                                0x00401105
                                                                                                                0x0040110d
                                                                                                                0x00401110
                                                                                                                0x00401112
                                                                                                                0x00401118
                                                                                                                0x0040111f
                                                                                                                0x00401126
                                                                                                                0x00401130
                                                                                                                0x00401142
                                                                                                                0x00401156
                                                                                                                0x00401160
                                                                                                                0x00401165
                                                                                                                0x00401165
                                                                                                                0x00401110
                                                                                                                0x0040116e
                                                                                                                0x00000000
                                                                                                                0x00401178
                                                                                                                0x00401010
                                                                                                                0x00401013
                                                                                                                0x00401015
                                                                                                                0x0040101f
                                                                                                                0x0040101f
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                • GetClientRect.USER32 ref: 0040105B
                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                • FillRect.USER32 ref: 004010E4
                                                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                • DrawTextA.USER32(00000000,Wildix Integration Service v3.11.3 Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                • String ID: F$Wildix Integration Service v3.11.3 Setup
                                                                                                                • API String ID: 941294808-2318693128
                                                                                                                • Opcode ID: 7b2e9886d4a0a86190cfd2eb73994447d751dd60ad8b28ccd238e082d53d4ecc
                                                                                                                • Instruction ID: a83fe4be3842045fa55e49ef5e4516223b86fcdf0b70f1128ddfc4a40beffe79
                                                                                                                • Opcode Fuzzy Hash: 7b2e9886d4a0a86190cfd2eb73994447d751dd60ad8b28ccd238e082d53d4ecc
                                                                                                                • Instruction Fuzzy Hash: 48418C71400209AFCB058FA5DE459BF7BB9FF45314F00842EF9A1AA1A0C7749955DFA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405C7F Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405C7F(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x42c600 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameA( *(_t52 + 0x1c), 0x42ca00, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x42c200, "%s=%s\r\n", 0x42c600, 0x42ca00);
						_t53 = _t52 + 0x10;
						E00406032(_t37, 0x400, 0x42ca00, 0x42ca00,  *((intOrPtr*)( *0x42f414 + 0x128)));
						_t12 = E00405BA9(0x42ca00, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405C21(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405B0E(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405B0E(_t38, _t21 + 0xa, 0x40a3b8);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405B64(_t24 + _t46, 0x42c200, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405C50(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405BA9(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x42c600, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                                                0x00405c7f
                                                                                                                0x00405c88
                                                                                                                0x00405c8f
                                                                                                                0x00405ca3
                                                                                                                0x00405ccb
                                                                                                                0x00405cd6
                                                                                                                0x00405cda
                                                                                                                0x00405cfa
                                                                                                                0x00405d01
                                                                                                                0x00405d0b
                                                                                                                0x00405d18
                                                                                                                0x00405d1d
                                                                                                                0x00405d22
                                                                                                                0x00405d26
                                                                                                                0x00405d35
                                                                                                                0x00405d37
                                                                                                                0x00405d44
                                                                                                                0x00405d48
                                                                                                                0x00405de3
                                                                                                                0x00000000
                                                                                                                0x00405d5e
                                                                                                                0x00405d6b
                                                                                                                0x00405d8f
                                                                                                                0x00405d93
                                                                                                                0x00405db2
                                                                                                                0x00405db6
                                                                                                                0x00405db6
                                                                                                                0x00405db8
                                                                                                                0x00405dc1
                                                                                                                0x00405dcc
                                                                                                                0x00405dd7
                                                                                                                0x00405ddd
                                                                                                                0x00000000
                                                                                                                0x00405ddd
                                                                                                                0x00405d95
                                                                                                                0x00405d98
                                                                                                                0x00405da3
                                                                                                                0x00405d9f
                                                                                                                0x00405da1
                                                                                                                0x00405da2
                                                                                                                0x00405da2
                                                                                                                0x00405daa
                                                                                                                0x00405dac
                                                                                                                0x00000000
                                                                                                                0x00405dac
                                                                                                                0x00405d76
                                                                                                                0x00405d7c
                                                                                                                0x00000000
                                                                                                                0x00405d7c
                                                                                                                0x00405d48
                                                                                                                0x00405d26
                                                                                                                0x00405ca5
                                                                                                                0x00405cb0
                                                                                                                0x00405cb9
                                                                                                                0x00405cbd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405cbd
                                                                                                                0x00405dee

                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405E10,?,?), ref: 00405CB0
                                                                                                                • GetShortPathNameA.KERNEL32 ref: 00405CB9
                                                                                                                  • Part of subcall function 00405B0E: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B1E
                                                                                                                  • Part of subcall function 00405B0E: lstrlenA.KERNEL32(00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B50
                                                                                                                • GetShortPathNameA.KERNEL32 ref: 00405CD6
                                                                                                                • wsprintfA.USER32 ref: 00405CF4
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,0042CA00,C0000000,00000004,0042CA00,?,?,?,?,?), ref: 00405D2F
                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405D3E
                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D76
                                                                                                                • SetFilePointer.KERNEL32(0040A3B8,00000000,00000000,00000000,00000000,0042C200,00000000,-0000000A,0040A3B8,00000000,[Rename],00000000,00000000,00000000), ref: 00405DCC
                                                                                                                • GlobalFree.KERNEL32 ref: 00405DDD
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405DE4
                                                                                                                  • Part of subcall function 00405BA9: GetFileAttributesA.KERNELBASE(00000003,00402E04,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405BAD
                                                                                                                  • Part of subcall function 00405BA9: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BCF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                • String ID: %s=%s$[Rename]
                                                                                                                • API String ID: 2171350718-1727408572
                                                                                                                • Opcode ID: f77fbfde1968c6cc6d109ac9641d83ed14e9d60a65f6ef3fc352fd67b9dcf635
                                                                                                                • Instruction ID: 5f10e72b046bb4c3808544f3b96a1b07f09bbbda3d3e46611c613b54f85f09c3
                                                                                                                • Opcode Fuzzy Hash: f77fbfde1968c6cc6d109ac9641d83ed14e9d60a65f6ef3fc352fd67b9dcf635
                                                                                                                • Instruction Fuzzy Hash: F631F231600B15ABD2207BA59D4DFAB3A6CDF42754F14443BFA01F62D2DA7CE8058ABD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040627A Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040627A(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405A15(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004059D3("*?|<>/\":", _t5))) == 0) {
							E00405B64(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                0x0040627c
                                                                                                                0x00406284
                                                                                                                0x00406298
                                                                                                                0x00406298
                                                                                                                0x0040629e
                                                                                                                0x004062ab
                                                                                                                0x004062ab
                                                                                                                0x004062ac
                                                                                                                0x004062ae
                                                                                                                0x004062b2
                                                                                                                0x004062b4
                                                                                                                0x004062bd
                                                                                                                0x004062bf
                                                                                                                0x004062d9
                                                                                                                0x004062e1
                                                                                                                0x004062e1
                                                                                                                0x004062e6
                                                                                                                0x004062e8
                                                                                                                0x004062ea
                                                                                                                0x004062ee
                                                                                                                0x004062ef
                                                                                                                0x004062f2
                                                                                                                0x004062fa
                                                                                                                0x004062fc
                                                                                                                0x00406300
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406306
                                                                                                                0x0040630b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040630b
                                                                                                                0x00406310

                                                                                                                APIs
                                                                                                                • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SetupWIService.exe",7476FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062D2
                                                                                                                • CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004062DF
                                                                                                                • CharNextA.USER32(?,"C:\Users\user\Desktop\SetupWIService.exe",7476FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062E4
                                                                                                                • CharPrevA.USER32(?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062F4
                                                                                                                Strings
                                                                                                                • "C:\Users\user\Desktop\SetupWIService.exe", xrefs: 004062B6
                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 0040627B
                                                                                                                • *?|<>/":, xrefs: 004062C2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Char$Next$Prev
                                                                                                                • String ID: "C:\Users\user\Desktop\SetupWIService.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                • API String ID: 589700163-365024208
                                                                                                                • Opcode ID: a4ab23b94a56fbb4e4ab915d6a0181bd243ee2e30b5e95404a857257d08c8b81
                                                                                                                • Instruction ID: 6247d5b4c7038ff51e561e9c2f84ae45375c8bcee8d01d3c6d5c321a6abb2e6d
                                                                                                                • Opcode Fuzzy Hash: a4ab23b94a56fbb4e4ab915d6a0181bd243ee2e30b5e95404a857257d08c8b81
                                                                                                                • Instruction Fuzzy Hash: 2211E95180479029EB3226246C40BBB7F884F97751F1A00BFE8C2722C1C67C5C52867D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404105 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00404105(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                                                0x00404117
                                                                                                                0x004041cd
                                                                                                                0x00000000
                                                                                                                0x004041cd
                                                                                                                0x00404128
                                                                                                                0x0040412c
                                                                                                                0x00000000
                                                                                                                0x00404146
                                                                                                                0x00404146
                                                                                                                0x0040414f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404151
                                                                                                                0x0040415d
                                                                                                                0x00404160
                                                                                                                0x00404160
                                                                                                                0x00404166
                                                                                                                0x0040416c
                                                                                                                0x0040416c
                                                                                                                0x00404178
                                                                                                                0x0040417e
                                                                                                                0x00404185
                                                                                                                0x00404188
                                                                                                                0x0040418b
                                                                                                                0x0040418d
                                                                                                                0x0040418d
                                                                                                                0x00404195
                                                                                                                0x0040419b
                                                                                                                0x0040419b
                                                                                                                0x004041a5
                                                                                                                0x004041aa
                                                                                                                0x004041ad
                                                                                                                0x004041b2
                                                                                                                0x004041b5
                                                                                                                0x004041b5
                                                                                                                0x004041c5
                                                                                                                0x004041c5
                                                                                                                0x00000000
                                                                                                                0x004041c8

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2320649405-0
                                                                                                                • Opcode ID: 2fd397ab70c88e7053abfa2b1889d7e6adf273714bf8f91ffd366fbe1d5efa4b
                                                                                                                • Instruction ID: 549509973aaa983cd2a57f184cdff44cbcc336d3318ba047a0b32752f088f93e
                                                                                                                • Opcode Fuzzy Hash: 2fd397ab70c88e7053abfa2b1889d7e6adf273714bf8f91ffd366fbe1d5efa4b
                                                                                                                • Instruction Fuzzy Hash: 7D2162715007049BCB219F68DD4CB5BBBF8AF91714B048A3EEA96A66E0C734E984CB54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004049F1 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004049F1(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                0x004049ff
                                                                                                                0x00404a0c
                                                                                                                0x00404a12
                                                                                                                0x00404a50
                                                                                                                0x00404a50
                                                                                                                0x00404a5f
                                                                                                                0x00404a66
                                                                                                                0x00000000
                                                                                                                0x00404a68
                                                                                                                0x00404a14
                                                                                                                0x00404a23
                                                                                                                0x00404a2b
                                                                                                                0x00404a2e
                                                                                                                0x00404a40
                                                                                                                0x00404a46
                                                                                                                0x00404a4d
                                                                                                                0x00000000
                                                                                                                0x00404a4d
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404A0C
                                                                                                                • GetMessagePos.USER32 ref: 00404A14
                                                                                                                • ScreenToClient.USER32 ref: 00404A2E
                                                                                                                • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404A40
                                                                                                                • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404A66
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                • String ID: f
                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                • Opcode ID: b233b2991907e98a40282691d164461162982266b543cde43f51771bab81e11a
                                                                                                                • Instruction ID: dd2724b276b0829887a11dc4f26b79c7971af77995a7330ace4ae867cc8e4813
                                                                                                                • Opcode Fuzzy Hash: b233b2991907e98a40282691d164461162982266b543cde43f51771bab81e11a
                                                                                                                • Instruction Fuzzy Hash: 4B018071940218BADB00DB94DD81BFEBBB8AF95711F10412BBA11B61C0C7B455018FA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401DFF Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E00401DFF(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402B0A(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40b818->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b828 = E00402B0A(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x24));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40b82f = 1;
				 *0x40b82c = _t15 & 0x00000001;
				 *0x40b82d = _t15 & 0x00000002;
				 *0x40b82e = _t15 & 0x00000004;
				E00406032(_t9, _t31, _t33, "MS Shell Dlg",  *((intOrPtr*)(_t35 - 0x30)));
				_t18 = CreateFontIndirectA(0x40b818);
				_push(_t18);
				_push(_t33);
				E00405F6E();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                                                0x00401dff
                                                                                                                0x00401e0a
                                                                                                                0x00401e0c
                                                                                                                0x00401e19
                                                                                                                0x00401e30
                                                                                                                0x00401e35
                                                                                                                0x00401e42
                                                                                                                0x00401e47
                                                                                                                0x00401e4b
                                                                                                                0x00401e56
                                                                                                                0x00401e5d
                                                                                                                0x00401e6f
                                                                                                                0x00401e75
                                                                                                                0x00401e7a
                                                                                                                0x00401e84
                                                                                                                0x004025e4
                                                                                                                0x00401569
                                                                                                                0x00402960
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • GetDC.USER32(?), ref: 00401E02
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E1C
                                                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401E24
                                                                                                                • ReleaseDC.USER32 ref: 00401E35
                                                                                                                • CreateFontIndirectA.GDI32(0040B818), ref: 00401E84
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                • String ID: MS Shell Dlg
                                                                                                                • API String ID: 3808545654-76309092
                                                                                                                • Opcode ID: 4e2ac4968fbcfc45df335883300c5f964cad547b4711af948e6fa709055a9030
                                                                                                                • Instruction ID: a7e809a5f5c9b27870585acda152ffb90eb46fec6a88876af75f69e410eeec04
                                                                                                                • Opcode Fuzzy Hash: 4e2ac4968fbcfc45df335883300c5f964cad547b4711af948e6fa709055a9030
                                                                                                                • Instruction Fuzzy Hash: A6015672544240AFD7016B74AE4ABA93FB8EB59305F108839F141B61F2C7750505CB9C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402CDD Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00402CDD(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x41d420; // 0xd393bc
					_t11 =  *0x42942c; // 0xd3bcf0
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                                0x00402cea
                                                                                                                0x00402cf8
                                                                                                                0x00402cfe
                                                                                                                0x00402cfe
                                                                                                                0x00402d0c
                                                                                                                0x00402d0e
                                                                                                                0x00402d14
                                                                                                                0x00402d1b
                                                                                                                0x00402d1d
                                                                                                                0x00402d1d
                                                                                                                0x00402d33
                                                                                                                0x00402d43
                                                                                                                0x00402d55
                                                                                                                0x00402d55
                                                                                                                0x00402d5d

                                                                                                                APIs
                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402CF8
                                                                                                                • MulDiv.KERNEL32(00D393BC,00000064,00D3BCF0), ref: 00402D23
                                                                                                                • wsprintfA.USER32 ref: 00402D33
                                                                                                                • SetWindowTextA.USER32(?,?), ref: 00402D43
                                                                                                                • SetDlgItemTextA.USER32 ref: 00402D55
                                                                                                                Strings
                                                                                                                • verifying installer: %d%%, xrefs: 00402D2D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                • String ID: verifying installer: %d%%
                                                                                                                • API String ID: 1451636040-82062127
                                                                                                                • Opcode ID: f8f7fb574b01a37347c2b5a7030e5195f98b1542352a9ab3f35e70a1f9b9ac5a
                                                                                                                • Instruction ID: 025fba79a5afffe449226ec8edfc98a8674e121caf39d96b1da50a976b993c92
                                                                                                                • Opcode Fuzzy Hash: f8f7fb574b01a37347c2b5a7030e5195f98b1542352a9ab3f35e70a1f9b9ac5a
                                                                                                                • Instruction Fuzzy Hash: AA01FF71640209FBEF249F60DE49FAE37A9FB04345F008039FA06B61D0DBB599568F59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004027A3 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E004027A3(int __ebx, void* __eflags) {
				void* _t26;
				long _t31;
				int _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402B2C(0xfffffff0);
				 *(_t56 - 0x4c) = _t23;
				if(E00405A15(_t50) == 0) {
					E00402B2C(0xffffffed);
				}
				E00405B84(_t50);
				_t26 = E00405BA9(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x42f418;
					 *(_t56 - 0x1c) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E00403223(_t45);
						E0040320D(_t49,  *(_t56 - 0x1c));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x2c));
						 *(_t56 - 0x10) = _t54;
						if(_t54 != _t45) {
							E00402FFB( *((intOrPtr*)(_t56 - 0x30)), _t45, _t54,  *(_t56 - 0x2c));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x48) =  *_t54;
								E00405B64( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x48);
							}
							GlobalFree( *(_t56 - 0x10));
						}
						E00405C50( *(_t56 + 8), _t49,  *(_t56 - 0x1c));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0xc)) = E00402FFB(0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x4c));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                                                                                0x004027a3
                                                                                                                0x004027a5
                                                                                                                0x004027b1
                                                                                                                0x004027b4
                                                                                                                0x004027be
                                                                                                                0x004027c2
                                                                                                                0x004027c2
                                                                                                                0x004027c8
                                                                                                                0x004027d5
                                                                                                                0x004027dd
                                                                                                                0x004027e0
                                                                                                                0x004027e6
                                                                                                                0x004027f4
                                                                                                                0x004027f9
                                                                                                                0x004027fd
                                                                                                                0x00402800
                                                                                                                0x00402809
                                                                                                                0x00402815
                                                                                                                0x00402819
                                                                                                                0x0040281c
                                                                                                                0x00402826
                                                                                                                0x00402845
                                                                                                                0x0040282d
                                                                                                                0x00402832
                                                                                                                0x0040283a
                                                                                                                0x0040283d
                                                                                                                0x00402842
                                                                                                                0x00402842
                                                                                                                0x0040284c
                                                                                                                0x0040284c
                                                                                                                0x00402859
                                                                                                                0x0040285f
                                                                                                                0x00402871
                                                                                                                0x00402871
                                                                                                                0x00402877
                                                                                                                0x00402877
                                                                                                                0x00402882
                                                                                                                0x00402883
                                                                                                                0x00402887
                                                                                                                0x0040288b
                                                                                                                0x00402891
                                                                                                                0x00402891
                                                                                                                0x00402898
                                                                                                                0x004022a4
                                                                                                                0x004029bb
                                                                                                                0x004029c7

                                                                                                                APIs
                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004027F7
                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402813
                                                                                                                • GlobalFree.KERNEL32 ref: 0040284C
                                                                                                                • GlobalFree.KERNEL32 ref: 0040285F
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402877
                                                                                                                • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040288B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 2667972263-0
                                                                                                                • Opcode ID: a2aa54484539e5cf0e08f909926563fd1753a777fa44bb9cc822b41f9e16e333
                                                                                                                • Instruction ID: 78559feecc0fcc9b474bd36237e9e6194516f5e07b3510cecd676cf0fe7807ca
                                                                                                                • Opcode Fuzzy Hash: a2aa54484539e5cf0e08f909926563fd1753a777fa44bb9cc822b41f9e16e333
                                                                                                                • Instruction Fuzzy Hash: A4217C72C00224ABCF217FA5CD49DAE7F79EF09364B10823AF520762E1CA7959419F98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004048E7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E004048E7(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00406032(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00406032(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00406032(_t41, _t47, 0x42a870, 0x42a870, _a8);
				wsprintfA(_t32 + lstrlenA(0x42a870), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x42ebd8, _a4, 0x42a870);
			}



















                                                                                                                0x004048ed
                                                                                                                0x004048f2
                                                                                                                0x004048fa
                                                                                                                0x004048fb
                                                                                                                0x00404908
                                                                                                                0x00404910
                                                                                                                0x00404911
                                                                                                                0x00404913
                                                                                                                0x00404915
                                                                                                                0x00404917
                                                                                                                0x0040491a
                                                                                                                0x0040491a
                                                                                                                0x00404921
                                                                                                                0x00404927
                                                                                                                0x00404927
                                                                                                                0x0040492e
                                                                                                                0x00404935
                                                                                                                0x00404938
                                                                                                                0x0040493b
                                                                                                                0x0040493b
                                                                                                                0x0040493f
                                                                                                                0x0040494f
                                                                                                                0x00404951
                                                                                                                0x00404954
                                                                                                                0x004048fd
                                                                                                                0x004048fd
                                                                                                                0x00404904
                                                                                                                0x00404904
                                                                                                                0x0040495c
                                                                                                                0x00404967
                                                                                                                0x0040497d
                                                                                                                0x0040498d
                                                                                                                0x004049a9

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(Wildix Integration Service v3.11.3 Setup ,Wildix Integration Service v3.11.3 Setup ,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404802,000000DF,00000000,00000400,?), ref: 00404985
                                                                                                                • wsprintfA.USER32 ref: 0040498D
                                                                                                                • SetDlgItemTextA.USER32 ref: 004049A0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                • String ID: %u.%u%s%s$Wildix Integration Service v3.11.3 Setup
                                                                                                                • API String ID: 3540041739-400526655
                                                                                                                • Opcode ID: 8f52a3d2b7158611b8ddfee5cd82df9920a420a3de20037d500134a76e905cd2
                                                                                                                • Instruction ID: e3696489e73bdb8ba2be03c53b0d6a47c9a41464d55e6eab91935fd2637341d8
                                                                                                                • Opcode Fuzzy Hash: 8f52a3d2b7158611b8ddfee5cd82df9920a420a3de20037d500134a76e905cd2
                                                                                                                • Instruction Fuzzy Hash: 0E11E473A441286BDB10A57D9C41EAF329CDB85374F254237FA26F31D1E978CC2282A9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004059A8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004059A8(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




                                                                                                                0x004059a9
                                                                                                                0x004059c0
                                                                                                                0x004059c8
                                                                                                                0x004059c8
                                                                                                                0x004059d0

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403258,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004059AE
                                                                                                                • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403258,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004059B7
                                                                                                                • lstrcatA.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 004059C8
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 004059A8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                • API String ID: 2659869361-3081826266
                                                                                                                • Opcode ID: dfed55a16eab86d89f3af7970decdd3a6c9dbbcd65d2cf450bad9cf681275afb
                                                                                                                • Instruction ID: 62df29c05e3eff7e61c48a1ee3c1863d20e1198667f6a1bd608fcc747cda2104
                                                                                                                • Opcode Fuzzy Hash: dfed55a16eab86d89f3af7970decdd3a6c9dbbcd65d2cf450bad9cf681275afb
                                                                                                                • Instruction Fuzzy Hash: 90D0A9B2211A30BAE20266259E09ECF2E088F06310B060037F200B21A1CA3D0D1287FE
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405A41 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405A41(CHAR* _a4) {
				CHAR* _t5;
				char* _t7;
				CHAR* _t9;
				char _t10;
				CHAR* _t11;
				void* _t13;

				_t11 = _a4;
				_t9 = CharNextA(_t11);
				_t5 = CharNextA(_t9);
				_t10 =  *_t11;
				if(_t10 == 0 ||  *_t9 != 0x3a || _t9[1] != 0x5c) {
					if(_t10 != 0x5c || _t11[1] != _t10) {
						L10:
						return 0;
					} else {
						_t13 = 2;
						while(1) {
							_t13 = _t13 - 1;
							_t7 = E004059D3(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 1;
							if(_t13 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextA(_t5);
				}
			}









                                                                                                                0x00405a4a
                                                                                                                0x00405a51
                                                                                                                0x00405a54
                                                                                                                0x00405a56
                                                                                                                0x00405a5a
                                                                                                                0x00405a6f
                                                                                                                0x00405a8e
                                                                                                                0x00000000
                                                                                                                0x00405a76
                                                                                                                0x00405a78
                                                                                                                0x00405a79
                                                                                                                0x00405a7c
                                                                                                                0x00405a7d
                                                                                                                0x00405a85
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405a87
                                                                                                                0x00405a8a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405a8a
                                                                                                                0x00000000
                                                                                                                0x00405a79
                                                                                                                0x00405a67
                                                                                                                0x00000000
                                                                                                                0x00405a68

                                                                                                                APIs
                                                                                                                • CharNextA.USER32(?,?,C:\,?,00405AAD,C:\,C:\,7476FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A4F
                                                                                                                • CharNextA.USER32(00000000), ref: 00405A54
                                                                                                                • CharNextA.USER32(00000000), ref: 00405A68
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharNext
                                                                                                                • String ID: C:\
                                                                                                                • API String ID: 3213498283-3404278061
                                                                                                                • Opcode ID: b0e8f5e89ebadb76a027bec09a8a2b8523dc58ec169e45d2c78276560c1d622b
                                                                                                                • Instruction ID: 984e8433726efb403dd44e64a223cc5f2fc3fa985c42d0e1b55ccc4b068145f6
                                                                                                                • Opcode Fuzzy Hash: b0e8f5e89ebadb76a027bec09a8a2b8523dc58ec169e45d2c78276560c1d622b
                                                                                                                • Instruction Fuzzy Hash: F9F06251B04F656AFB2292744C94B7B5B8CCB55361F184667D980662C282784C418FAA
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402D60 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00402D60(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x429428; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x42f410;
						if(_t2 >  *0x42f410) {
							_t3 = CreateDialogParamA( *0x42f400, 0x6f, 0, E00402CDD, 0);
							 *0x429428 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E004063E4(0);
					}
				} else {
					_t6 =  *0x429428; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x429428 = 0;
					return _t6;
				}
			}






                                                                                                                0x00402d67
                                                                                                                0x00402d81
                                                                                                                0x00402d87
                                                                                                                0x00402d91
                                                                                                                0x00402d97
                                                                                                                0x00402d9d
                                                                                                                0x00402dae
                                                                                                                0x00402db7
                                                                                                                0x00000000
                                                                                                                0x00402dbc
                                                                                                                0x00402dc3
                                                                                                                0x00402d89
                                                                                                                0x00402d90
                                                                                                                0x00402d90
                                                                                                                0x00402d69
                                                                                                                0x00402d69
                                                                                                                0x00402d70
                                                                                                                0x00402d73
                                                                                                                0x00402d73
                                                                                                                0x00402d79
                                                                                                                0x00402d80
                                                                                                                0x00402d80

                                                                                                                APIs
                                                                                                                • DestroyWindow.USER32(00000000,00000000,00402F3E,00000001), ref: 00402D73
                                                                                                                • GetTickCount.KERNEL32 ref: 00402D91
                                                                                                                • CreateDialogParamA.USER32(0000006F,00000000,00402CDD,00000000), ref: 00402DAE
                                                                                                                • ShowWindow.USER32(00000000,00000005), ref: 00402DBC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                • String ID:
                                                                                                                • API String ID: 2102729457-0
                                                                                                                • Opcode ID: 92830607251259d7b21fa7f6a4b037c479e5f1f9739c9a057c3e932900ba9aab
                                                                                                                • Instruction ID: 761b86bf19c83071f88326f4280a43ff42c19d235faedd25f12e3078a496723d
                                                                                                                • Opcode Fuzzy Hash: 92830607251259d7b21fa7f6a4b037c479e5f1f9739c9a057c3e932900ba9aab
                                                                                                                • Instruction Fuzzy Hash: 62F0F431A05621ABC6217B64BE4C9DF7A64BB04B11B51047AF545B22E4DB744C878BAC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004050AB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E004050AB(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t11;
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					__eflags = _t15 - 0x200;
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						__eflags = _t15 - 0x419;
						if(_t15 == 0x419) {
							__eflags =  *0x42a85c - _t16; // 0x0
							if(__eflags != 0) {
								_push(_t16);
								_push(6);
								 *0x42a85c = _t16;
								E00404A71();
							}
						}
						L11:
						return CallWindowProcA( *0x42a864, _a4, _t15, _a12, _t16);
					}
					_t11 = IsWindowVisible(_a4);
					__eflags = _t11;
					if(_t11 == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E004049F1(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 == 0x20) {
					E004040EA(0x413);
					return 0;
				}
				goto L10;
			}






                                                                                                                0x004050af
                                                                                                                0x004050b9
                                                                                                                0x004050cf
                                                                                                                0x004050d5
                                                                                                                0x004050f7
                                                                                                                0x004050fa
                                                                                                                0x004050fa
                                                                                                                0x00405100
                                                                                                                0x00405102
                                                                                                                0x00405108
                                                                                                                0x0040510a
                                                                                                                0x0040510b
                                                                                                                0x0040510d
                                                                                                                0x00405113
                                                                                                                0x00405113
                                                                                                                0x00405108
                                                                                                                0x0040511d
                                                                                                                0x00000000
                                                                                                                0x0040512b
                                                                                                                0x004050da
                                                                                                                0x004050e0
                                                                                                                0x004050e2
                                                                                                                0x0040511a
                                                                                                                0x0040511a
                                                                                                                0x00000000
                                                                                                                0x0040511a
                                                                                                                0x004050ee
                                                                                                                0x004050f0
                                                                                                                0x00000000
                                                                                                                0x004050f0
                                                                                                                0x004050bf
                                                                                                                0x004050c6
                                                                                                                0x00000000
                                                                                                                0x004050cb
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • IsWindowVisible.USER32 ref: 004050DA
                                                                                                                • CallWindowProcA.USER32 ref: 0040512B
                                                                                                                  • Part of subcall function 004040EA: SendMessageA.USER32(00020506,00000000,00000000,00000000), ref: 004040FC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                • String ID:
                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                • Opcode ID: e888eab98be9719f5677808cf14d784dfa63dd3181dd39c0deeb7150e6d77b2f
                                                                                                                • Instruction ID: 77e6a5b3f6bfc6627eb61d09ca0671ae0e6a579f7b3ef645513b94fc1d41cd39
                                                                                                                • Opcode Fuzzy Hash: e888eab98be9719f5677808cf14d784dfa63dd3181dd39c0deeb7150e6d77b2f
                                                                                                                • Instruction Fuzzy Hash: FD017171600648ABDF206F11DD81A5B3B65EB84750F144036FA417A1D2D73A8C629F6E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004059EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004059EF(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                                0x004059f0
                                                                                                                0x004059fa
                                                                                                                0x004059fc
                                                                                                                0x00405a03
                                                                                                                0x00405a0b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405a0b
                                                                                                                0x00405a0d
                                                                                                                0x00405a12

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402E30,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SetupWIService.exe,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 004059F5
                                                                                                                • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E30,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SetupWIService.exe,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405A03
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharPrevlstrlen
                                                                                                                • String ID: C:\Users\user\Desktop
                                                                                                                • API String ID: 2709904686-224404859
                                                                                                                • Opcode ID: 4402843b33e5109e67992b99d0281bb7e81fac819ebae0ac34b6d7d52c4d849b
                                                                                                                • Instruction ID: 7185998fb8cc4c4ccda179d560b4c8302004e2739ffdff7e1043df3a51136750
                                                                                                                • Opcode Fuzzy Hash: 4402843b33e5109e67992b99d0281bb7e81fac819ebae0ac34b6d7d52c4d849b
                                                                                                                • Instruction Fuzzy Hash: E6D0C7B3519DB06EE30392549D04B9F6A48DF16710F094566E181A6195C6784D424BED
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405B0E Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405B0E(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                                                0x00405b1e
                                                                                                                0x00405b20
                                                                                                                0x00405b23
                                                                                                                0x00405b4f
                                                                                                                0x00405b28
                                                                                                                0x00405b31
                                                                                                                0x00405b36
                                                                                                                0x00405b41
                                                                                                                0x00405b44
                                                                                                                0x00405b60
                                                                                                                0x00405b46
                                                                                                                0x00405b4d
                                                                                                                0x00000000
                                                                                                                0x00405b4d
                                                                                                                0x00405b59
                                                                                                                0x00405b5d
                                                                                                                0x00405b5d
                                                                                                                0x00405b57
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B1E
                                                                                                                • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B36
                                                                                                                • CharNextA.USER32(00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B47
                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B50
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.606675465.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.606655789.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606749743.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.606770940.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607052362.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607069023.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.607110811.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                • String ID:
                                                                                                                • API String ID: 190613189-0
                                                                                                                • Opcode ID: dddc0b46adaff912d9c321cf48e41736a02eed0190ef2a74250491e495455120
                                                                                                                • Instruction ID: 0197496b5d832c36441f5dd9a15c5c44ab4bce902fcb82863052ee0cfca36748
                                                                                                                • Opcode Fuzzy Hash: dddc0b46adaff912d9c321cf48e41736a02eed0190ef2a74250491e495455120
                                                                                                                • Instruction Fuzzy Hash: C9F0C231600418BFC7029BA5DD00D9EBBB8DF06250B2540BAE840F7210D634FE019BA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:4.7%
                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                Signature Coverage:0.5%
                                                                                                                Total number of Nodes:1428
                                                                                                                Total number of Limit Nodes:16
                                                                                                                execution_graph 16431 7ff887caa1f0 16468 7ff887cbd640 16431->16468 16433 7ff887caa2a2 16434 7ff887caa2cd 16433->16434 16570 7ff887ca9100 16433->16570 16473 7ff887cc06f0 16434->16473 16438 7ff887caa321 16476 7ff887cb4280 16438->16476 16439 7ff887caa31c 16589 7ff887cc56e4 16439->16589 16441 7ff887caa315 _invalid_parameter_noinfo_noreturn 16441->16439 16446 7ff887caa409 16519 7ff887cae0d0 16446->16519 16447 7ff887caa404 16450 7ff887cc56e4 messages free 16447->16450 16449 7ff887caa3fd _invalid_parameter_noinfo_noreturn 16449->16447 16450->16446 16451 7ff887caa40e 16452 7ff887cb4280 13 API calls 16451->16452 16453 7ff887caa424 16452->16453 16533 7ff887caf010 16453->16533 16456 7ff887caa48d 16457 7ff887cc06f0 2 API calls 16456->16457 16461 7ff887caa4a6 16457->16461 16458 7ff887caa488 16460 7ff887cc56e4 messages free 16458->16460 16459 7ff887caa481 _invalid_parameter_noinfo_noreturn 16459->16458 16460->16456 16462 7ff887caa4ec 16461->16462 16463 7ff887caa4e7 16461->16463 16464 7ff887caa4e0 _invalid_parameter_noinfo_noreturn 16461->16464 16592 7ff887cc5e20 16462->16592 16465 7ff887cc56e4 messages free 16463->16465 16464->16463 16465->16462 16469 7ff887cbd6a2 16468->16469 16470 7ff887cbd669 16468->16470 16469->16433 16601 7ff887cc60f0 16470->16601 16474 7ff887cbd640 2 API calls 16473->16474 16475 7ff887caa2da 16474->16475 16475->16438 16475->16439 16475->16441 16477 7ff887cb42ae 16476->16477 16500 7ff887caa36a 16476->16500 16478 7ff887cb42d3 WideCharToMultiByte 16477->16478 16477->16500 16479 7ff887cb4305 16478->16479 16478->16500 16480 7ff887cb449b Concurrency::cancel_current_task 16479->16480 16481 7ff887cb4359 16479->16481 16482 7ff887cb432f 16479->16482 16612 7ff887cb3980 ?_Xlength_error@std@@YAXPEBD 16480->16612 16485 7ff887cc56a8 std::_Facet_Register 3 API calls 16481->16485 16482->16480 16486 7ff887cb433d 16482->16486 16489 7ff887cb4342 16485->16489 16605 7ff887cc56a8 16486->16605 16488 7ff887cb4364 memset 16491 7ff887cb4389 16488->16491 16489->16488 16490 7ff887cb4461 _invalid_parameter_noinfo_noreturn 16489->16490 16490->16500 16492 7ff887cb4401 16491->16492 16493 7ff887cb43a4 WideCharToMultiByte 16491->16493 16496 7ff887ca9100 7 API calls 16492->16496 16493->16492 16494 7ff887cb43d0 16493->16494 16494->16492 16495 7ff887cb43d4 WideCharToMultiByte 16494->16495 16495->16492 16497 7ff887cb442a 16496->16497 16497->16490 16498 7ff887cb4451 16497->16498 16497->16500 16499 7ff887cc56e4 messages free 16498->16499 16499->16500 16501 7ff887ca57c0 16500->16501 16502 7ff887ca580c 16501->16502 16619 7ff887ca49b0 16502->16619 16505 7ff887ca9100 7 API calls 16506 7ff887ca591e 16505->16506 16632 7ff887cbe5b0 16506->16632 16509 7ff887ca5977 16511 7ff887ca59be 16509->16511 16512 7ff887ca59b9 16509->16512 16516 7ff887ca59b2 _invalid_parameter_noinfo_noreturn 16509->16516 16510 7ff887ca5972 16515 7ff887cc56e4 messages free 16510->16515 16513 7ff887cc5e20 _Receive_impl 8 API calls 16511->16513 16517 7ff887cc56e4 messages free 16512->16517 16518 7ff887ca59cf 16513->16518 16514 7ff887ca596b _invalid_parameter_noinfo_noreturn 16514->16510 16515->16509 16516->16512 16517->16511 16518->16446 16518->16447 16518->16449 16520 7ff887cae133 16519->16520 16521 7ff887cae0f9 16519->16521 16522 7ff887cc5c04 shared_ptr 5 API calls 16520->16522 16521->16451 16523 7ff887cae13f 16522->16523 16523->16521 16524 7ff887cae148 16523->16524 16525 7ff887cc56a8 std::_Facet_Register 3 API calls 16524->16525 16526 7ff887cae152 16525->16526 16527 7ff887cc56a8 std::_Facet_Register 3 API calls 16526->16527 16530 7ff887cae106 shared_ptr 16526->16530 16528 7ff887cae1a8 _Mtx_init_in_situ 16527->16528 17845 7ff887cafe60 16528->17845 16531 7ff887cc5ba4 shared_ptr 4 API calls 16530->16531 16532 7ff887cae126 16531->16532 16532->16451 16534 7ff887caf085 16533->16534 16535 7ff887caf078 memset 16533->16535 16536 7ff887caf091 _Mtx_lock 16534->16536 16537 7ff887caf66c 16534->16537 16535->16534 16539 7ff887caf6a1 ?_Throw_C_error@std@@YAXH 16536->16539 16546 7ff887caf0aa 16536->16546 18010 7ff887cac8d0 16537->18010 16541 7ff887caf0ed 17903 7ff887cacd20 16541->17903 16545 7ff887caf68f _CxxThrowException 16545->16539 16546->16541 17939 7ff887cafb10 16546->17939 16547 7ff887caf634 18001 7ff887caca90 16547->18001 16549 7ff887caf5c7 _Mtx_unlock 16551 7ff887cc5e20 _Receive_impl 8 API calls 16549->16551 16553 7ff887caa445 16551->16553 16553->16456 16553->16458 16553->16459 16554 7ff887cad4c0 std::bad_exception::bad_exception 6 API calls 16568 7ff887caf11a 16554->16568 16555 7ff887caf65a _CxxThrowException 16555->16537 16556 7ff887caf5fc _invalid_parameter_noinfo_noreturn 16557 7ff887caf603 _invalid_parameter_noinfo_noreturn 16556->16557 16558 7ff887caf60a _invalid_parameter_noinfo_noreturn 16557->16558 16560 7ff887caf611 _invalid_parameter_noinfo_noreturn 16558->16560 16559 7ff887cb3ff0 7 API calls 16559->16568 16561 7ff887caf618 _invalid_parameter_noinfo_noreturn 16560->16561 16562 7ff887caf61f _invalid_parameter_noinfo_noreturn 16561->16562 16563 7ff887caf626 _invalid_parameter_noinfo_noreturn 16562->16563 16564 7ff887caf62d _invalid_parameter_noinfo_noreturn 16563->16564 16564->16547 16565 7ff887cc56e4 free messages 16565->16568 16567 7ff887cb4280 13 API calls 16567->16568 16568->16547 16568->16549 16568->16554 16568->16556 16568->16557 16568->16558 16568->16559 16568->16560 16568->16561 16568->16562 16568->16563 16568->16564 16568->16565 16568->16567 17921 7ff887ca5600 16568->17921 17983 7ff887cacec0 16568->17983 16571 7ff887ca9124 memmove 16570->16571 16572 7ff887ca9145 16570->16572 16586 7ff887ca922c 16571->16586 16575 7ff887ca9194 16572->16575 16576 7ff887ca91c9 16572->16576 16579 7ff887ca91a1 16572->16579 16582 7ff887ca9251 Concurrency::cancel_current_task 16572->16582 16574 7ff887cc56a8 std::_Facet_Register 3 API calls 16584 7ff887ca91b2 16574->16584 16575->16579 16575->16582 16577 7ff887ca91db 16576->16577 16578 7ff887ca91ce 16576->16578 16583 7ff887ca91de memmove 16577->16583 16581 7ff887cc56a8 std::_Facet_Register 3 API calls 16578->16581 16579->16574 16580 7ff887ca924a _invalid_parameter_noinfo_noreturn 16580->16582 16581->16584 16585 7ff887ca91ff 16583->16585 16583->16586 16584->16580 16584->16583 16585->16580 16587 7ff887ca9224 16585->16587 16586->16434 16588 7ff887cc56e4 messages free 16587->16588 16588->16586 16589->16438 16590 7ff887cc6590 free 16589->16590 16590->16438 16593 7ff887cc5e29 16592->16593 16594 7ff887caa609 16593->16594 16595 7ff887cc5f04 IsProcessorFeaturePresent 16593->16595 16596 7ff887cc5f1c 16595->16596 18038 7ff887cc5fd8 RtlCaptureContext 16596->18038 16602 7ff887cc6134 16601->16602 16603 7ff887cbd695 16601->16603 16602->16603 16604 7ff887cc6139 malloc free 16602->16604 16603->16433 16604->16603 16606 7ff887cc56c2 malloc 16605->16606 16607 7ff887cc56b3 16606->16607 16608 7ff887cc56cc 16606->16608 16607->16606 16609 7ff887cc56d2 16607->16609 16608->16489 16610 7ff887cc56dd Concurrency::cancel_current_task 16609->16610 16613 7ff887cc6570 16609->16613 16618 7ff887cc6550 16613->16618 16615 7ff887cc657e _CxxThrowException 16616 7ff887cc6590 free 16615->16616 16616->16610 16618->16615 16637 7ff887ca3fd0 16619->16637 16622 7ff887cc56e4 messages free 16623 7ff887ca4a5e 16622->16623 16624 7ff887ca9100 7 API calls 16623->16624 16625 7ff887ca4a80 16624->16625 16626 7ff887ca4ac3 16625->16626 16627 7ff887ca4abe 16625->16627 16629 7ff887ca4ab7 _invalid_parameter_noinfo_noreturn 16625->16629 16628 7ff887cc5e20 _Receive_impl 8 API calls 16626->16628 16630 7ff887cc56e4 messages free 16627->16630 16631 7ff887ca4ad5 16628->16631 16629->16627 16630->16626 16631->16505 16798 7ff887cbd5c0 16632->16798 16634 7ff887cbe5d4 16807 7ff887cbe600 16634->16807 16636 7ff887ca5936 16636->16509 16636->16510 16636->16514 16638 7ff887ca45ce 16637->16638 16645 7ff887ca4012 16637->16645 16639 7ff887cc5e20 _Receive_impl 8 API calls 16638->16639 16640 7ff887ca4614 16639->16640 16640->16622 16641 7ff887ca403c memchr 16642 7ff887ca45be 16641->16642 16641->16645 16695 7ff887ca8c80 16642->16695 16643 7ff887ca4065 memchr 16643->16645 16645->16638 16645->16641 16645->16643 16646 7ff887ca4140 memmove 16645->16646 16648 7ff887ca40d3 memmove 16645->16648 16649 7ff887ca40de memchr 16645->16649 16650 7ff887cc50c0 __std_exception_copy _CxxThrowException 16645->16650 16652 7ff887ca2960 __std_exception_copy _CxxThrowException 16645->16652 16653 7ff887ca43c3 16645->16653 16655 7ff887ca4af0 8 API calls 16645->16655 16656 7ff887ca8ee0 16645->16656 16664 7ff887ca3cc0 16645->16664 16646->16645 16648->16649 16649->16645 16650->16645 16652->16645 16704 7ff887cc50c0 16653->16704 16655->16645 16657 7ff887ca8f0c 16656->16657 16662 7ff887ca8f4e 16656->16662 16708 7ff887cc56ec 16657->16708 16659 7ff887ca90aa 16661 7ff887cc50c0 2 API calls 16659->16661 16663 7ff887ca90c8 16659->16663 16660 7ff887ca9070 memcmp 16660->16662 16661->16663 16662->16659 16662->16660 16663->16645 16665 7ff887ca3cd7 16664->16665 16686 7ff887ca3e9d 16664->16686 16665->16686 16715 7ff887ca3510 16665->16715 16668 7ff887ca3d33 16670 7ff887ca9260 2 API calls 16668->16670 16669 7ff887ca3cfd 16671 7ff887ca3d01 16669->16671 16672 7ff887ca3d1c 16669->16672 16677 7ff887ca3d0e 16670->16677 16671->16677 16726 7ff887ca9260 16671->16726 16673 7ff887ca9260 2 API calls 16672->16673 16673->16677 16674 7ff887ca3d7a 16676 7ff887ca3dce 16674->16676 16678 7ff887ca3db0 16674->16678 16681 7ff887cc50c0 2 API calls 16674->16681 16676->16645 16677->16674 16677->16676 16680 7ff887cc50c0 2 API calls 16677->16680 16678->16676 16679 7ff887ca3e4a 16678->16679 16684 7ff887ca3df5 16678->16684 16682 7ff887ca3e6c 16679->16682 16688 7ff887ca3e43 16679->16688 16732 7ff887ca3900 16679->16732 16680->16674 16681->16678 16683 7ff887cc50c0 2 API calls 16682->16683 16682->16688 16683->16688 16687 7ff887cc50c0 2 API calls 16684->16687 16684->16688 16686->16645 16687->16688 16688->16686 16689 7ff887ca3f32 16688->16689 16693 7ff887ca3ed7 16688->16693 16694 7ff887ca3f29 16688->16694 16689->16694 16756 7ff887ca36c0 16689->16756 16690 7ff887cc50c0 2 API calls 16690->16686 16691 7ff887cc50c0 2 API calls 16691->16694 16693->16691 16693->16694 16694->16686 16694->16690 16696 7ff887ca8d54 16695->16696 16697 7ff887ca8c89 memchr 16695->16697 16696->16638 16698 7ff887ca8d02 16697->16698 16701 7ff887ca8cb7 16697->16701 16698->16696 16699 7ff887ca8d49 memmove 16698->16699 16699->16696 16700 7ff887ca8d66 16701->16700 16793 7ff887caba30 16701->16793 16705 7ff887cc50f1 16704->16705 16797 7ff887ca8980 __std_exception_copy 16705->16797 16707 7ff887cc5116 _CxxThrowException 16711 7ff887cc56a8 16708->16711 16709 7ff887cc56c2 malloc 16710 7ff887cc56cc 16709->16710 16709->16711 16710->16662 16711->16709 16712 7ff887cc56d2 16711->16712 16713 7ff887cc6570 Concurrency::cancel_current_task 2 API calls 16712->16713 16714 7ff887cc56dd Concurrency::cancel_current_task 16712->16714 16713->16714 16716 7ff887ca3537 16715->16716 16717 7ff887ca35b8 16716->16717 16718 7ff887ca359f 16716->16718 16721 7ff887ca35cf 16716->16721 16722 7ff887ca35b6 16716->16722 16720 7ff887ca364c __std_exception_copy 16717->16720 16717->16721 16719 7ff887cc50c0 2 API calls 16718->16719 16719->16722 16780 7ff887ca8980 __std_exception_copy 16720->16780 16721->16722 16724 7ff887cc50c0 2 API calls 16721->16724 16722->16668 16722->16669 16722->16686 16724->16722 16725 7ff887ca36a5 _CxxThrowException 16727 7ff887ca9274 16726->16727 16730 7ff887ca928b 16726->16730 16728 7ff887cc50c0 2 API calls 16727->16728 16728->16730 16729 7ff887ca92bc 16729->16677 16730->16729 16731 7ff887cc50c0 2 API calls 16730->16731 16731->16729 16733 7ff887ca3932 16732->16733 16734 7ff887ca3abd 16732->16734 16733->16734 16736 7ff887ca393c 16733->16736 16735 7ff887ca3acb 16734->16735 16737 7ff887cc50c0 2 API calls 16734->16737 16741 7ff887ca2960 2 API calls 16735->16741 16738 7ff887ca3948 16736->16738 16739 7ff887ca3a1c 16736->16739 16737->16735 16743 7ff887cc50c0 2 API calls 16738->16743 16747 7ff887ca399d 16738->16747 16740 7ff887ca3a02 16739->16740 16748 7ff887ca3a36 16739->16748 16742 7ff887cc50c0 2 API calls 16740->16742 16755 7ff887ca39e7 16741->16755 16744 7ff887ca3a17 16742->16744 16743->16747 16744->16682 16745 7ff887ca39b2 16749 7ff887ca39ce 16745->16749 16751 7ff887cc50c0 2 API calls 16745->16751 16746 7ff887ca2af0 2 API calls 16746->16744 16747->16740 16747->16745 16750 7ff887ca8ee0 6 API calls 16748->16750 16781 7ff887ca2960 16749->16781 16752 7ff887ca3a92 16750->16752 16751->16749 16785 7ff887ca2af0 16752->16785 16755->16746 16757 7ff887ca36f2 16756->16757 16758 7ff887ca387e 16756->16758 16757->16758 16760 7ff887ca36fc 16757->16760 16759 7ff887ca388c 16758->16759 16761 7ff887cc50c0 2 API calls 16758->16761 16764 7ff887ca2960 2 API calls 16759->16764 16762 7ff887ca37dc 16760->16762 16767 7ff887ca3708 16760->16767 16761->16759 16763 7ff887ca37c2 16762->16763 16772 7ff887ca37f6 16762->16772 16766 7ff887cc50c0 2 API calls 16763->16766 16765 7ff887ca37a7 16764->16765 16770 7ff887ca2a20 2 API calls 16765->16770 16779 7ff887ca37d7 16766->16779 16769 7ff887ca375d 16767->16769 16771 7ff887cc50c0 2 API calls 16767->16771 16768 7ff887ca3772 16773 7ff887ca378e 16768->16773 16775 7ff887cc50c0 2 API calls 16768->16775 16769->16763 16769->16768 16770->16779 16771->16769 16774 7ff887ca8ee0 6 API calls 16772->16774 16777 7ff887ca2960 2 API calls 16773->16777 16776 7ff887ca3852 16774->16776 16775->16773 16789 7ff887ca2a20 16776->16789 16777->16765 16779->16694 16780->16725 16782 7ff887ca297c 16781->16782 16783 7ff887ca2a09 16782->16783 16784 7ff887cc50c0 2 API calls 16782->16784 16783->16755 16784->16783 16786 7ff887ca2b04 16785->16786 16787 7ff887cc50c0 2 API calls 16786->16787 16788 7ff887ca2b76 16787->16788 16788->16744 16790 7ff887ca2a34 16789->16790 16791 7ff887cc50c0 2 API calls 16790->16791 16792 7ff887ca2aa6 16791->16792 16792->16779 16794 7ff887caba66 16793->16794 16795 7ff887caba81 memmove 16794->16795 16796 7ff887ca8ce3 memchr 16794->16796 16795->16796 16796->16698 16796->16701 16797->16707 16799 7ff887cbd5f6 16798->16799 16800 7ff887cbd5e9 16798->16800 16920 7ff887cc5c04 EnterCriticalSection 16799->16920 16800->16634 16802 7ff887cbd602 16802->16800 16803 7ff887cb9190 291 API calls 16802->16803 16804 7ff887cbd61a shared_ptr 16803->16804 16805 7ff887cc5ba4 shared_ptr EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 16804->16805 16806 7ff887cbd633 16805->16806 16806->16634 16808 7ff887cbe658 16807->16808 16809 7ff887cbf013 16808->16809 16810 7ff887cbe660 16808->16810 16811 7ff887cbf01a strerror 16809->16811 16813 7ff887cbd640 2 API calls 16810->16813 16812 7ff887cbf060 16811->16812 16812->16812 16816 7ff887ca9100 7 API calls 16812->16816 16814 7ff887cbe695 16813->16814 16928 7ff887cc17c0 _localtime64 16814->16928 16817 7ff887cbf071 16816->16817 16817->16636 16819 7ff887ca49b0 31 API calls 16820 7ff887cbe776 16819->16820 16821 7ff887cbe79f 16820->16821 17070 7ff887cbbd30 16820->17070 16823 7ff887cbe7f9 16821->16823 16824 7ff887cbe7dd 16821->16824 16825 7ff887cbe85d 16823->16825 16828 7ff887cbe858 16823->16828 16829 7ff887cbe851 _invalid_parameter_noinfo_noreturn 16823->16829 16826 7ff887cc56a8 std::_Facet_Register 3 API calls 16824->16826 16831 7ff887cbe8b1 16825->16831 16833 7ff887cbe8aa _invalid_parameter_noinfo_noreturn 16825->16833 16839 7ff887cbe8b6 16825->16839 16827 7ff887cbe7e7 16826->16827 16827->16823 16830 7ff887cc56e4 messages free 16828->16830 16829->16828 16830->16825 16836 7ff887cc56e4 messages free 16831->16836 16832 7ff887cbe967 _Mtx_unlock 16834 7ff887cbe982 AcquireSRWLockShared 16832->16834 16835 7ff887cbefe9 16832->16835 16833->16831 17089 7ff887cc99b0 16834->17089 16838 7ff887cc5e20 _Receive_impl 8 API calls 16835->16838 16836->16839 16841 7ff887cbeff8 16838->16841 16839->16832 16842 7ff887cbe9da _invalid_parameter_noinfo_noreturn 16839->16842 16843 7ff887cc56e4 messages free 16839->16843 16841->16636 16845 7ff887cbe9bb 16842->16845 16843->16839 16936 7ff887cca540 16845->16936 16846 7ff887cbe9ac 16847 7ff887cc80e0 2 API calls 16846->16847 16847->16845 16853 7ff887cbea18 16855 7ff887cbea41 16853->16855 17095 7ff887ca2190 16853->17095 16951 7ff887cb8800 16855->16951 16862 7ff887cc8120 3 API calls 16871 7ff887cbeb34 16862->16871 16863 7ff887cbeba5 16868 7ff887cc56e4 messages free 16863->16868 16864 7ff887cbebef 16866 7ff887cbec34 16864->16866 16872 7ff887cbec2f 16864->16872 16875 7ff887cbec28 _invalid_parameter_noinfo_noreturn 16864->16875 16865 7ff887cbebaa 16865->16864 16869 7ff887cbebea 16865->16869 16874 7ff887cbebe3 _invalid_parameter_noinfo_noreturn 16865->16874 16873 7ff887cbec91 16866->16873 16877 7ff887cbec8c 16866->16877 16879 7ff887cbec85 _invalid_parameter_noinfo_noreturn 16866->16879 16867 7ff887cbeb9e _invalid_parameter_noinfo_noreturn 16867->16863 16868->16865 16870 7ff887cc56e4 messages free 16869->16870 16870->16864 16871->16863 16871->16865 16871->16867 16876 7ff887cc56e4 messages free 16872->16876 16878 7ff887cc80e0 2 API calls 16873->16878 16874->16869 16875->16872 16876->16866 16880 7ff887cc56e4 messages free 16877->16880 16881 7ff887cbecdb 16878->16881 16879->16877 16880->16873 16882 7ff887cc77f0 59 API calls 16881->16882 16883 7ff887cbed11 16882->16883 16884 7ff887cc8120 3 API calls 16883->16884 16885 7ff887cbed27 16884->16885 16886 7ff887cbd640 2 API calls 16885->16886 16887 7ff887cbed60 16886->16887 16888 7ff887cc80e0 2 API calls 16887->16888 16889 7ff887cbed6d 16888->16889 16890 7ff887cbed95 16889->16890 17110 7ff887cad4c0 16889->17110 16892 7ff887cc77f0 59 API calls 16890->16892 16893 7ff887cbedc0 16892->16893 16894 7ff887cc8120 3 API calls 16893->16894 16895 7ff887cbedd6 16894->16895 16896 7ff887cbee34 16895->16896 17124 7ff887cca9d0 16895->17124 16899 7ff887cbefc7 16896->16899 16900 7ff887cbee4c ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N 16896->16900 16901 7ff887cbefd1 16899->16901 17152 7ff887cc97f0 16899->17152 17011 7ff887cbe130 ?exceptions@ios_base@std@@QEAAXH ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 16900->17011 17156 7ff887cba280 16901->17156 16906 7ff887cbeee7 17012 7ff887ccdc80 16906->17012 16910 7ff887cbef49 17036 7ff887cbd2c0 16910->17036 16911 7ff887cbd2c0 274 API calls 16911->16910 16918 7ff887cbefa7 ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@ ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA 16918->16899 16919 7ff887cbef9a ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 16919->16918 16923 7ff887cc5c1a 16920->16923 16922 7ff887cc5c1f LeaveCriticalSection 16923->16922 16925 7ff887cc5cb0 16923->16925 16926 7ff887cc5ce1 LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 16925->16926 16927 7ff887cc5cc4 16925->16927 16927->16926 16929 7ff887cc1819 16928->16929 16930 7ff887cc181c strftime 16928->16930 16929->16930 16931 7ff887cc1853 16930->16931 16932 7ff887ca9100 7 API calls 16931->16932 16933 7ff887cc186a 16932->16933 16934 7ff887cc5e20 _Receive_impl 8 API calls 16933->16934 16935 7ff887cbe6ce 16934->16935 16935->16819 17160 7ff887cca2f0 16936->17160 16939 7ff887cc8120 16941 7ff887cc815d 16939->16941 16940 7ff887cc8197 16942 7ff887cc56a8 std::_Facet_Register 3 API calls 16940->16942 16941->16940 16944 7ff887cbea06 16941->16944 16943 7ff887cc81a1 16942->16943 16943->16944 16945 7ff887cc1260 16944->16945 16946 7ff887cc1290 16945->16946 16946->16946 16947 7ff887cc12ea 16946->16947 16948 7ff887ca9100 7 API calls 16946->16948 16949 7ff887cc5e20 _Receive_impl 8 API calls 16947->16949 16948->16947 16950 7ff887cc12fa 16949->16950 16950->16853 16952 7ff887cb889e 16951->16952 16953 7ff887cb884c 16951->16953 16954 7ff887cb88a6 memmove 16952->16954 16955 7ff887cb88f9 16952->16955 16953->16952 16956 7ff887cb8851 memmove 16953->16956 16957 7ff887cb88e2 memmove 16954->16957 16958 7ff887cb88df 16954->16958 16959 7ff887cb899d 16955->16959 17195 7ff887cae540 16955->17195 16961 7ff887cb8983 16956->16961 16957->16961 16958->16957 16967 7ff887cc80e0 malloc 16961->16967 16963 7ff887cb893e memmove 16965 7ff887cb896b 16963->16965 16966 7ff887cb896e memmove 16963->16966 16965->16966 16966->16961 16968 7ff887cc80f4 std::bad_alloc::bad_alloc 16967->16968 16969 7ff887cbeac9 16967->16969 16970 7ff887cc80fe _CxxThrowException 16968->16970 16971 7ff887cc77f0 16969->16971 17203 7ff887cc75d0 16971->17203 16975 7ff887cc78ed ReleaseSRWLockShared AcquireSRWLockExclusive 16980 7ff887cc7911 16975->16980 16976 7ff887cc79a2 16977 7ff887cc79b4 16976->16977 16978 7ff887cc7bfe 16976->16978 16982 7ff887ca9100 7 API calls 16977->16982 17245 7ff887cb2b20 16978->17245 16980->16976 16984 7ff887cc7992 memcmp 16980->16984 16985 7ff887cc79df 16982->16985 16984->16976 16987 7ff887cc7bc8 ReleaseSRWLockExclusive 16984->16987 16988 7ff887cad4c0 std::bad_exception::bad_exception 6 API calls 16985->16988 16986 7ff887cc7c1c 17252 7ff887cc6de0 16986->17252 16989 7ff887cc7bd5 16987->16989 16990 7ff887cc79fd 16988->16990 16991 7ff887cc5e20 _Receive_impl 8 API calls 16989->16991 16992 7ff887cc7a1d 16990->16992 17219 7ff887cc72e0 16990->17219 16994 7ff887cbeb1e 16991->16994 16997 7ff887cc7a61 16992->16997 16998 7ff887cc7a4b 16992->16998 16994->16862 17002 7ff887cad4c0 std::bad_exception::bad_exception 6 API calls 16997->17002 17000 7ff887cc56a8 std::_Facet_Register 3 API calls 16998->17000 16999 7ff887cc785a 16999->16975 17001 7ff887cc78da ReleaseSRWLockShared 16999->17001 17003 7ff887cc7a55 17000->17003 17001->16989 17004 7ff887cc7a83 17002->17004 17003->16997 17239 7ff887ca8a60 17004->17239 17007 7ff887cc7acf 17007->16987 17008 7ff887cc7aca 17010 7ff887cc56e4 messages free 17008->17010 17009 7ff887cc7ac3 _invalid_parameter_noinfo_noreturn 17009->17008 17010->17007 17011->16906 17274 7ff887cbe130 ?exceptions@ios_base@std@@QEAAXH ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 17012->17274 17014 7ff887ccdcb0 ?_Init@locale@std@@CAPEAV_Locimp@12@_N ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@ 17015 7ff887ccdce8 17014->17015 17017 7ff887cc80e0 2 API calls 17015->17017 17030 7ff887ccdeae 17015->17030 17016 7ff887cc5e20 _Receive_impl 8 API calls 17018 7ff887cbef00 17016->17018 17019 7ff887ccdd3c 17017->17019 17018->16910 17018->16911 17020 7ff887ccddd0 17019->17020 17022 7ff887ccddc9 _invalid_parameter_noinfo_noreturn 17019->17022 17025 7ff887ccddd5 17019->17025 17023 7ff887cc56e4 messages free 17020->17023 17022->17020 17023->17025 17275 7ff887cca520 17025->17275 17029 7ff887ccde7f ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 17029->17030 17030->17016 17035 7ff887ccde7b 17035->17029 17037 7ff887cbd309 17036->17037 17038 7ff887cbd3da ?uncaught_exception@std@ 17037->17038 17039 7ff887cbd34c ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 17037->17039 17041 7ff887cbd3e3 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 17038->17041 17042 7ff887cbd3ed ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 17038->17042 17040 7ff887cbd3b9 17039->17040 17043 7ff887cbc010 288 API calls 17040->17043 17041->17042 17044 7ff887cc9ca0 17042->17044 17043->17038 17045 7ff887cc9cc8 17044->17045 17049 7ff887cc9d62 17044->17049 17368 7ff887cc8390 17045->17368 17047 7ff887cc9cd6 17047->17049 17376 7ff887cc8620 17047->17376 17048 7ff887cc9dd0 17052 7ff887cc9dd5 17048->17052 17053 7ff887cc9ddf 17048->17053 17049->17048 17050 7ff887cca1c3 Concurrency::cancel_current_task 17049->17050 17051 7ff887cc9daf 17049->17051 17049->17053 17054 7ff887cc56a8 std::_Facet_Register 3 API calls 17051->17054 17055 7ff887cc56a8 std::_Facet_Register 3 API calls 17052->17055 17062 7ff887cca101 17053->17062 17064 7ff887cd6670 TlsGetValue 17053->17064 17360 7ff887cb8050 GetCurrentThreadId 17053->17360 17384 7ff887cc9b00 AcquireSRWLockExclusive 17053->17384 17056 7ff887cc9db4 17054->17056 17057 7ff887cc9dbc 17055->17057 17056->17057 17058 7ff887cc9dca _invalid_parameter_noinfo_noreturn 17056->17058 17057->17053 17058->17048 17060 7ff887cca192 17061 7ff887cbef82 17060->17061 17400 7ff887cc9780 17060->17400 17147 7ff887ccdc10 17061->17147 17062->17060 17063 7ff887cca18a 17062->17063 17066 7ff887cca183 _invalid_parameter_noinfo_noreturn 17062->17066 17067 7ff887cc56e4 messages free 17063->17067 17064->17053 17066->17063 17067->17060 17073 7ff887cbbd54 17070->17073 17071 7ff887cbbef6 Concurrency::cancel_current_task 17735 7ff887cbbf10 ?_Xlength_error@std@@YAXPEBD 17071->17735 17073->17071 17075 7ff887cbbdd7 17073->17075 17076 7ff887cbbdab 17073->17076 17077 7ff887cc56a8 std::_Facet_Register 3 API calls 17075->17077 17082 7ff887cbbdc0 17075->17082 17076->17071 17079 7ff887cc56a8 std::_Facet_Register 3 API calls 17076->17079 17077->17082 17078 7ff887cbbde9 memmove 17080 7ff887cbbe34 memmove memset 17078->17080 17081 7ff887cbbe59 memmove memmove 17078->17081 17079->17082 17083 7ff887cbbe89 memset 17080->17083 17081->17083 17082->17078 17084 7ff887cbbeef _invalid_parameter_noinfo_noreturn 17082->17084 17085 7ff887cbbed6 17083->17085 17086 7ff887cbbea8 17083->17086 17084->17071 17085->16821 17086->17084 17087 7ff887cbbece 17086->17087 17088 7ff887cc56e4 messages free 17087->17088 17088->17085 17736 7ff887cc9840 17089->17736 17092 7ff887cc8020 17093 7ff887cc56a8 std::_Facet_Register 3 API calls 17092->17093 17094 7ff887cc8037 17093->17094 17094->16846 17096 7ff887ca230b Concurrency::cancel_current_task 17095->17096 17097 7ff887ca21be 17095->17097 17099 7ff887ca2211 17097->17099 17101 7ff887ca2246 17097->17101 17098 7ff887cc56a8 std::_Facet_Register 3 API calls 17100 7ff887ca222f 17098->17100 17099->17096 17099->17098 17102 7ff887ca22c4 _invalid_parameter_noinfo_noreturn 17100->17102 17104 7ff887ca22cb memmove memmove 17100->17104 17105 7ff887ca2277 memmove memmove 17100->17105 17101->17100 17103 7ff887cc56a8 std::_Facet_Register 3 API calls 17101->17103 17102->17104 17103->17100 17106 7ff887ca22c2 17104->17106 17107 7ff887ca22a2 17105->17107 17108 7ff887ca22b7 17105->17108 17106->16855 17107->17102 17107->17108 17109 7ff887cc56e4 messages free 17108->17109 17109->17106 17111 7ff887cad4ed 17110->17111 17112 7ff887cad4fb 17111->17112 17113 7ff887cad55b 17111->17113 17114 7ff887cad536 17111->17114 17115 7ff887cad597 Concurrency::cancel_current_task 17111->17115 17112->16890 17116 7ff887cad560 17113->17116 17117 7ff887cad565 memmove 17113->17117 17118 7ff887cc56a8 std::_Facet_Register 3 API calls 17114->17118 17121 7ff887cad59c __std_exception_copy 17115->17121 17119 7ff887cc56a8 std::_Facet_Register 3 API calls 17116->17119 17117->17112 17120 7ff887cad53e 17118->17120 17119->17117 17122 7ff887cad546 17120->17122 17123 7ff887cad554 _invalid_parameter_noinfo_noreturn 17120->17123 17121->16890 17122->17117 17123->17113 17128 7ff887cca9e6 17124->17128 17125 7ff887ccaa0f 17127 7ff887ccaa23 17125->17127 17789 7ff887ccd9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17125->17789 17126 7ff887ccd940 4 API calls 17126->17128 17130 7ff887cca950 24 API calls 17127->17130 17128->17125 17128->17126 17779 7ff887cca950 17128->17779 17788 7ff887ccd900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17128->17788 17131 7ff887ccaa28 17130->17131 17790 7ff887ccfda0 TlsGetValue 17131->17790 17148 7ff887cbef8f 17147->17148 17149 7ff887ccdc23 17147->17149 17148->16918 17148->16919 17150 7ff887ccdba0 289 API calls 17149->17150 17151 7ff887ccdc28 ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N ?exceptions@ios_base@std@@QEAAXH 17150->17151 17151->17148 17155 7ff887cc9780 17152->17155 17153 7ff887cc8280 2 API calls 17154 7ff887cc97d0 free 17153->17154 17154->16901 17155->17153 17157 7ff887cba29b 17156->17157 17833 7ff887cc8070 17157->17833 17161 7ff887cca310 17160->17161 17162 7ff887cca48a 17161->17162 17174 7ff887cca32b shared_ptr 17161->17174 17176 7ff887ccd940 AcquireSRWLockExclusive 17161->17176 17163 7ff887cca49e 17162->17163 17191 7ff887ccd9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17162->17191 17166 7ff887cbe9f1 17163->17166 17168 7ff887cc5c04 shared_ptr 5 API calls 17163->17168 17166->16939 17167 7ff887cc56a8 std::_Facet_Register 3 API calls 17167->17174 17169 7ff887cca4ef shared_ptr 17168->17169 17169->17166 17192 7ff887cc5ba4 EnterCriticalSection LeaveCriticalSection 17169->17192 17171 7ff887cc77f0 59 API calls 17171->17174 17174->17161 17174->17167 17174->17171 17181 7ff887cca4b0 17174->17181 17187 7ff887cca240 17174->17187 17190 7ff887ccd900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17174->17190 17177 7ff887ccd99b ReleaseSRWLockExclusive 17176->17177 17179 7ff887ccd960 17176->17179 17177->17161 17178 7ff887ccd9b0 ReleaseSRWLockExclusive 17178->17161 17179->17177 17179->17178 17180 7ff887ccd970 SleepConditionVariableSRW 17179->17180 17180->17179 17180->17180 17182 7ff887cca4e3 17181->17182 17186 7ff887cca4d7 17181->17186 17183 7ff887cc5c04 shared_ptr 5 API calls 17182->17183 17184 7ff887cca4ef shared_ptr 17183->17184 17185 7ff887cc5ba4 shared_ptr 4 API calls 17184->17185 17184->17186 17185->17186 17186->17174 17188 7ff887cc56a8 std::_Facet_Register 3 API calls 17187->17188 17189 7ff887cca266 17188->17189 17189->17174 17190->17174 17191->17163 17193 7ff887cc5c6c SetEvent ResetEvent 17192->17193 17196 7ff887cae57b 17195->17196 17197 7ff887cae54d 17195->17197 17196->16963 17198 7ff887cc56a8 std::_Facet_Register 3 API calls 17197->17198 17199 7ff887cae593 Concurrency::cancel_current_task 17197->17199 17200 7ff887cae55b 17198->17200 17201 7ff887cae563 17200->17201 17202 7ff887cae574 _invalid_parameter_noinfo_noreturn 17200->17202 17201->16963 17202->17196 17211 7ff887cc75f6 shared_ptr 17203->17211 17204 7ff887cc778b 17206 7ff887cc779f 17204->17206 17265 7ff887ccd9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17204->17265 17205 7ff887ccd940 4 API calls 17205->17211 17208 7ff887cc77fe AcquireSRWLockShared 17206->17208 17210 7ff887cc5c04 shared_ptr 5 API calls 17206->17210 17208->16975 17208->16999 17213 7ff887cc7c8f shared_ptr 17210->17213 17211->17204 17211->17205 17212 7ff887cc7640 shared_ptr 17211->17212 17255 7ff887cc6a10 17211->17255 17212->17211 17214 7ff887cc764e InitializeSRWLock 17212->17214 17258 7ff887cc7c50 17212->17258 17264 7ff887ccd900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17212->17264 17213->17208 17215 7ff887cc5ba4 shared_ptr 4 API calls 17213->17215 17216 7ff887cc56a8 std::_Facet_Register 3 API calls 17214->17216 17215->17208 17216->17212 17222 7ff887cc7320 17219->17222 17220 7ff887cc74ae Concurrency::cancel_current_task 17266 7ff887cc74c0 ?_Xlength_error@std@@YAXPEBD 17220->17266 17222->17220 17224 7ff887cc739c 17222->17224 17226 7ff887cc56a8 std::_Facet_Register 3 API calls 17222->17226 17223 7ff887cc74bc 17225 7ff887cc7387 memmove 17224->17225 17227 7ff887cc56a8 std::_Facet_Register 3 API calls 17224->17227 17230 7ff887cc73e7 memmove memset 17225->17230 17231 7ff887cc740c memmove memmove 17225->17231 17229 7ff887cc7382 17226->17229 17227->17225 17229->17225 17232 7ff887cc7395 _invalid_parameter_noinfo_noreturn 17229->17232 17233 7ff887cc743d memset 17230->17233 17231->17233 17232->17224 17234 7ff887cc747f 17233->17234 17235 7ff887cc744d 17233->17235 17234->16992 17236 7ff887cc7477 17235->17236 17237 7ff887cc74a7 _invalid_parameter_noinfo_noreturn 17235->17237 17238 7ff887cc56e4 messages free 17236->17238 17237->17220 17238->17234 17240 7ff887ca8a73 17239->17240 17241 7ff887ca8a9f 17239->17241 17242 7ff887ca8a97 17240->17242 17243 7ff887ca8ab8 _invalid_parameter_noinfo_noreturn 17240->17243 17241->17007 17241->17008 17241->17009 17244 7ff887cc56e4 messages free 17242->17244 17244->17241 17246 7ff887cb2b41 17245->17246 17246->17246 17247 7ff887ca9100 7 API calls 17246->17247 17248 7ff887cb2b4f 17247->17248 17249 7ff887ccc140 17248->17249 17250 7ff887ccc156 __std_exception_copy 17249->17250 17251 7ff887ccc153 17249->17251 17250->16986 17251->17250 17273 7ff887cc6ed0 __std_exception_copy 17252->17273 17254 7ff887cc6df4 _CxxThrowException 17256 7ff887cc56a8 std::_Facet_Register 3 API calls 17255->17256 17257 7ff887cc6a31 17256->17257 17257->17211 17259 7ff887cc7c83 17258->17259 17260 7ff887cc7c77 17258->17260 17261 7ff887cc5c04 shared_ptr 5 API calls 17259->17261 17260->17212 17262 7ff887cc7c8f shared_ptr 17261->17262 17262->17260 17263 7ff887cc5ba4 shared_ptr 4 API calls 17262->17263 17263->17260 17264->17212 17265->17206 17267 7ff887cc56a8 std::_Facet_Register 3 API calls 17266->17267 17268 7ff887cc74f7 17267->17268 17271 7ff887cc6e10 __std_exception_copy 17268->17271 17270 7ff887cc7507 17270->17223 17272 7ff887cc6e7e 17271->17272 17272->17270 17273->17254 17274->17014 17276 7ff887cca2f0 59 API calls 17275->17276 17277 7ff887cca52e 17276->17277 17278 7ff887cc8940 17277->17278 17280 7ff887cc8974 17278->17280 17279 7ff887cc898e 17282 7ff887ccdba0 17279->17282 17280->17279 17317 7ff887cc89e0 17280->17317 17283 7ff887ccdbb0 17282->17283 17285 7ff887ccdbdb 17282->17285 17283->17285 17321 7ff887cbc010 17283->17321 17285->17029 17286 7ff887cbe430 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2 ??0_Lockit@std@@QEAA@H ??Bid@locale@std@ 17285->17286 17287 7ff887cbe48b 17286->17287 17288 7ff887cbe505 ??1_Lockit@std@@QEAA ?length@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1_K 17287->17288 17289 7ff887cbe4a2 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12 17287->17289 17290 7ff887cbe4ad 17287->17290 17291 7ff887cbe544 17288->17291 17289->17290 17290->17288 17292 7ff887cbe4c4 ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@ 17290->17292 17309 7ff887cc0430 17291->17309 17293 7ff887cbe578 17292->17293 17294 7ff887cbe4de 17292->17294 17341 7ff887cb2c60 17293->17341 17338 7ff887cc5490 17294->17338 17310 7ff887cc0441 17309->17310 17311 7ff887cc0457 17309->17311 17310->17035 17312 7ff887cc0471 memset 17311->17312 17313 7ff887cc04a8 17311->17313 17312->17035 17345 7ff887cb59f0 17313->17345 17318 7ff887cc8a24 17317->17318 17320 7ff887cc8a07 17317->17320 17319 7ff887cc56a8 std::_Facet_Register 3 API calls 17318->17319 17319->17320 17320->17279 17322 7ff887cbc0a1 17321->17322 17323 7ff887cbc02e 17321->17323 17322->17285 17324 7ff887cbc06a 17323->17324 17325 7ff887cbc04f 17323->17325 17327 7ff887cbe430 291 API calls 17324->17327 17332 7ff887cb3030 17325->17332 17329 7ff887cbc078 17327->17329 17328 7ff887cbc057 17328->17285 17330 7ff887cb3030 10 API calls 17329->17330 17331 7ff887cbc08a 17330->17331 17331->17285 17333 7ff887cb3092 17332->17333 17334 7ff887cb3053 memmove 17332->17334 17336 7ff887ca2190 9 API calls 17333->17336 17334->17328 17337 7ff887cb30a8 17336->17337 17337->17328 17339 7ff887cc56a8 std::_Facet_Register 3 API calls 17338->17339 17340 7ff887cbe4f0 17339->17340 17340->17288 17344 7ff887cb2be0 17341->17344 17343 7ff887cb2c6e _CxxThrowException 17344->17343 17346 7ff887cb5a1e 17345->17346 17348 7ff887cb5b6c Concurrency::cancel_current_task 17345->17348 17347 7ff887cb5a71 17346->17347 17349 7ff887cb5aa6 17346->17349 17347->17348 17350 7ff887cc56a8 std::_Facet_Register 3 API calls 17347->17350 17351 7ff887cb5a8f 17349->17351 17352 7ff887cc56a8 std::_Facet_Register 3 API calls 17349->17352 17350->17351 17353 7ff887cb5b25 _invalid_parameter_noinfo_noreturn 17351->17353 17354 7ff887cb5ad8 memmove memset 17351->17354 17355 7ff887cb5b2c memmove memset 17351->17355 17352->17351 17353->17355 17356 7ff887cb5b03 17354->17356 17357 7ff887cb5b18 17354->17357 17358 7ff887cb5b23 17355->17358 17356->17353 17356->17357 17359 7ff887cc56e4 messages free 17357->17359 17358->17035 17359->17358 17362 7ff887cb807e 17360->17362 17361 7ff887cb80e6 17361->17053 17362->17361 17404 7ff887cb6090 17362->17404 17369 7ff887cc83b0 17368->17369 17370 7ff887cc83b8 17368->17370 17566 7ff887cc87c0 17369->17566 17372 7ff887cc87c0 3 API calls 17370->17372 17373 7ff887cc83d0 17370->17373 17372->17373 17374 7ff887cc87c0 3 API calls 17373->17374 17375 7ff887cc83e9 17373->17375 17374->17375 17375->17047 17377 7ff887cc8631 17376->17377 17379 7ff887cc8639 17376->17379 17380 7ff887cc87c0 3 API calls 17377->17380 17378 7ff887cc8651 17382 7ff887cc866a 17378->17382 17383 7ff887cc87c0 3 API calls 17378->17383 17379->17378 17381 7ff887cc87c0 3 API calls 17379->17381 17380->17379 17381->17378 17382->17047 17383->17382 17385 7ff887cd6670 TlsGetValue 17384->17385 17386 7ff887cc9b25 17385->17386 17387 7ff887cc9c5c ReleaseSRWLockExclusive 17386->17387 17388 7ff887cc56a8 std::_Facet_Register 3 API calls 17386->17388 17387->17053 17389 7ff887cc9b36 17388->17389 17390 7ff887cc8020 3 API calls 17389->17390 17391 7ff887cc9b46 17390->17391 17570 7ff887cbc7c0 GetSystemTimeAsFileTime 17391->17570 17401 7ff887cc9799 17400->17401 17730 7ff887cc8280 17401->17730 17434 7ff887cd6670 17404->17434 17407 7ff887cb60d1 AcquireSRWLockShared 17409 7ff887cc56a8 std::_Facet_Register 3 API calls 17407->17409 17408 7ff887cb6145 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 17437 7ff887ccdf50 17408->17437 17410 7ff887cb60ee 17409->17410 17417 7ff887cb610b ReleaseSRWLockShared 17410->17417 17440 7ff887cb9ad0 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA 17410->17440 17415 7ff887cd6670 TlsGetValue 17418 7ff887cb6124 17415->17418 17417->17415 17418->17408 17453 7ff887cd6e20 17418->17453 17479 7ff887cd6600 17434->17479 17438 7ff887ccdf57 17437->17438 17439 7ff887ccdf5a OutputDebugStringA 17437->17439 17438->17439 17441 7ff887cb9b64 17440->17441 17442 7ff887cb9b88 17440->17442 17441->17442 17445 7ff887cbc010 287 API calls 17441->17445 17443 7ff887cb9bf4 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N 17442->17443 17446 7ff887cbe430 287 API calls 17442->17446 17482 7ff887cbe130 ?exceptions@ios_base@std@@QEAAXH ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 17443->17482 17445->17442 17448 7ff887cb9be1 17446->17448 17447 7ff887cb9c16 ?exceptions@ios_base@std@@QEAAXH ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@ 17452 7ff887cb9c7d 17447->17452 17450 7ff887cc0430 10 API calls 17448->17450 17451 7ff887cb9bf0 17450->17451 17451->17443 17452->17417 17454 7ff887cd6600 TlsGetValue 17453->17454 17455 7ff887cd6e4b 17454->17455 17456 7ff887cd6eee 17455->17456 17459 7ff887cd6e57 17455->17459 17457 7ff887cd6f14 17456->17457 17458 7ff887cd6f09 TlsGetValue 17456->17458 17478 7ff887cd6ebd 17456->17478 17460 7ff887cd6750 287 API calls 17457->17460 17458->17457 17467 7ff887cd6f24 17458->17467 17461 7ff887cd6e9d 17459->17461 17462 7ff887cd6e8f TlsGetValue 17459->17462 17459->17478 17463 7ff887cd6f19 17460->17463 17483 7ff887cd6750 17461->17483 17462->17461 17464 7ff887cd6ecb 17462->17464 17466 7ff887cd6f29 TlsGetValue 17463->17466 17463->17467 17468 7ff887cd63d0 free 17464->17468 17466->17467 17469 7ff887cd7016 17467->17469 17470 7ff887cd6fa3 17467->17470 17467->17478 17468->17478 17498 7ff887cb3010 ?_Xlength_error@std@@YAXPEBD 17469->17498 17475 7ff887cc56a8 std::_Facet_Register 3 API calls 17470->17475 17473 7ff887cd6ec2 TlsGetValue 17473->17464 17474 7ff887cd6ead 17490 7ff887cd63d0 17474->17490 17475->17478 17478->17408 17480 7ff887cd6614 TlsGetValue 17479->17480 17481 7ff887cb60c0 17479->17481 17480->17481 17481->17407 17481->17408 17482->17447 17499 7ff887cd4eb0 GetProcessHeap HeapAlloc 17483->17499 17488 7ff887cd6781 TlsSetValue 17489 7ff887cd678b 17488->17489 17489->17473 17489->17474 17491 7ff887cd6403 17490->17491 17494 7ff887cd64cf 17491->17494 17496 7ff887cd651e 17491->17496 17492 7ff887cd6506 17492->17478 17494->17492 17495 7ff887cc56e4 messages free 17494->17495 17544 7ff887cd44c0 17494->17544 17495->17494 17496->17492 17497 7ff887cc56e4 messages free 17496->17497 17497->17496 17500 7ff887cd4ed8 17499->17500 17501 7ff887cd4efa std::bad_alloc::bad_alloc 17499->17501 17527 7ff887cd5130 17500->17527 17538 7ff887cca5c0 17501->17538 17506 7ff887cd5fa0 17513 7ff887cd5ff2 17506->17513 17507 7ff887cd6102 17508 7ff887cd61a2 17507->17508 17509 7ff887cd6198 CloseHandle 17507->17509 17511 7ff887cc5e20 _Receive_impl 8 API calls 17508->17511 17509->17508 17510 7ff887cd605c ResetEvent 17510->17513 17515 7ff887cd61b2 17511->17515 17512 7ff887cd6028 OpenEventA 17512->17513 17514 7ff887cd604c CloseHandle 17512->17514 17513->17507 17513->17510 17513->17512 17516 7ff887cd6173 WaitForSingleObjectEx 17513->17516 17518 7ff887cd613d CreateEventA 17513->17518 17520 7ff887cd6078 17513->17520 17521 7ff887cd6940 GetCurrentProcessId 17513->17521 17541 7ff887cd6940 17513->17541 17514->17513 17515->17488 17515->17489 17516->17513 17518->17513 17523 7ff887cd6163 CloseHandle 17518->17523 17519 7ff887cd60f4 SetEvent 17519->17507 17520->17519 17522 7ff887cd60e3 17520->17522 17524 7ff887cd60b7 CreateEventA 17520->17524 17526 7ff887cd6940 GetCurrentProcessId 17520->17526 17521->17518 17522->17507 17522->17519 17523->17513 17524->17522 17525 7ff887cd60dd CloseHandle 17524->17525 17525->17522 17526->17524 17528 7ff887cc56a8 std::_Facet_Register malloc _CxxThrowException free 17527->17528 17529 7ff887cd518e CreateEventA 17528->17529 17530 7ff887cd5200 17529->17530 17531 7ff887cd51d0 17529->17531 17532 7ff887cb9e90 _Receive_impl __std_exception_copy 17530->17532 17533 7ff887cc5e20 _Receive_impl 8 API calls 17531->17533 17534 7ff887cd520a 17532->17534 17535 7ff887cd4ee0 17533->17535 17536 7ff887cb7f00 _Receive_impl 290 API calls 17534->17536 17535->17506 17537 7ff887cd5213 17536->17537 17539 7ff887cca6b0 __std_exception_copy 17538->17539 17540 7ff887cca5d1 _CxxThrowException 17539->17540 17542 7ff887cd6990 17541->17542 17542->17542 17543 7ff887cd69a9 GetCurrentProcessId 17542->17543 17543->17512 17545 7ff887cd4506 17544->17545 17547 7ff887cd44df 17544->17547 17545->17494 17546 7ff887cd44c0 _Receive_impl free 17546->17547 17547->17545 17547->17546 17548 7ff887cc56e4 messages free 17547->17548 17548->17547 17567 7ff887cc8925 17566->17567 17569 7ff887cc87ea 17566->17569 17567->17370 17568 7ff887cc56a8 std::_Facet_Register 3 API calls 17568->17569 17569->17567 17569->17568 17571 7ff887cbc841 17570->17571 17572 7ff887cbc856 17571->17572 17573 7ff887cbc975 17571->17573 17574 7ff887cbc860 17572->17574 17575 7ff887cbc986 17572->17575 17635 7ff887cbf3f0 17573->17635 17578 7ff887cbc875 17574->17578 17579 7ff887cbc998 17574->17579 17577 7ff887cbf3f0 16 API calls 17575->17577 17577->17579 17581 7ff887cbc9a6 17578->17581 17582 7ff887cbc87f 17578->17582 17640 7ff887cbf410 17579->17640 17585 7ff887cbf410 16 API calls 17581->17585 17583 7ff887cbc9b4 17582->17583 17584 7ff887cbc89b 17582->17584 17645 7ff887cbf430 17583->17645 17586 7ff887cbc9c6 17584->17586 17587 7ff887cbc8aa 17584->17587 17585->17583 17590 7ff887cbf430 16 API calls 17586->17590 17615 7ff887cb9890 17587->17615 17591 7ff887cbc9db 17590->17591 17592 7ff887cbc8bc 17593 7ff887cc5e20 _Receive_impl 8 API calls 17592->17593 17594 7ff887cbc965 17593->17594 17595 7ff887ccf1e0 17594->17595 17605 7ff887ccf1f6 17595->17605 17596 7ff887ccf21f 17597 7ff887ccf233 17596->17597 17705 7ff887ccd9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17596->17705 17600 7ff887ccf290 24 API calls 17597->17600 17598 7ff887ccd940 4 API calls 17598->17605 17601 7ff887ccf238 17600->17601 17706 7ff887ccfda0 TlsGetValue 17601->17706 17605->17596 17605->17598 17695 7ff887ccf290 17605->17695 17704 7ff887ccd900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17605->17704 17616 7ff887cb9947 17615->17616 17617 7ff887cb99ca 17616->17617 17618 7ff887cb99af 17616->17618 17620 7ff887cb2b20 7 API calls 17617->17620 17619 7ff887cc5e20 _Receive_impl 8 API calls 17618->17619 17621 7ff887cb99bf 17619->17621 17622 7ff887cb99db 17620->17622 17621->17592 17650 7ff887cb9440 17622->17650 17624 7ff887cb99e9 17653 7ff887cb7e40 17624->17653 17657 7ff887cb94a0 17635->17657 17638 7ff887cb7e40 2 API calls 17639 7ff887cbf407 17638->17639 17667 7ff887cb95e0 17640->17667 17681 7ff887cb9720 17645->17681 17651 7ff887cb9453 17650->17651 17652 7ff887cb9456 __std_exception_copy 17650->17652 17651->17652 17652->17624 17656 7ff887cb8c70 __std_exception_copy 17653->17656 17655 7ff887cb7e51 _CxxThrowException 17656->17655 17658 7ff887cc56a8 std::_Facet_Register 3 API calls 17657->17658 17659 7ff887cb94c7 __std_exception_copy 17658->17659 17660 7ff887cb9541 17659->17660 17661 7ff887cb9576 17659->17661 17662 7ff887cb9571 17660->17662 17664 7ff887cb956a _invalid_parameter_noinfo_noreturn 17660->17664 17663 7ff887cc5e20 _Receive_impl 8 API calls 17661->17663 17665 7ff887cc56e4 messages free 17662->17665 17666 7ff887cb9590 17663->17666 17664->17662 17665->17661 17666->17638 17668 7ff887cc56a8 std::_Facet_Register 3 API calls 17667->17668 17669 7ff887cb9607 __std_exception_copy 17668->17669 17670 7ff887cb96b7 17669->17670 17672 7ff887cb9682 17669->17672 17673 7ff887cc5e20 _Receive_impl 8 API calls 17670->17673 17671 7ff887cb96b2 17675 7ff887cc56e4 messages free 17671->17675 17672->17671 17674 7ff887cb96ab _invalid_parameter_noinfo_noreturn 17672->17674 17676 7ff887cb96d1 17673->17676 17674->17671 17675->17670 17677 7ff887cb7e70 17676->17677 17680 7ff887cb8da0 __std_exception_copy 17677->17680 17679 7ff887cb7e81 _CxxThrowException 17680->17679 17682 7ff887cc56a8 std::_Facet_Register 3 API calls 17681->17682 17683 7ff887cb9747 __std_exception_copy 17682->17683 17684 7ff887cb9800 17683->17684 17685 7ff887cb97cb 17683->17685 17686 7ff887cc5e20 _Receive_impl 8 API calls 17684->17686 17687 7ff887cb97fb 17685->17687 17689 7ff887cb97f4 _invalid_parameter_noinfo_noreturn 17685->17689 17688 7ff887cb981a 17686->17688 17690 7ff887cc56e4 messages free 17687->17690 17691 7ff887cb7ea0 17688->17691 17689->17687 17690->17684 17694 7ff887cb8ed0 __std_exception_copy 17691->17694 17693 7ff887cb7eb1 _CxxThrowException 17694->17693 17696 7ff887ccf2c6 17695->17696 17697 7ff887ccf2b9 17695->17697 17698 7ff887cc5c04 shared_ptr 5 API calls 17696->17698 17697->17605 17699 7ff887ccf2d2 17698->17699 17699->17697 17707 7ff887ccfd40 TlsAlloc 17699->17707 17701 7ff887ccf2ea shared_ptr 17702 7ff887cc5ba4 shared_ptr 4 API calls 17701->17702 17703 7ff887ccf303 17702->17703 17703->17605 17704->17605 17705->17597 17708 7ff887ccfd56 17707->17708 17709 7ff887ccfd5f 17707->17709 17708->17701 17712 7ff887ccd850 17709->17712 17713 7ff887cb2b20 7 API calls 17712->17713 17714 7ff887ccd872 17713->17714 17721 7ff887ccc250 17714->17721 17716 7ff887ccd8a3 17724 7ff887ccb530 17716->17724 17718 7ff887ccd8b4 17727 7ff887ccb760 17718->17727 17722 7ff887ccc267 17721->17722 17723 7ff887ccc26a __std_exception_copy 17721->17723 17722->17723 17723->17716 17725 7ff887ccc1e0 7 API calls 17724->17725 17726 7ff887ccb53e 17725->17726 17726->17718 17728 7ff887ccbee0 7 API calls 17727->17728 17729 7ff887ccb774 _CxxThrowException 17728->17729 17731 7ff887cc8373 free 17730->17731 17734 7ff887cc82a1 17730->17734 17731->17061 17732 7ff887cc835c free 17732->17731 17733 7ff887cc56e4 messages free 17733->17734 17734->17732 17734->17733 17744 7ff887cc9857 shared_ptr 17736->17744 17737 7ff887cc9984 17739 7ff887cc9998 17737->17739 17770 7ff887ccd9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17737->17770 17738 7ff887ccd940 4 API calls 17738->17744 17741 7ff887cbe9a1 17739->17741 17743 7ff887cc5c04 shared_ptr 5 API calls 17739->17743 17741->17092 17742 7ff887cc56a8 malloc _CxxThrowException free std::_Facet_Register 17742->17744 17745 7ff887cc9a6f shared_ptr 17743->17745 17744->17737 17744->17738 17744->17742 17751 7ff887cc9110 InitializeSRWLock 17744->17751 17760 7ff887cc9a30 17744->17760 17766 7ff887cc8b50 17744->17766 17769 7ff887ccd900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17744->17769 17745->17741 17747 7ff887cc5ba4 shared_ptr 4 API calls 17745->17747 17747->17741 17771 7ff887cc8af0 17751->17771 17753 7ff887cc9156 shared_ptr 17774 7ff887ccf780 17753->17774 17755 7ff887cc918a shared_ptr 17756 7ff887cc8020 3 API calls 17755->17756 17757 7ff887cc9203 17756->17757 17758 7ff887cc56a8 std::_Facet_Register 3 API calls 17757->17758 17759 7ff887cc9226 17758->17759 17759->17744 17761 7ff887cc9a57 17760->17761 17762 7ff887cc9a63 17760->17762 17761->17744 17763 7ff887cc5c04 shared_ptr 5 API calls 17762->17763 17764 7ff887cc9a6f shared_ptr 17763->17764 17764->17761 17765 7ff887cc5ba4 shared_ptr 4 API calls 17764->17765 17765->17761 17767 7ff887cc56a8 std::_Facet_Register 3 API calls 17766->17767 17768 7ff887cc8b76 17767->17768 17768->17744 17769->17744 17770->17739 17772 7ff887cc56a8 std::_Facet_Register 3 API calls 17771->17772 17773 7ff887cc8b11 17772->17773 17773->17753 17775 7ff887cca540 59 API calls 17774->17775 17776 7ff887ccf7ad 17775->17776 17777 7ff887cca520 59 API calls 17776->17777 17778 7ff887ccf7b6 17777->17778 17778->17755 17780 7ff887cca986 17779->17780 17781 7ff887cca979 17779->17781 17782 7ff887cc5c04 shared_ptr 5 API calls 17780->17782 17781->17128 17783 7ff887cca992 17782->17783 17783->17781 17784 7ff887ccfd40 15 API calls 17783->17784 17785 7ff887cca9aa shared_ptr 17784->17785 17786 7ff887cc5ba4 shared_ptr 4 API calls 17785->17786 17787 7ff887cca9c3 17786->17787 17787->17128 17788->17128 17789->17127 17834 7ff887cba2cd ReleaseSRWLockShared 17833->17834 17835 7ff887cc8087 17833->17835 17834->16835 17841 7ff887cc7ea0 17835->17841 17837 7ff887cc8093 17838 7ff887cc80b9 17837->17838 17840 7ff887cc56e4 messages free 17837->17840 17839 7ff887cc56e4 messages free 17838->17839 17839->17834 17840->17837 17842 7ff887cc7f3f 17841->17842 17844 7ff887cc7eca 17841->17844 17842->17837 17843 7ff887cc56e4 messages free 17843->17844 17844->17842 17844->17843 17864 7ff887cb3d90 GetTempPathW 17845->17864 17848 7ff887cc56a8 std::_Facet_Register 3 API calls 17849 7ff887cafe9c 17848->17849 17850 7ff887caff58 17849->17850 17875 7ff887cad640 17849->17875 17880 7ff887cac830 17850->17880 17854 7ff887caff53 17857 7ff887cc56e4 messages free 17854->17857 17855 7ff887cafff6 17858 7ff887cc5e20 _Receive_impl 8 API calls 17855->17858 17856 7ff887caff4c _invalid_parameter_noinfo_noreturn 17856->17854 17857->17850 17862 7ff887cb0003 17858->17862 17859 7ff887cafff1 17861 7ff887cc56e4 messages free 17859->17861 17861->17855 17862->16530 17863 7ff887caffea _invalid_parameter_noinfo_noreturn 17863->17859 17865 7ff887cb3e14 17864->17865 17866 7ff887cb3de4 GetLastError 17864->17866 17868 7ff887cb3ea2 17865->17868 17869 7ff887cb3e3e WideCharToMultiByte 17865->17869 17885 7ff887cb35d0 17866->17885 17871 7ff887ca9100 7 API calls 17868->17871 17869->17868 17870 7ff887cb3e6d WideCharToMultiByte 17869->17870 17870->17868 17872 7ff887cb3ed9 17871->17872 17873 7ff887cc5e20 _Receive_impl 8 API calls 17872->17873 17874 7ff887cafe8f 17873->17874 17874->17848 17876 7ff887cad4c0 std::bad_exception::bad_exception 6 API calls 17875->17876 17877 7ff887cad65a 17876->17877 17878 7ff887cad4c0 std::bad_exception::bad_exception 6 API calls 17877->17878 17879 7ff887cad667 17878->17879 17879->17850 17879->17854 17879->17856 17881 7ff887cac8be ?_Xlength_error@std@@YAXPEBD 17880->17881 17882 7ff887cac85d 17880->17882 17883 7ff887cc56a8 std::_Facet_Register 3 API calls 17882->17883 17884 7ff887cac871 17883->17884 17884->17855 17884->17859 17884->17863 17886 7ff887cb3646 17885->17886 17886->17886 17887 7ff887ca49b0 31 API calls 17886->17887 17888 7ff887cb366c 17887->17888 17889 7ff887ca9100 7 API calls 17888->17889 17890 7ff887cb36a8 17889->17890 17891 7ff887cbe5b0 289 API calls 17890->17891 17893 7ff887cb36c0 17891->17893 17892 7ff887cb374b 17897 7ff887cc5e20 _Receive_impl 8 API calls 17892->17897 17894 7ff887cb36ff 17893->17894 17898 7ff887cb36f8 _invalid_parameter_noinfo_noreturn 17893->17898 17899 7ff887cb3704 17893->17899 17895 7ff887cc56e4 messages free 17894->17895 17895->17899 17896 7ff887cb3746 17901 7ff887cc56e4 messages free 17896->17901 17902 7ff887cb375c 17897->17902 17898->17894 17899->17892 17899->17896 17900 7ff887cb373f _invalid_parameter_noinfo_noreturn 17899->17900 17900->17896 17901->17892 17902->17865 17904 7ff887cacd96 17903->17904 17904->17904 17905 7ff887ca49b0 31 API calls 17904->17905 17906 7ff887cacdbc 17905->17906 17907 7ff887ca9100 7 API calls 17906->17907 17908 7ff887cacdf8 17907->17908 17909 7ff887cbe5b0 289 API calls 17908->17909 17910 7ff887cace10 17909->17910 17911 7ff887cace4f 17910->17911 17913 7ff887cace48 _invalid_parameter_noinfo_noreturn 17910->17913 17916 7ff887cace54 17910->17916 17914 7ff887cc56e4 messages free 17911->17914 17912 7ff887cc5e20 _Receive_impl 8 API calls 17917 7ff887caceac 17912->17917 17913->17911 17914->17916 17915 7ff887cace96 17919 7ff887cc56e4 messages free 17915->17919 17916->17915 17918 7ff887cace8f _invalid_parameter_noinfo_noreturn 17916->17918 17920 7ff887cace9b 17916->17920 17917->16568 17918->17915 17919->17920 17920->17912 17922 7ff887ca564c 17921->17922 17923 7ff887ca49b0 31 API calls 17922->17923 17924 7ff887ca56cc 17923->17924 17925 7ff887ca9100 7 API calls 17924->17925 17926 7ff887ca56fe 17925->17926 17927 7ff887cbe5b0 289 API calls 17926->17927 17928 7ff887ca5716 17927->17928 17929 7ff887ca5757 17928->17929 17930 7ff887ca5752 17928->17930 17934 7ff887ca574b _invalid_parameter_noinfo_noreturn 17928->17934 17931 7ff887ca579e 17929->17931 17932 7ff887ca5799 17929->17932 17936 7ff887ca5792 _invalid_parameter_noinfo_noreturn 17929->17936 17935 7ff887cc56e4 messages free 17930->17935 17933 7ff887cc5e20 _Receive_impl 8 API calls 17931->17933 17937 7ff887cc56e4 messages free 17932->17937 17938 7ff887ca57af 17933->17938 17934->17930 17935->17929 17936->17932 17937->17931 17938->16568 17940 7ff887cafb43 17939->17940 17941 7ff887cafced 17939->17941 17942 7ff887cafdc3 17940->17942 17943 7ff887cafb4d 17940->17943 17944 7ff887cad4c0 std::bad_exception::bad_exception 6 API calls 17941->17944 17947 7ff887cac8d0 31 API calls 17942->17947 17945 7ff887cad4c0 std::bad_exception::bad_exception 6 API calls 17943->17945 17946 7ff887cafcf5 17944->17946 17948 7ff887cafb55 17945->17948 17949 7ff887cb3ff0 7 API calls 17946->17949 17950 7ff887cafdd3 17947->17950 18019 7ff887cb3ff0 17948->18019 17956 7ff887cafd0d 17949->17956 17952 7ff887cad750 __std_exception_copy 17950->17952 17953 7ff887cafde0 _CxxThrowException 17952->17953 17955 7ff887cafd55 17962 7ff887cc56e4 messages free 17955->17962 17956->17955 17957 7ff887cafd5a 17956->17957 17961 7ff887cafd4e _invalid_parameter_noinfo_noreturn 17956->17961 17958 7ff887cafdaa 17957->17958 17963 7ff887cafda5 17957->17963 17967 7ff887cafd9e _invalid_parameter_noinfo_noreturn 17957->17967 17959 7ff887cc5e20 _Receive_impl 8 API calls 17958->17959 17965 7ff887cafdb8 17959->17965 17960 7ff887cb3ff0 7 API calls 17966 7ff887cafb85 17960->17966 17961->17955 17962->17957 17964 7ff887cc56e4 messages free 17963->17964 17964->17958 17965->16546 17968 7ff887cb3ff0 7 API calls 17966->17968 17967->17963 17969 7ff887cafb9d 17968->17969 17970 7ff887cafbf0 17969->17970 17972 7ff887cafbeb 17969->17972 17976 7ff887cafbe4 _invalid_parameter_noinfo_noreturn 17969->17976 17971 7ff887cafc45 17970->17971 17974 7ff887cafc40 17970->17974 17977 7ff887cafc39 _invalid_parameter_noinfo_noreturn 17970->17977 17975 7ff887cafc98 17971->17975 17979 7ff887cafc93 17971->17979 17980 7ff887cafc8c _invalid_parameter_noinfo_noreturn 17971->17980 17973 7ff887cc56e4 messages free 17972->17973 17973->17970 17978 7ff887cc56e4 messages free 17974->17978 17975->17958 17975->17963 17982 7ff887cafce6 _invalid_parameter_noinfo_noreturn 17975->17982 17976->17972 17977->17974 17978->17971 17981 7ff887cc56e4 messages free 17979->17981 17980->17979 17981->17975 17982->17941 17984 7ff887cacf0c 17983->17984 17985 7ff887ca49b0 31 API calls 17984->17985 17986 7ff887cacfdd 17985->17986 17987 7ff887ca9100 7 API calls 17986->17987 17988 7ff887cad00f 17987->17988 17989 7ff887cbe5b0 291 API calls 17988->17989 17990 7ff887cad027 17989->17990 17991 7ff887cad068 17990->17991 17992 7ff887cad063 17990->17992 17994 7ff887cad05c _invalid_parameter_noinfo_noreturn 17990->17994 17993 7ff887cad0af 17991->17993 17996 7ff887cad0aa 17991->17996 17999 7ff887cad0a3 _invalid_parameter_noinfo_noreturn 17991->17999 17995 7ff887cc56e4 messages free 17992->17995 17997 7ff887cc5e20 _Receive_impl 8 API calls 17993->17997 17994->17992 17995->17991 18000 7ff887cc56e4 messages free 17996->18000 17998 7ff887cad0c0 17997->17998 17998->16568 17999->17996 18000->17993 18002 7ff887cacae5 18001->18002 18002->18002 18003 7ff887ca49b0 31 API calls 18002->18003 18004 7ff887cacb05 18003->18004 18005 7ff887cc5e20 _Receive_impl 8 API calls 18004->18005 18006 7ff887cacb15 18005->18006 18007 7ff887cad5e0 18006->18007 18008 7ff887cad5f3 18007->18008 18009 7ff887cad5f6 __std_exception_copy 18007->18009 18008->18009 18009->16555 18011 7ff887cac920 18010->18011 18011->18011 18012 7ff887ca49b0 31 API calls 18011->18012 18013 7ff887cac940 18012->18013 18014 7ff887cc5e20 _Receive_impl 8 API calls 18013->18014 18015 7ff887cac950 18014->18015 18016 7ff887cad750 18015->18016 18017 7ff887cad763 18016->18017 18018 7ff887cad766 __std_exception_copy 18016->18018 18017->18018 18018->16545 18020 7ff887cafb6d 18019->18020 18021 7ff887cb401d 18019->18021 18020->17960 18021->18020 18022 7ff887cb4039 MultiByteToWideChar 18021->18022 18022->18020 18023 7ff887cb4060 18022->18023 18024 7ff887cb41c0 18023->18024 18025 7ff887cb4081 18023->18025 18037 7ff887cb3980 ?_Xlength_error@std@@YAXPEBD 18024->18037 18028 7ff887cb408e memset 18025->18028 18029 7ff887cb40bb 18028->18029 18030 7ff887cb40d4 MultiByteToWideChar 18029->18030 18033 7ff887cb411d 18029->18033 18031 7ff887cb40f5 18030->18031 18030->18033 18032 7ff887cb40f9 MultiByteToWideChar 18031->18032 18031->18033 18032->18033 18033->18020 18034 7ff887cb417f 18033->18034 18036 7ff887cb4178 _invalid_parameter_noinfo_noreturn 18033->18036 18035 7ff887cc56e4 messages free 18034->18035 18035->18020 18036->18034 18039 7ff887cc5ff2 RtlLookupFunctionEntry 18038->18039 18040 7ff887cc5f2f 18039->18040 18041 7ff887cc6008 RtlVirtualUnwind 18039->18041 18042 7ff887cc5ed0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 18040->18042 18041->18039 18041->18040 18043 7ff887cabf60 OutputDebugStringA 18044 7ff887cbd640 2 API calls 18043->18044 18045 7ff887cac001 18044->18045 18046 7ff887cac02c 18045->18046 18049 7ff887ca9100 7 API calls 18045->18049 18047 7ff887cc06f0 2 API calls 18046->18047 18048 7ff887cac039 18047->18048 18050 7ff887cac080 18048->18050 18051 7ff887cac07b 18048->18051 18053 7ff887cac074 _invalid_parameter_noinfo_noreturn 18048->18053 18049->18046 18052 7ff887cb4280 13 API calls 18050->18052 18054 7ff887cc56e4 messages free 18051->18054 18055 7ff887cac0b0 18052->18055 18053->18051 18054->18050 18056 7ff887ca5600 291 API calls 18055->18056 18057 7ff887cac0d4 18056->18057 18058 7ff887cac11b 18057->18058 18060 7ff887cac116 18057->18060 18062 7ff887cac10f _invalid_parameter_noinfo_noreturn 18057->18062 18059 7ff887cae0d0 295 API calls 18058->18059 18061 7ff887cac120 18059->18061 18063 7ff887cc56e4 messages free 18060->18063 18064 7ff887cb4280 13 API calls 18061->18064 18062->18060 18063->18058 18065 7ff887cac133 18064->18065 18090 7ff887cafe00 18065->18090 18068 7ff887cac186 18070 7ff887cac1ae 18068->18070 18073 7ff887cc5c04 shared_ptr 5 API calls 18068->18073 18069 7ff887cac181 18072 7ff887cc56e4 messages free 18069->18072 18095 7ff887ca5db0 18070->18095 18071 7ff887cac17a _invalid_parameter_noinfo_noreturn 18071->18069 18072->18068 18076 7ff887cac404 18073->18076 18076->18070 18077 7ff887cac411 18076->18077 18079 7ff887cc56a8 std::_Facet_Register 3 API calls 18077->18079 18078 7ff887cc06f0 2 API calls 18080 7ff887cac335 18078->18080 18086 7ff887cac41b shared_ptr 18079->18086 18081 7ff887cac37b 18080->18081 18082 7ff887cac376 18080->18082 18083 7ff887cac36f _invalid_parameter_noinfo_noreturn 18080->18083 18085 7ff887cc5e20 _Receive_impl 8 API calls 18081->18085 18084 7ff887cc56e4 messages free 18082->18084 18083->18082 18084->18081 18087 7ff887cac3e7 18085->18087 18088 7ff887cc5ba4 shared_ptr 4 API calls 18086->18088 18089 7ff887cac469 18088->18089 18089->18070 18091 7ff887ca5600 291 API calls 18090->18091 18093 7ff887cafe33 18091->18093 18092 7ff887cac13f 18092->18068 18092->18069 18092->18071 18093->18092 18094 7ff887ca9100 7 API calls 18093->18094 18094->18092 18096 7ff887ca5e30 18095->18096 18096->18096 18097 7ff887ca49b0 31 API calls 18096->18097 18098 7ff887ca5e56 18097->18098 18099 7ff887ca9100 7 API calls 18098->18099 18100 7ff887ca5e8e 18099->18100 18101 7ff887cbe5b0 291 API calls 18100->18101 18102 7ff887ca5ea6 18101->18102 18103 7ff887ca5ee5 18102->18103 18104 7ff887ca5eea 18102->18104 18107 7ff887ca5ede _invalid_parameter_noinfo_noreturn 18102->18107 18108 7ff887cc56e4 messages free 18103->18108 18105 7ff887ca5f2c 18104->18105 18109 7ff887ca5f25 _invalid_parameter_noinfo_noreturn 18104->18109 18112 7ff887ca5f31 18104->18112 18110 7ff887cc56e4 messages free 18105->18110 18106 7ff887cc5e20 _Receive_impl 8 API calls 18111 7ff887ca5f42 18106->18111 18107->18103 18108->18104 18109->18105 18110->18112 18111->18078 18112->18106 18113 7ff887caa620 18114 7ff887cbd640 2 API calls 18113->18114 18115 7ff887caa699 18114->18115 18116 7ff887caa6be 18115->18116 18119 7ff887ca9100 7 API calls 18115->18119 18117 7ff887cc06f0 2 API calls 18116->18117 18118 7ff887caa6c8 18117->18118 18120 7ff887caa709 18118->18120 18121 7ff887caa704 18118->18121 18123 7ff887caa6fd _invalid_parameter_noinfo_noreturn 18118->18123 18119->18116 18122 7ff887cb4280 13 API calls 18120->18122 18124 7ff887cc56e4 messages free 18121->18124 18125 7ff887caa731 18122->18125 18123->18121 18124->18120 18150 7ff887ca59e0 18125->18150 18128 7ff887caa7a5 18129 7ff887cae0d0 295 API calls 18128->18129 18131 7ff887caa7aa 18129->18131 18130 7ff887caa7a0 18133 7ff887cc56e4 messages free 18130->18133 18134 7ff887cb4280 13 API calls 18131->18134 18132 7ff887caa799 _invalid_parameter_noinfo_noreturn 18132->18130 18133->18128 18135 7ff887caa7bd 18134->18135 18168 7ff887cb03f0 _Mtx_lock 18135->18168 18137 7ff887caa7cc 18138 7ff887caa80e 18137->18138 18140 7ff887caa807 _invalid_parameter_noinfo_noreturn 18137->18140 18144 7ff887caa813 18137->18144 18141 7ff887cc56e4 messages free 18138->18141 18139 7ff887cc06f0 2 API calls 18142 7ff887caa81e 18139->18142 18140->18138 18141->18144 18143 7ff887caa85e 18142->18143 18145 7ff887caa859 18142->18145 18146 7ff887caa852 _invalid_parameter_noinfo_noreturn 18142->18146 18147 7ff887cc5e20 _Receive_impl 8 API calls 18143->18147 18144->18139 18148 7ff887cc56e4 messages free 18145->18148 18146->18145 18149 7ff887caa8c3 18147->18149 18148->18143 18151 7ff887ca5a2c 18150->18151 18152 7ff887ca49b0 31 API calls 18151->18152 18153 7ff887ca5abe 18152->18153 18154 7ff887ca9100 7 API calls 18153->18154 18155 7ff887ca5af0 18154->18155 18156 7ff887cbe5b0 291 API calls 18155->18156 18157 7ff887ca5b08 18156->18157 18158 7ff887ca5b49 18157->18158 18159 7ff887ca5b44 18157->18159 18161 7ff887ca5b3d _invalid_parameter_noinfo_noreturn 18157->18161 18160 7ff887ca5b90 18158->18160 18163 7ff887ca5b8b 18158->18163 18165 7ff887ca5b84 _invalid_parameter_noinfo_noreturn 18158->18165 18162 7ff887cc56e4 messages free 18159->18162 18164 7ff887cc5e20 _Receive_impl 8 API calls 18160->18164 18161->18159 18162->18158 18166 7ff887cc56e4 messages free 18163->18166 18167 7ff887ca5ba1 18164->18167 18165->18163 18166->18160 18167->18128 18167->18130 18167->18132 18169 7ff887cb05a3 ?_Throw_C_error@std@@YAXH 18168->18169 18170 7ff887cb0441 18168->18170 18171 7ff887cb073f 18169->18171 18172 7ff887cb05cf 18169->18172 18173 7ff887cad4c0 std::bad_exception::bad_exception 6 API calls 18170->18173 18171->18137 18174 7ff887cb05d4 18172->18174 18176 7ff887cb0626 18172->18176 18177 7ff887cb0602 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 18172->18177 18175 7ff887cb044e 18173->18175 18174->18137 18178 7ff887cb0508 18175->18178 18180 7ff887cad4c0 std::bad_exception::bad_exception 6 API calls 18175->18180 18186 7ff887cb04aa memcmp 18175->18186 18192 7ff887cb0501 _invalid_parameter_noinfo_noreturn 18175->18192 18193 7ff887cc56e4 messages free 18175->18193 18176->18171 18182 7ff887cae540 4 API calls 18176->18182 18177->18137 18179 7ff887cb0548 _Mtx_unlock 18178->18179 18181 7ff887cb0543 18178->18181 18184 7ff887cb053c _invalid_parameter_noinfo_noreturn 18178->18184 18183 7ff887cc5e20 _Receive_impl 8 API calls 18179->18183 18180->18175 18185 7ff887cc56e4 messages free 18181->18185 18187 7ff887cb0679 memmove 18182->18187 18188 7ff887cb0587 18183->18188 18184->18181 18185->18179 18186->18175 18189 7ff887cb06b7 18187->18189 18188->18137 18190 7ff887cb0715 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 18189->18190 18195 7ff887cae680 18189->18195 18190->18137 18192->18178 18193->18175 18196 7ff887cae690 _invalid_parameter_noinfo_noreturn 18195->18196 18198 7ff887cd7b10 18199 7ff887cd7b2a 18198->18199 18202 7ff887ca5460 18199->18202 18203 7ff887ca54e0 18202->18203 18203->18203 18204 7ff887ca49b0 31 API calls 18203->18204 18205 7ff887ca5506 18204->18205 18206 7ff887ca9100 7 API calls 18205->18206 18207 7ff887ca553e 18206->18207 18208 7ff887cbe5b0 291 API calls 18207->18208 18209 7ff887ca5556 18208->18209 18210 7ff887ca559a 18209->18210 18211 7ff887ca5595 18209->18211 18214 7ff887ca558e _invalid_parameter_noinfo_noreturn 18209->18214 18212 7ff887ca55e1 18210->18212 18216 7ff887ca55dc 18210->18216 18217 7ff887ca55d5 _invalid_parameter_noinfo_noreturn 18210->18217 18215 7ff887cc56e4 messages free 18211->18215 18213 7ff887cc5e20 _Receive_impl 8 API calls 18212->18213 18219 7ff887ca55f2 SetLastError 18213->18219 18214->18211 18215->18210 18218 7ff887cc56e4 messages free 18216->18218 18217->18216 18218->18212 18220 7ff887cc5a7c InitializeCriticalSectionAndSpinCount GetModuleHandleW 18221 7ff887cc5ac2 GetProcAddress GetProcAddress 18220->18221 18222 7ff887cc5aad GetModuleHandleW 18220->18222 18223 7ff887cc5aea 18221->18223 18224 7ff887cc5aff CreateEventW 18221->18224 18222->18221 18225 7ff887cc5b41 18222->18225 18223->18224 18226 7ff887cc5aef 18223->18226 18224->18225 18224->18226 18242 7ff887cc6758 IsProcessorFeaturePresent 18225->18242 18234 7ff887cc58b4 18226->18234 18229 7ff887cc5b4b DeleteCriticalSection 18231 7ff887cc5b69 CloseHandle 18229->18231 18232 7ff887cc5b6f 18229->18232 18231->18232 18233 7ff887cc5b28 shared_ptr 18235 7ff887cc58c5 18234->18235 18240 7ff887cc58f7 18234->18240 18236 7ff887cc5934 18235->18236 18239 7ff887cc58ca __scrt_acquire_startup_lock 18235->18239 18237 7ff887cc6758 9 API calls 18236->18237 18238 7ff887cc593e 18237->18238 18239->18240 18241 7ff887cc58e7 _initialize_onexit_table 18239->18241 18240->18225 18240->18233 18241->18240 18243 7ff887cc677e 18242->18243 18244 7ff887cc678c memset RtlCaptureContext RtlLookupFunctionEntry 18243->18244 18245 7ff887cc6802 memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 18244->18245 18246 7ff887cc67c6 RtlVirtualUnwind 18244->18246 18247 7ff887cc6886 18245->18247 18246->18245 18247->18229

                                                                                                                Executed Functions

                                                                                                                Function 00007FF887CC9CA0 Relevance: 4.9, APIs: 3, Instructions: 353COMMONCrypto
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 827 7ff887cc9ca0-7ff887cc9cc2 828 7ff887cc9d62 827->828 829 7ff887cc9cc8-7ff887cc9cef call 7ff887cc8390 call 7ff887cc8580 827->829 831 7ff887cc9d68-7ff887cc9d8d 828->831 846 7ff887cc9cf0-7ff887cc9cf5 829->846 832 7ff887cc9e24 831->832 833 7ff887cc9d93-7ff887cc9da0 831->833 835 7ff887cc9e29-7ff887cc9e4d 832->835 836 7ff887cc9dd0-7ff887cc9dd3 833->836 837 7ff887cc9da2-7ff887cc9da9 833->837 840 7ff887cc9ee0-7ff887cc9efd 835->840 841 7ff887cc9e53-7ff887cc9e5b 835->841 844 7ff887cc9dd5-7ff887cc9ddd call 7ff887cc56a8 836->844 845 7ff887cc9ddf 836->845 842 7ff887cca1c3-7ff887cca1c9 call 7ff887ca8ea0 837->842 843 7ff887cc9daf-7ff887cc9dba call 7ff887cc56a8 837->843 849 7ff887cc9f05 840->849 847 7ff887cc9e60-7ff887cc9e6a 841->847 864 7ff887cc9dbc-7ff887cc9dc8 843->864 865 7ff887cc9dca _invalid_parameter_noinfo_noreturn 843->865 852 7ff887cc9de1-7ff887cc9df6 844->852 845->852 846->831 853 7ff887cc9cf7-7ff887cc9cfe 846->853 854 7ff887cc9e84-7ff887cc9e92 847->854 855 7ff887cc9e6c 847->855 857 7ff887cc9f08-7ff887cc9f0b 849->857 860 7ff887cc9e00-7ff887cc9e17 852->860 861 7ff887cc9d00-7ff887cc9d21 853->861 862 7ff887cc9d48-7ff887cc9d60 call 7ff887cc8620 853->862 868 7ff887cc9e94-7ff887cc9e9f 854->868 869 7ff887cc9ec0-7ff887cc9ec4 854->869 863 7ff887cc9e6f-7ff887cc9e71 855->863 866 7ff887cc9f0d-7ff887cc9f18 call 7ff887cb8050 857->866 867 7ff887cc9f5a-7ff887cc9f68 857->867 860->860 870 7ff887cc9e19-7ff887cc9e22 860->870 861->862 892 7ff887cc9d23-7ff887cc9d31 861->892 862->846 873 7ff887cc9e82 863->873 874 7ff887cc9e73-7ff887cc9e7b 863->874 864->852 865->836 884 7ff887cc9f1b-7ff887cc9f1d 866->884 877 7ff887cca101-7ff887cca104 867->877 878 7ff887cc9f6e-7ff887cc9f71 867->878 868->869 875 7ff887cc9ea1-7ff887cc9eb5 868->875 871 7ff887cc9ec6-7ff887cc9eca 869->871 872 7ff887cc9ed2-7ff887cc9ed9 869->872 870->835 871->872 872->847 881 7ff887cc9edb 872->881 873->854 874->863 883 7ff887cc9e7d-7ff887cc9e80 874->883 875->869 904 7ff887cc9eb7-7ff887cc9eba 875->904 879 7ff887cca193-7ff887cca19b 877->879 880 7ff887cca10a-7ff887cca10f 877->880 886 7ff887cc9f77-7ff887cc9f7a 878->886 887 7ff887cca0ce 878->887 888 7ff887cca1b0-7ff887cca1c2 879->888 889 7ff887cca19d-7ff887cca1a8 879->889 890 7ff887cca156-7ff887cca16c 880->890 891 7ff887cca111-7ff887cca118 880->891 881->840 883->854 893 7ff887cc9f4c-7ff887cc9f58 884->893 894 7ff887cc9f1f-7ff887cc9f4a 884->894 896 7ff887cc9f80-7ff887cc9f9a call 7ff887cd6670 886->896 897 7ff887cca098-7ff887cca0ca 886->897 887->849 889->888 898 7ff887cca1aa-7ff887cca1af call 7ff887cc9780 889->898 902 7ff887cca16e-7ff887cca181 890->902 903 7ff887cca18a-7ff887cca192 call 7ff887cc56e4 890->903 899 7ff887cca146-7ff887cca14f 891->899 900 7ff887cca11a-7ff887cca125 891->900 892->862 901 7ff887cc9d33-7ff887cc9d36 892->901 893->857 894->857 915 7ff887cc9fb0-7ff887cc9fb7 896->915 916 7ff887cc9f9c-7ff887cc9fad call 7ff887cc9b00 call 7ff887cd6670 896->916 897->887 898->888 899->891 910 7ff887cca151 899->910 900->899 908 7ff887cca127-7ff887cca13b 900->908 901->862 909 7ff887cc9d38-7ff887cc9d3c 901->909 902->903 911 7ff887cca183-7ff887cca189 _invalid_parameter_noinfo_noreturn 902->911 903->879 904->869 908->899 924 7ff887cca13d-7ff887cca140 908->924 909->862 918 7ff887cc9d3e-7ff887cc9d41 909->918 910->890 911->903 921 7ff887cca08d-7ff887cca090 915->921 922 7ff887cc9fbd-7ff887cc9fc7 915->922 916->915 918->862 921->897 925 7ff887cc9fd0-7ff887cca062 922->925 924->899 927 7ff887cca064-7ff887cca07c 925->927 928 7ff887cca080-7ff887cca087 925->928 927->928 928->921 928->925
                                                                                                                C-Code - Quality: 48%
                                                                                                                			E00007FF87FF887CC9CA0(void* __rax, long long __rcx, signed long long __rdx, void* __r9, void* _a8, signed char _a16, long long _a24, long long _a32) {
				char _v72;
				long long _v96;
				intOrPtr _v104;
				intOrPtr _v112;
				long long _v120;
				long long _v128;
				long long _v136;
				signed long long _v144;
				void* _v152;
				void* __rbx;
				void* __rsi;
				void* _t97;
				void* _t102;
				void* _t103;
				signed int _t140;
				signed int _t143;
				void* _t156;
				signed long long _t161;
				intOrPtr _t164;
				intOrPtr* _t191;
				intOrPtr _t192;
				long long _t194;
				signed long long _t196;
				intOrPtr* _t206;
				void* _t219;
				long long _t220;
				long long _t221;
				long long* _t223;
				long long _t224;
				intOrPtr* _t225;
				intOrPtr* _t226;
				intOrPtr* _t228;
				intOrPtr* _t232;
				void* _t234;
				long long _t267;
				intOrPtr* _t270;
				signed long long _t276;
				signed long long _t277;
				intOrPtr* _t278;
				long long* _t279;
				void* _t283;
				long long* _t285;
				long long _t286;
				signed long long _t287;
				signed long long _t289;
				long long* _t296;
				intOrPtr* _t299;
				signed long long _t300;
				void* _t302;
				void* _t303;
				long long* _t304;
				intOrPtr _t306;
				intOrPtr* _t307;

				_a8 = __rcx;
				_t276 = __rdx;
				_t306 =  *((intOrPtr*)(__rdx));
				if ( *((char*)(_t306 + 0x18)) == 0) goto 0x87cc9d62;
				_t4 = _t306 + 8; // -64
				_t97 = E00007FF87FF887CC8390(_t219, _t4,  &_v120, _t283);
				_t6 = _t306 + 8; // -64
				E00007FF87FF887CC8580(_t97, _t6,  &_v72);
				r13d = 0xffffffff;
				_t220 = _v120;
				if (_t220 == _v72) goto 0x87cc9d68;
				_t232 =  *((intOrPtr*)(_t220 + 0x18));
				if (_t232 == 0) goto 0x87cc9d48;
				_t191 =  *_t232;
				 *((intOrPtr*)(_t191 + 0x18))();
				 *_t191 =  *((intOrPtr*)(_t220 + 0x18));
				 *((long long*)(_t220 + 0x18)) =  *_t191;
				_t192 = _v104;
				if (_t192 == 0) goto 0x87cc9d48;
				_t234 = _t192 + 8;
				asm("lock xadd [ecx], eax");
				if (r13d != 1) goto 0x87cc9d48;
				_t156 = _t234;
				if (_t156 == 0) goto 0x87cc9d48;
				if (_t156 == 0) goto 0x87cc9d48;
				 *((intOrPtr*)( *((intOrPtr*)(_t234 + 0xfffffff8))))();
				_t102 = E00007FF87FF887CC8620(_v112);
				_t194 = _v120;
				_t221 =  *((intOrPtr*)(_t194 + 8));
				_v120 = _t221;
				goto 0x87cc9cf0;
				r13d = 0xffffffff;
				 *_t276 = 0;
				_v152 = _t306;
				asm("xorps xmm0, xmm0");
				asm("movdqu [esp+0x28], xmm0");
				_v128 = 0;
				if (_t221 == 0) goto 0x87cc9e24;
				_t277 = _t276 << 4;
				if (_t277 - 0x1000 < 0) goto 0x87cc9dd0;
				if (_t277 + 0x27 - _t277 <= 0) goto 0x87cca1c3;
				_t103 = E00007FF87FF887CC56A8(_t102, _t194, _t277 + 0x27);
				if (_t194 == 0) goto 0x87cc9dca;
				_t196 = _t194 + 0x00000027 & 0xffffffe0;
				 *((long long*)(_t196 - 8)) = _t194;
				goto 0x87cc9de1;
				__imp___invalid_parameter_noinfo_noreturn();
				_t161 = _t277;
				if (_t161 == 0) goto 0x87cc9ddf;
				E00007FF87FF887CC56A8(_t103, _t196, _t277);
				goto 0x87cc9de1;
				_v144 = _t196;
				_v128 = _t196 + _t277;
				asm("o16 nop [eax+eax]");
				 *_t196 = 0;
				 *((long long*)(_t196 + 8)) = 0;
				if (_t161 != 0) goto 0x87cc9e00;
				_v136 = _t196 + 0x10;
				goto 0x87cc9e29;
				_t285 = _v144;
				_t304 = _t285;
				_v96 = _t285;
				_t307 = _t306 + 0x20;
				r12d =  *(_t306 + 0x10);
				_t302 = (_t300 << 4) + _t307;
				_t223 = _t285;
				_a24 = _t223;
				if (_t307 == _t302) goto 0x87cc9ee0;
				_a24 = _t223;
				r8d = 0;
				_t267 =  *((intOrPtr*)(_t307 + 8));
				if (_t267 == 0) goto 0x87cc9e84;
				_t164 =  *((intOrPtr*)(_t267 + 8));
				if (_t164 == 0) goto 0x87cc9e82;
				asm("lock cmpxchg [edx+0x8], ecx");
				if (_t164 != 0) goto 0x87cc9e6f;
				goto 0x87cc9e84;
				 *_t223 =  *_t307;
				_t278 =  *((intOrPtr*)(_t223 + 8));
				 *((long long*)(_t223 + 8)) = _t267;
				if (_t278 == 0) goto 0x87cc9ec0;
				asm("lock xadd [edi+0x8], eax");
				if (r13d != 1) goto 0x87cc9ec0;
				 *((intOrPtr*)( *_t278 + 8))();
				asm("lock xadd [edi+0xc], eax");
				if (r13d != 1) goto 0x87cc9ec0;
				 *((intOrPtr*)( *_t278 + 0x10))();
				if ( *_t223 == 0) goto 0x87cc9ed2;
				_t224 = _t223 + 0x10;
				_a24 = _t224;
				if (_t307 + 0x10 != _t302) goto 0x87cc9e60;
				_t286 = _v144;
				r12b = (_t224 - _t286 & 0xfffffff0) - 0x10 <= 0;
				_a16 = r12b;
				_t279 = _t286;
				_a32 = _t286;
				r15b = 1;
				if (_t279 == _t224) goto 0x87cc9f5a;
				if ( *((intOrPtr*)( *((intOrPtr*)( *_t279)) + 0x18))() == 0) goto 0x87cc9f4c;
				_t225 = _t224 - 0x10;
				_a24 = _t225;
				 *_t225 =  *_t279;
				 *_t279 =  *_t225;
				 *((long long*)(_t279 + 8)) =  *((intOrPtr*)(_t225 + 8));
				 *((long long*)(_t225 + 8)) =  *((intOrPtr*)(_t279 + 8));
				r15b = 0;
				goto 0x87cc9f08;
				_a32 = _t279 + 0x10;
				goto 0x87cc9f08;
				_a32 = _t304;
				if (_t304 == _t225) goto 0x87cca101;
				if (r15b == 0) goto 0x87cca0ce;
				if (r12b != 0) goto 0x87cca098;
				_t206 = _a8;
				E00007FF87FF887CD6670(_t206);
				if (_t206 != 0) goto 0x87cc9fb0;
				E00007FF87FF887CC9B00( *(_t306 + 0x10), _t206, _t225,  *_t206,  *_t307, __r9);
				E00007FF87FF887CD6670(_t206);
				_t299 = _t206;
				_t296 = _t304 + 0x10;
				if (_t296 == _t225) goto 0x87cca08d;
				asm("o16 nop [eax+eax]");
				_t140 =  *(_t299 + 8);
				r9d = _t140;
				r9d = r9d >> 0xd;
				r9d = r9d ^ _t140 & 0x0007ffc0;
				r9d = r9d >> 6;
				r9d = r9d ^ (_t140 & 0xfffffffe) << 0x0000000c;
				 *(_t299 + 8) = r9d;
				_t143 =  *(_t299 + 0xc);
				r8d = _t143;
				r8d = r8d & 0x3f800000;
				r8d = r8d ^ _t143 >> 0x00000002;
				r8d = r8d >> 0x17;
				r8d = r8d ^ (_t143 & 0xfffffff8) << 0x00000004;
				 *(_t299 + 0xc) = r8d;
				 *(_t299 + 0x10) = ( *(_t299 + 0x10) >> 0x00000003 ^  *(_t299 + 0x10) & 0x1fffff00) >> 0x00000008 ^ ( *(_t299 + 0x10) & 0xfffffff0) << 0x00000011;
				asm("dec eax");
				_t270 = ( &_v152 << 4) + _t304;
				if (_t270 == _t296) goto 0x87cca080;
				 *_t270 =  *_t296;
				 *_t296 =  *_t270;
				 *((long long*)(_t296 + 8)) =  *((intOrPtr*)(_t270 + 8));
				 *((long long*)(_t270 + 8)) =  *((intOrPtr*)(_t296 + 8));
				if (_t296 + 0x10 != _t225) goto 0x87cc9fd0;
				r12b = 1;
				_a16 = r12b;
				 *((intOrPtr*)( *((intOrPtr*)( *_t304)) + 0x10))();
				_t226 = _t225 - 0x10;
				_a24 = _t226;
				 *_t226 =  *_t304;
				 *_t304 =  *_t226;
				 *((long long*)(_t304 + 8)) =  *((intOrPtr*)(_t226 + 8));
				 *((long long*)(_t226 + 8)) =  *((intOrPtr*)(_t304 + 8));
				r13d = 0xffffffff;
				_t287 = _v144;
				r12d = _a16 & 0x000000ff;
				goto 0x87cc9f05;
				if (_t287 == 0) goto 0x87cca193;
				if (_t287 == _v136) goto 0x87cca156;
				_t228 =  *((intOrPtr*)(_t287 + 8));
				if (_t228 == 0) goto 0x87cca146;
				asm("lock xadd [ebx+0x8], eax");
				if (r13d != 1) goto 0x87cca146;
				 *((intOrPtr*)( *_t228 + 8))();
				asm("lock xadd [ebx+0xc], eax");
				if (r13d != 1) goto 0x87cca146;
				 *((intOrPtr*)( *_t228 + 0x10))();
				if (_t287 + 0x10 != _v136) goto 0x87cca111;
				_t289 = _v144;
				if ((_v128 - _t289 & 0xfffffff0) - 0x1000 < 0) goto 0x87cca18a;
				if (_t289 -  *((intOrPtr*)(_t289 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cca18a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				if (_v152 == 0) goto 0x87cca1b0;
				asm("lock inc esp");
				if (_t303 - 1 != 0) goto 0x87cca1b0;
				return E00007FF87FF887CC9780(_t228, _v152,  *((intOrPtr*)(_t289 - 8)));
			}
























































                                                                                                                0x7ff887cc9ca0
                                                                                                                0x7ff887cc9cb7
                                                                                                                0x7ff887cc9cba
                                                                                                                0x7ff887cc9cc2
                                                                                                                0x7ff887cc9ccd
                                                                                                                0x7ff887cc9cd1
                                                                                                                0x7ff887cc9cdb
                                                                                                                0x7ff887cc9cdf
                                                                                                                0x7ff887cc9ce4
                                                                                                                0x7ff887cc9cea
                                                                                                                0x7ff887cc9cf5
                                                                                                                0x7ff887cc9cf7
                                                                                                                0x7ff887cc9cfe
                                                                                                                0x7ff887cc9d00
                                                                                                                0x7ff887cc9d08
                                                                                                                0x7ff887cc9d12
                                                                                                                0x7ff887cc9d15
                                                                                                                0x7ff887cc9d19
                                                                                                                0x7ff887cc9d21
                                                                                                                0x7ff887cc9d23
                                                                                                                0x7ff887cc9d2a
                                                                                                                0x7ff887cc9d31
                                                                                                                0x7ff887cc9d33
                                                                                                                0x7ff887cc9d36
                                                                                                                0x7ff887cc9d3c
                                                                                                                0x7ff887cc9d46
                                                                                                                0x7ff887cc9d4d
                                                                                                                0x7ff887cc9d52
                                                                                                                0x7ff887cc9d57
                                                                                                                0x7ff887cc9d5b
                                                                                                                0x7ff887cc9d60
                                                                                                                0x7ff887cc9d62
                                                                                                                0x7ff887cc9d68
                                                                                                                0x7ff887cc9d6f
                                                                                                                0x7ff887cc9d78
                                                                                                                0x7ff887cc9d7b
                                                                                                                0x7ff887cc9d81
                                                                                                                0x7ff887cc9d8d
                                                                                                                0x7ff887cc9d95
                                                                                                                0x7ff887cc9da0
                                                                                                                0x7ff887cc9da9
                                                                                                                0x7ff887cc9daf
                                                                                                                0x7ff887cc9dba
                                                                                                                0x7ff887cc9dc0
                                                                                                                0x7ff887cc9dc4
                                                                                                                0x7ff887cc9dc8
                                                                                                                0x7ff887cc9dca
                                                                                                                0x7ff887cc9dd0
                                                                                                                0x7ff887cc9dd3
                                                                                                                0x7ff887cc9dd8
                                                                                                                0x7ff887cc9ddd
                                                                                                                0x7ff887cc9de8
                                                                                                                0x7ff887cc9ded
                                                                                                                0x7ff887cc9df6
                                                                                                                0x7ff887cc9e00
                                                                                                                0x7ff887cc9e07
                                                                                                                0x7ff887cc9e17
                                                                                                                0x7ff887cc9e19
                                                                                                                0x7ff887cc9e22
                                                                                                                0x7ff887cc9e24
                                                                                                                0x7ff887cc9e29
                                                                                                                0x7ff887cc9e2c
                                                                                                                0x7ff887cc9e31
                                                                                                                0x7ff887cc9e35
                                                                                                                0x7ff887cc9e3c
                                                                                                                0x7ff887cc9e3f
                                                                                                                0x7ff887cc9e42
                                                                                                                0x7ff887cc9e4d
                                                                                                                0x7ff887cc9e53
                                                                                                                0x7ff887cc9e60
                                                                                                                0x7ff887cc9e63
                                                                                                                0x7ff887cc9e6a
                                                                                                                0x7ff887cc9e6f
                                                                                                                0x7ff887cc9e71
                                                                                                                0x7ff887cc9e76
                                                                                                                0x7ff887cc9e7b
                                                                                                                0x7ff887cc9e80
                                                                                                                0x7ff887cc9e84
                                                                                                                0x7ff887cc9e87
                                                                                                                0x7ff887cc9e8b
                                                                                                                0x7ff887cc9e92
                                                                                                                0x7ff887cc9e97
                                                                                                                0x7ff887cc9e9f
                                                                                                                0x7ff887cc9ea7
                                                                                                                0x7ff887cc9ead
                                                                                                                0x7ff887cc9eb5
                                                                                                                0x7ff887cc9ebd
                                                                                                                0x7ff887cc9ec4
                                                                                                                0x7ff887cc9ec6
                                                                                                                0x7ff887cc9eca
                                                                                                                0x7ff887cc9ed9
                                                                                                                0x7ff887cc9edb
                                                                                                                0x7ff887cc9eee
                                                                                                                0x7ff887cc9ef2
                                                                                                                0x7ff887cc9efa
                                                                                                                0x7ff887cc9efd
                                                                                                                0x7ff887cc9f05
                                                                                                                0x7ff887cc9f0b
                                                                                                                0x7ff887cc9f1d
                                                                                                                0x7ff887cc9f1f
                                                                                                                0x7ff887cc9f23
                                                                                                                0x7ff887cc9f31
                                                                                                                0x7ff887cc9f34
                                                                                                                0x7ff887cc9f3f
                                                                                                                0x7ff887cc9f43
                                                                                                                0x7ff887cc9f47
                                                                                                                0x7ff887cc9f4a
                                                                                                                0x7ff887cc9f50
                                                                                                                0x7ff887cc9f58
                                                                                                                0x7ff887cc9f5d
                                                                                                                0x7ff887cc9f68
                                                                                                                0x7ff887cc9f71
                                                                                                                0x7ff887cc9f7a
                                                                                                                0x7ff887cc9f80
                                                                                                                0x7ff887cc9f8f
                                                                                                                0x7ff887cc9f9a
                                                                                                                0x7ff887cc9f9f
                                                                                                                0x7ff887cc9fa8
                                                                                                                0x7ff887cc9fad
                                                                                                                0x7ff887cc9fb0
                                                                                                                0x7ff887cc9fb7
                                                                                                                0x7ff887cc9fc7
                                                                                                                0x7ff887cc9fd0
                                                                                                                0x7ff887cc9fd4
                                                                                                                0x7ff887cc9fd7
                                                                                                                0x7ff887cc9fe2
                                                                                                                0x7ff887cc9fe5
                                                                                                                0x7ff887cc9fef
                                                                                                                0x7ff887cc9ff2
                                                                                                                0x7ff887cc9ff6
                                                                                                                0x7ff887cc9ffa
                                                                                                                0x7ff887cc9ffd
                                                                                                                0x7ff887cca009
                                                                                                                0x7ff887cca00c
                                                                                                                0x7ff887cca016
                                                                                                                0x7ff887cca019
                                                                                                                0x7ff887cca03b
                                                                                                                0x7ff887cca053
                                                                                                                0x7ff887cca05c
                                                                                                                0x7ff887cca062
                                                                                                                0x7ff887cca06a
                                                                                                                0x7ff887cca06d
                                                                                                                0x7ff887cca078
                                                                                                                0x7ff887cca07c
                                                                                                                0x7ff887cca087
                                                                                                                0x7ff887cca08d
                                                                                                                0x7ff887cca090
                                                                                                                0x7ff887cca0a3
                                                                                                                0x7ff887cca0a6
                                                                                                                0x7ff887cca0aa
                                                                                                                0x7ff887cca0b8
                                                                                                                0x7ff887cca0bb
                                                                                                                0x7ff887cca0c6
                                                                                                                0x7ff887cca0ca
                                                                                                                0x7ff887cca0d3
                                                                                                                0x7ff887cca0d9
                                                                                                                0x7ff887cca0eb
                                                                                                                0x7ff887cca0fc
                                                                                                                0x7ff887cca104
                                                                                                                0x7ff887cca10f
                                                                                                                0x7ff887cca111
                                                                                                                0x7ff887cca118
                                                                                                                0x7ff887cca11d
                                                                                                                0x7ff887cca125
                                                                                                                0x7ff887cca12d
                                                                                                                0x7ff887cca133
                                                                                                                0x7ff887cca13b
                                                                                                                0x7ff887cca143
                                                                                                                0x7ff887cca14f
                                                                                                                0x7ff887cca151
                                                                                                                0x7ff887cca16c
                                                                                                                0x7ff887cca181
                                                                                                                0x7ff887cca183
                                                                                                                0x7ff887cca189
                                                                                                                0x7ff887cca18d
                                                                                                                0x7ff887cca19b
                                                                                                                0x7ff887cca19d
                                                                                                                0x7ff887cca1a8
                                                                                                                0x7ff887cca1c2

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,-00000048,?,?,?,00000000), ref: 00007FF887CC9DCA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: f9f3f1f0bf61b3e3777ae63e9082cabff50ef6bf8633eb60f008c8dbe202ed4d
                                                                                                                • Instruction ID: 3bc2e6ff3be2c29131432c9d219ac8fa46be162f17f4a1b86612a80f37e2553b
                                                                                                                • Opcode Fuzzy Hash: f9f3f1f0bf61b3e3777ae63e9082cabff50ef6bf8633eb60f008c8dbe202ed4d
                                                                                                                • Instruction Fuzzy Hash: 8DE19A32A49A8182EBA08F25E48436D73B6FBD4BE4F198635DA6D43798DF3CD851C740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CBE600 Relevance: 44.4, APIs: 17, Strings: 8, Instructions: 637stringCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 0 7ff887cbe600-7ff887cbe65a call 7ff887cc5430 3 7ff887cbf013-7ff887cbf05a call 7ff887cc543c strerror 0->3 4 7ff887cbe660-7ff887cbe6d7 call 7ff887cc1790 call 7ff887cbd640 call 7ff887cc17c0 0->4 9 7ff887cbf060-7ff887cbf067 3->9 17 7ff887cbe6d9 4->17 18 7ff887cbe6dc-7ff887cbe6fd 4->18 9->9 11 7ff887cbf069-7ff887cbf079 call 7ff887ca9100 9->11 17->18 19 7ff887cbe702-7ff887cbe71c 18->19 20 7ff887cbe6ff 18->20 21 7ff887cbe721-7ff887cbe78c call 7ff887ca49b0 19->21 22 7ff887cbe71e 19->22 20->19 25 7ff887cbe78e-7ff887cbe7a6 call 7ff887cbbd30 21->25 26 7ff887cbe7ad-7ff887cbe7db 21->26 22->21 25->26 28 7ff887cbe7f9-7ff887cbe824 26->28 29 7ff887cbe7dd-7ff887cbe7f2 call 7ff887cc56a8 26->29 30 7ff887cbe826-7ff887cbe83a 28->30 31 7ff887cbe85d-7ff887cbe880 28->31 29->28 35 7ff887cbe858 call 7ff887cc56e4 30->35 36 7ff887cbe83c-7ff887cbe84f 30->36 37 7ff887cbe882-7ff887cbe893 31->37 38 7ff887cbe8b6-7ff887cbe8c1 31->38 35->31 36->35 39 7ff887cbe851-7ff887cbe857 _invalid_parameter_noinfo_noreturn 36->39 41 7ff887cbe8b1 call 7ff887cc56e4 37->41 42 7ff887cbe895-7ff887cbe8a8 37->42 43 7ff887cbe967-7ff887cbe97c _Mtx_unlock 38->43 44 7ff887cbe8c7-7ff887cbe8ce 38->44 39->35 41->38 42->41 45 7ff887cbe8aa-7ff887cbe8b0 _invalid_parameter_noinfo_noreturn 42->45 46 7ff887cbe982-7ff887cbe9be AcquireSRWLockShared call 7ff887cc99b0 call 7ff887cc8020 call 7ff887cc80e0 43->46 47 7ff887cbefe9-7ff887cbf012 call 7ff887cc5e20 43->47 49 7ff887cbe8d0-7ff887cbe8f0 44->49 45->41 65 7ff887cbe9e1 46->65 71 7ff887cbe9c0-7ff887cbe9d8 46->71 50 7ff887cbe922-7ff887cbe943 49->50 51 7ff887cbe8f2-7ff887cbe8ff 49->51 56 7ff887cbe945-7ff887cbe948 50->56 57 7ff887cbe94a-7ff887cbe951 50->57 54 7ff887cbe901-7ff887cbe914 51->54 55 7ff887cbe91d call 7ff887cc56e4 51->55 60 7ff887cbe9da-7ff887cbe9e0 _invalid_parameter_noinfo_noreturn 54->60 61 7ff887cbe91a 54->61 55->50 63 7ff887cbe954-7ff887cbe961 56->63 57->63 60->65 61->55 63->43 63->49 67 7ff887cbe9e4-7ff887cbea3f call 7ff887cca540 call 7ff887cc8120 call 7ff887cc1260 call 7ff887cb2ca0 65->67 79 7ff887cbea41-7ff887cbea50 67->79 80 7ff887cbea5d-7ff887cbea7c call 7ff887ca2190 67->80 71->67 82 7ff887cbea52 79->82 83 7ff887cbea55-7ff887cbea5b 79->83 84 7ff887cbea7f-7ff887cbead6 call 7ff887cb8800 call 7ff887cc80e0 80->84 82->83 83->84 90 7ff887cbeb0a 84->90 91 7ff887cbead8-7ff887cbeb08 84->91 92 7ff887cbeb0d-7ff887cbeb42 call 7ff887cc77f0 call 7ff887cc8120 90->92 91->92 97 7ff887cbeb44-7ff887cbeb51 92->97 98 7ff887cbeb6c-7ff887cbeb74 92->98 97->98 99 7ff887cbeb53-7ff887cbeb61 97->99 100 7ff887cbeb76-7ff887cbeb87 98->100 101 7ff887cbebab-7ff887cbebb6 98->101 99->98 102 7ff887cbeb63-7ff887cbeb6b 99->102 103 7ff887cbeba5-7ff887cbebaa call 7ff887cc56e4 100->103 104 7ff887cbeb89-7ff887cbeb9c 100->104 105 7ff887cbebf0-7ff887cbebfb 101->105 106 7ff887cbebb8-7ff887cbebcc 101->106 102->98 103->101 104->103 109 7ff887cbeb9e-7ff887cbeba4 _invalid_parameter_noinfo_noreturn 104->109 107 7ff887cbec34-7ff887cbec58 105->107 108 7ff887cbebfd-7ff887cbec11 105->108 111 7ff887cbebea-7ff887cbebef call 7ff887cc56e4 106->111 112 7ff887cbebce-7ff887cbebe1 106->112 117 7ff887cbec91-7ff887cbecb3 107->117 118 7ff887cbec5a-7ff887cbec6e 107->118 115 7ff887cbec13-7ff887cbec26 108->115 116 7ff887cbec2f call 7ff887cc56e4 108->116 109->103 111->105 112->111 120 7ff887cbebe3-7ff887cbebe9 _invalid_parameter_noinfo_noreturn 112->120 115->116 122 7ff887cbec28-7ff887cbec2e _invalid_parameter_noinfo_noreturn 115->122 116->107 126 7ff887cbecb5-7ff887cbecc9 117->126 127 7ff887cbeccd-7ff887cbecde call 7ff887cc80e0 117->127 124 7ff887cbec70-7ff887cbec83 118->124 125 7ff887cbec8c call 7ff887cc56e4 118->125 120->111 122->116 124->125 129 7ff887cbec85-7ff887cbec8b _invalid_parameter_noinfo_noreturn 124->129 125->117 126->127 132 7ff887cbece0-7ff887cbecfb 127->132 133 7ff887cbecfd 127->133 129->125 134 7ff887cbed00-7ff887cbed30 call 7ff887cc77f0 call 7ff887cc8120 132->134 133->134 139 7ff887cbed32-7ff887cbed3f 134->139 140 7ff887cbed5b-7ff887cbed78 call 7ff887cbd640 call 7ff887cc80e0 134->140 139->140 141 7ff887cbed41-7ff887cbed4f 139->141 147 7ff887cbed7a-7ff887cbed9a call 7ff887cad4c0 140->147 148 7ff887cbed9c-7ff887cbed9e 140->148 141->140 144 7ff887cbed51-7ff887cbed54 141->144 144->140 150 7ff887cbeda0-7ff887cbeda3 147->150 148->150 152 7ff887cbeda5-7ff887cbedaa 150->152 153 7ff887cbedaf-7ff887cbeddf call 7ff887cc77f0 call 7ff887cc8120 150->153 152->153 158 7ff887cbede1-7ff887cbedee 153->158 159 7ff887cbee0a-7ff887cbee16 call 7ff887cc9ac0 153->159 158->159 161 7ff887cbedf0-7ff887cbedfe 158->161 164 7ff887cbee3b-7ff887cbee3e 159->164 165 7ff887cbee18-7ff887cbee39 call 7ff887cca9d0 call 7ff887cc9c80 159->165 161->159 162 7ff887cbee00-7ff887cbee03 161->162 162->159 167 7ff887cbee43-7ff887cbee46 164->167 165->167 169 7ff887cbefc7-7ff887cbefca 167->169 170 7ff887cbee4c-7ff887cbef05 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z call 7ff887cbe130 call 7ff887ccdc80 167->170 171 7ff887cbefd6-7ff887cbefe4 call 7ff887cba280 ReleaseSRWLockShared 169->171 172 7ff887cbefcc-7ff887cbefd1 call 7ff887cc97f0 169->172 183 7ff887cbef30-7ff887cbef36 170->183 184 7ff887cbef07-7ff887cbef0b 170->184 171->47 172->171 187 7ff887cbef3d-7ff887cbef44 call 7ff887cbd2c0 183->187 185 7ff887cbef21-7ff887cbef2e 184->185 186 7ff887cbef0d-7ff887cbef11 184->186 185->187 188 7ff887cbef13-7ff887cbef1f 186->188 189 7ff887cbef49-7ff887cbef52 186->189 187->189 188->187 191 7ff887cbef57-7ff887cbef7d call 7ff887cbd2c0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ call 7ff887cc9ca0 189->191 192 7ff887cbef54 189->192 196 7ff887cbef82-7ff887cbef98 call 7ff887ccdc10 191->196 192->191 199 7ff887cbefa7-7ff887cbefc2 ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ 196->199 200 7ff887cbef9a-7ff887cbefa1 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ 196->200 199->169 200->199
                                                                                                                C-Code - Quality: 33%
                                                                                                                			E00007FF87FF887CBE600(void* __eax, void* __ecx, intOrPtr __edx, long long __rbx, void* __rcx, signed int __rdx, void* __r8, long long __r9) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* __r13;
				void* __r14;
				void* __r15;
				void* _t191;
				signed int _t215;
				void* _t234;
				void* _t242;
				void* _t269;
				void* _t286;
				long long _t322;
				signed long long _t328;
				signed long long _t338;
				signed long long _t339;
				long long _t341;
				intOrPtr _t350;
				long long _t352;
				long long* _t353;
				long long* _t357;
				intOrPtr _t358;
				long long* _t372;
				intOrPtr _t374;
				long long _t375;
				intOrPtr _t377;
				intOrPtr* _t378;
				signed int _t389;
				char* _t390;
				long long _t393;
				intOrPtr _t409;
				intOrPtr _t411;
				signed long long _t412;
				intOrPtr _t414;
				intOrPtr _t419;
				intOrPtr* _t443;
				intOrPtr _t450;
				signed long long _t451;
				intOrPtr* _t456;
				intOrPtr* _t461;
				long long _t465;
				long long _t488;
				long long _t489;
				intOrPtr _t490;
				intOrPtr _t493;
				signed long long _t496;
				intOrPtr _t497;
				signed long long _t501;
				intOrPtr _t506;
				intOrPtr _t509;
				intOrPtr _t512;
				intOrPtr _t515;
				intOrPtr _t518;
				intOrPtr _t521;
				void* _t534;
				long long _t536;
				void* _t538;
				long long _t540;
				void* _t542;
				void* _t543;
				void* _t545;
				signed long long _t546;
				intOrPtr _t552;
				char* _t564;
				void* _t565;
				void* _t567;
				void* _t568;
				void* _t571;
				intOrPtr* _t572;
				void* _t575;
				void* _t576;

				 *((long long*)(_t545 + 0x10)) = __rbx;
				_t543 = _t545 - 0x280;
				_t546 = _t545 - 0x380;
				_t328 =  *0x87ceec78; // 0x53a27ff7578c
				 *(_t543 + 0x270) = _t328 ^ _t546;
				 *((long long*)(_t546 + 0x48)) = __r9;
				_t568 = __r8;
				r12d = __edx;
				_t576 = __rcx;
				_t572 =  *((intOrPtr*)(_t543 + 0x2e0));
				 *((long long*)(_t543 - 0x50)) = 0x87cf1b20;
				0x87cc5430();
				if (__eax != 0) goto 0x87cbf013;
				E00007FF87FF887CC1790(__eax, 0x87cf1b20, __rdx);
				_t388 = (__rdx >> 7) + (__rdx >> 7 >> 0x3f);
				_t540 = 0x87cf1b20 - ((__rdx >> 7) + (__rdx >> 7 >> 0x3f)) * 0x3e8;
				E00007FF87FF887CBD640((__rdx >> 7) + (__rdx >> 7 >> 0x3f), ((__rdx >> 7) + (__rdx >> 7 >> 0x3f)) * 0x3e8, __r8);
				 *((long long*)(_t543 + 0x40)) = 0xe353f7cf;
				 *((long long*)(_t543 + 0x58)) = 0xf;
				 *((long long*)(_t543 + 0x50)) = 2;
				 *((short*)(_t543 + 0x40)) = 0x5425;
				 *((char*)(_t543 + 0x42)) = 0;
				E00007FF87FF887CC17C0(_t388, _t543 + 0x80, _t388, _t543 + 0x40); // executed
				if ( *((long long*)(0x20c49ba5e353f7e7)) - 0x10 < 0) goto 0x87cbe6dc;
				 *((long long*)(_t543 + 0xe0)) =  *0xe353f7cf;
				 *((long long*)(_t543 + 0xe8)) =  *((intOrPtr*)(0x20c49ba5e353f7df));
				 *((long long*)(_t543 + 0xf0)) = _t540;
				if ( *((long long*)(0x20c49ba5e353f7e7)) - 0x10 < 0) goto 0x87cbe702;
				 *((long long*)(_t543 + 0x100)) =  *0xe353f7cf;
				 *((long long*)(_t543 + 0x108)) =  *((intOrPtr*)(0x20c49ba5e353f7df));
				if ( *((long long*)(_t572 + 0x18)) - 0x10 < 0) goto 0x87cbe721;
				 *((long long*)(_t543 + 0x110)) =  *_t572;
				 *((long long*)(_t543 + 0x118)) =  *((intOrPtr*)(_t572 + 0x10));
				 *((long long*)(_t543 - 0x70)) = 0x7388e;
				 *((long long*)(_t543 - 0x68)) = _t543 + 0xe0;
				asm("movaps xmm0, [ebp-0x70]");
				asm("movdqa [ebp-0x20], xmm0");
				 *((long long*)(_t543 - 0x60)) = "{}.{:03d} | {:<15} {}";
				 *((long long*)(_t543 - 0x58)) = 0x15;
				E00007FF87FF887CA49B0(_t388, _t543 + 0x230, 0xe353f7cf, _t540);
				_t488 =  *0x87cf1b18; // 0xb
				_t39 = _t488 + 1; // 0xc
				_t409 =  *0x87cf1b08; // 0x10
				if (_t409 - _t39 > 0) goto 0x87cbe7ad;
				_t191 = E00007FF87FF887CBBD30(_t39, _t388, 0x87cf1af8, _t488, 0xe353f7cf, _t565, _t572, _t576);
				_t489 =  *0x87cf1b18; // 0xb
				_t411 =  *0x87cf1b08; // 0x10
				_t412 = _t411 - 1;
				_t338 =  *0x87cf1b10; // 0x0
				_t339 = _t338 & _t412;
				 *0x87cf1b10 = _t339;
				_t389 = (_t412 & _t339 + _t489) * 8;
				_t341 =  *0x87cf1b00; // 0xc5bec0
				if ( *((long long*)(_t341 + _t389)) != 0) goto 0x87cbe7f9;
				E00007FF87FF887CC56A8(_t191, _t341, _t412 & _t339 + _t489);
				_t414 =  *0x87cf1b00; // 0xc5bec0
				 *((long long*)(_t414 + _t389)) = _t341;
				asm("movups xmm0, [ebp+0x230]");
				asm("movups [eax], xmm0");
				asm("movups xmm1, [ebp+0x240]");
				asm("movups [eax+0x10], xmm1");
				 *0x87cf1b18 =  *0x87cf1b18 + 1;
				_t490 =  *((intOrPtr*)(_t543 + 0x98));
				if (_t490 - 0x10 < 0) goto 0x87cbe85d;
				if (_t490 + 1 - 0x1000 < 0) goto 0x87cbe858;
				if ( *((intOrPtr*)(_t543 + 0x80)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0x80)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cbe858;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				 *((long long*)(_t543 + 0x90)) = 0xe353f7cf;
				 *((long long*)(_t543 + 0x98)) = 0xf;
				 *((intOrPtr*)(_t543 + 0x80)) = dil;
				_t493 =  *((intOrPtr*)(_t543 + 0x58));
				if (_t493 - 0x10 < 0) goto 0x87cbe8b6;
				if (_t493 + 1 - 0x1000 < 0) goto 0x87cbe8b1;
				if ( *((intOrPtr*)(_t543 + 0x40)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0x40)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cbe8b1;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				if ( *0x87cf1b18 - 0xc8 <= 0) goto 0x87cbe967;
				_t496 =  *0x87cf1b10; // 0x0
				_t419 =  *0x87cf1b08; // 0x10
				_t350 =  *0x87cf1b00; // 0xc5bec0
				_t390 =  *((intOrPtr*)(_t350 + (_t419 - 0x00000001 & _t496) * 8));
				_t497 =  *((intOrPtr*)(_t390 + 0x18));
				if (_t497 - 0x10 < 0) goto 0x87cbe922;
				if (_t497 + 1 - 0x1000 < 0) goto 0x87cbe91d;
				_t57 =  *_t390 -  *((intOrPtr*)( *_t390 - 8)) - 8; // 0x7
				_t286 = _t57 - 0x1f;
				if (_t286 > 0) goto 0x87cbe9da;
				E00007FF87FF887CC56E4();
				 *((long long*)(_t390 + 0x10)) = 0xe353f7cf;
				 *((long long*)(_t390 + 0x18)) = 0xf;
				 *_t390 = 0;
				_t352 =  *0x87cf1b18; // 0xb
				_t353 = _t352 - 1;
				 *0x87cf1b18 = _t353;
				if (_t286 != 0) goto 0x87cbe94a;
				goto 0x87cbe954;
				_t501 =  *0x87cf1b10; // 0x0
				 *0x87cf1b10 = _t501 + 1;
				if (_t353 - 0xc8 > 0) goto 0x87cbe8d0;
				0x87cc5436();
				if ( *((intOrPtr*)(_t576 + 0x50)) != 0x3a875d21) goto 0x87cbefe9;
				 *((long long*)(_t543 - 0x10)) = _t576 + 0x48;
				 *((char*)(_t543 - 8)) = 1;
				0x87cc54e8();
				E00007FF87FF887CC99B0(_t353, _t546 + 0x60, _t501 + 1);
				E00007FF87FF887CC8020(_t353, _t390, _t546 + 0x70, _t575);
				 *((intOrPtr*)(_t546 + 0x78)) = 0;
				E00007FF87FF887CC80E0(_t353);
				if (_t353 == 0) goto 0x87cbe9e1;
				 *((long long*)(_t353 + 8)) = 0xe353f7cf;
				 *_t353 = 0x87cdd5d0;
				asm("lock xadd [eax+0x8], ecx");
				goto 0x87cbe9e4;
				__imp___invalid_parameter_noinfo_noreturn();
				 *((long long*)(_t543 - 0x80)) = 0xe353f7cf;
				E00007FF87FF887CCA540(0xe353f7cf, _t543 - 0x78, _t501 + 1);
				r8d =  *0xe353f7cf;
				E00007FF87FF887CC1260(E00007FF87FF887CC8120(_t390, _t546 + 0x70, _t543, _t540, _t543 - 0x80), _t543 + 0x250,  *((intOrPtr*)(_t546 + 0x48)));
				0x87cb2ca0();
				_t506 =  *((intOrPtr*)(0x20c49ba5e353f7df));
				_t552 =  *((intOrPtr*)(0x20c49ba5e353f7e7));
				if (_t552 - _t506 - 1 < 0) goto 0x87cbea5d;
				 *((long long*)(0x20c49ba5e353f7df)) = _t506 + 1;
				if (_t552 - 0x10 < 0) goto 0x87cbea55;
				_t357 =  *0xe353f7cf;
				 *((short*)(_t357 + _t506)) = 0x3a;
				goto 0x87cbea7f;
				 *((long long*)(_t546 + 0x20)) = 1;
				r8d = 0;
				E00007FF87FF887CA2190(0xe353f7cf, _t506, 0xe353f7cf, _t543, ":", _t568, _t576 + 0x48, _t571, _t567);
				_t564 = _t357;
				asm("inc ecx");
				asm("movups [ebp+0xc0], xmm0");
				asm("inc ecx");
				asm("movups [ebp+0xd0], xmm1");
				 *((long long*)(_t564 + 0x10)) = 0xe353f7cf;
				 *((long long*)(_t564 + 0x18)) = 0xf;
				 *_t564 = 0;
				E00007FF87FF887CB8800(0xe353f7cf, _t543 + 0x60, _t543, _t543 + 0xc0, 0xe353f7cf, _t565);
				E00007FF87FF887CC80E0(_t357);
				if (_t357 == 0) goto 0x87cbeb0a;
				 *((intOrPtr*)(_t357 + 8)) = 0;
				asm("movups xmm0, [ebp+0x60]");
				asm("movups [eax+0x10], xmm0");
				asm("movups xmm1, [ebp+0x70]");
				asm("movups [eax+0x20], xmm1");
				 *((long long*)(_t543 + 0x70)) = 0xe353f7cf;
				 *((long long*)(_t543 + 0x78)) = 0xf;
				 *((char*)(_t543 + 0x60)) = 0;
				 *_t357 = 0x87cdd558;
				asm("lock xadd [ecx+0x8], eax");
				goto 0x87cbeb0d;
				 *((long long*)(_t546 + 0x50)) = 0xe353f7cf;
				r8d = E00007FF87FF887CC77F0(_t269, _t357, _t357, 0xe353f7cf, "FileName", _t506, _t543 + 0xc0, 0xe353f7cf);
				E00007FF87FF887CC8120(0xe353f7cf, _t546 + 0x70, _t543 + 0x10, _t540, _t546 + 0x50);
				_t358 =  *((intOrPtr*)(_t546 + 0x50));
				if (_t358 == 0) goto 0x87cbeb6c;
				asm("lock xadd [edx], eax");
				if (0xffffffff != 1) goto 0x87cbeb6c;
				_t443 =  ==  ? 0xe353f7cf : _t358 + 8 - 8;
				if (_t443 == 0) goto 0x87cbeb6c;
				 *((intOrPtr*)( *_t443))();
				_t509 =  *((intOrPtr*)(_t543 + 0x78));
				if (_t509 - 0x10 < 0) goto 0x87cbebab;
				if (_t509 + 1 - 0x1000 < 0) goto 0x87cbeba5;
				if ( *((intOrPtr*)(_t543 + 0x60)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0x60)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cbeba5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_t512 =  *((intOrPtr*)(_t543 + 0xd8));
				if (_t512 - 0x10 < 0) goto 0x87cbebf0;
				if (_t512 + 1 - 0x1000 < 0) goto 0x87cbebea;
				if ( *((intOrPtr*)(_t543 + 0xc0)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0xc0)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cbebea;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_t515 =  *((intOrPtr*)(_t543 + 0xb8));
				if (_t515 - 0x10 < 0) goto 0x87cbec34;
				if (_t515 + 1 - 0x1000 < 0) goto 0x87cbec2f;
				if ( *((intOrPtr*)(_t543 + 0xa0)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0xa0)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cbec2f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				 *((long long*)(_t543 + 0xb0)) = 0xe353f7cf;
				 *((long long*)(_t543 + 0xb8)) = 0xf;
				 *((char*)(_t543 + 0xa0)) = 0;
				_t518 =  *((intOrPtr*)(_t543 + 0x268));
				if (_t518 - 0x10 < 0) goto 0x87cbec91;
				_t450 =  *((intOrPtr*)(_t543 + 0x250));
				if (_t518 + 1 - 0x1000 < 0) goto 0x87cbec8c;
				_t451 =  *((intOrPtr*)(_t450 - 8));
				if (_t450 - _t451 + 0xfffffff8 - 0x1f <= 0) goto 0x87cbec8c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_t372 =  *[gs:0x58];
				_t521 =  *((intOrPtr*)(_t372 + _t451 * 8));
				_t215 =  *(_t451 + _t521);
				if ((_t215 & 0x00000001) != 0) goto 0x87cbeccd;
				 *(_t451 + _t521) = _t215 | 0x00000001;
				asm("lock dec eax");
				 *((long long*)(_t521 + 0xe353f7cf)) = _t372;
				E00007FF87FF887CC80E0(_t372);
				if (_t372 == 0) goto 0x87cbecfd;
				 *((intOrPtr*)(_t372 + 8)) = 0;
				 *((long long*)(_t372 + 0x10)) =  *((intOrPtr*)(_t521 + 0xe353f7cf));
				 *_t372 = 0x87cdd4f8;
				asm("lock xadd [eax+0x8], ecx");
				goto 0x87cbed00;
				 *((long long*)(_t546 + 0x58)) = 0xe353f7cf;
				r8d = E00007FF87FF887CC77F0(0xffffffff, _t372, 0xe353f7cf,  *((intOrPtr*)(_t521 + 0xe353f7cf)), "ThreadId", _t521, _t543 + 0xc0, _t546 + 0x50);
				E00007FF87FF887CC8120( *((intOrPtr*)(_t521 + 0xe353f7cf)), _t546 + 0x70, _t543 + 0x20, _t540, _t546 + 0x58);
				_t374 =  *((intOrPtr*)(_t546 + 0x58));
				if (_t374 == 0) goto 0x87cbed5b;
				asm("lock xadd [edx], eax");
				if (0xffffffff != 1) goto 0x87cbed5b;
				_t456 =  ==  ? 0xe353f7cf : _t374 + 8 - 8;
				if (_t456 == 0) goto 0x87cbed5b;
				_t375 =  *_t456;
				 *_t375();
				E00007FF87FF887CBD640( *((intOrPtr*)(_t521 + 0xe353f7cf)), _t456, _t543 + 0xc0);
				_t536 = _t375;
				E00007FF87FF887CC80E0(_t375);
				_t393 = _t375;
				 *((long long*)(_t546 + 0x40)) = _t375;
				if (_t375 == 0) goto 0x87cbed9c;
				 *((intOrPtr*)(_t393 + 8)) = 0;
				 *_t393 = 0x87cdd528;
				_t132 = _t393 + 0x10; // 0x10
				E00007FF87FF887CAD4C0(0x87cdd528, _t393, _t132, _t536, _t540);
				 *_t393 = 0x87cdd558;
				goto 0x87cbeda0;
				if (_t393 == 0) goto 0x87cbedaf;
				asm("lock xadd [ebx+0x8], eax");
				 *((long long*)(_t546 + 0x48)) = _t393;
				r8d = E00007FF87FF887CC77F0(0xffffffff, _t393, 0x87cdd528, _t393, "Scope", _t536, _t543 + 0xc0, _t546 + 0x58);
				E00007FF87FF887CC8120(_t393, _t546 + 0x70, _t543 + 0x30, _t540, _t546 + 0x48);
				_t377 =  *((intOrPtr*)(_t546 + 0x48));
				if (_t377 == 0) goto 0x87cbee0a;
				asm("lock xadd [edx], esi");
				_t139 = _t540 - 1; // 0xfffffffe
				if (_t139 != 0) goto 0x87cbee0a;
				_t461 =  ==  ? _t536 : _t377 + 8 - 8;
				if (_t461 == 0) goto 0x87cbee0a;
				_t378 =  *_t461;
				 *_t378();
				if (E00007FF87FF887CC9AC0( *((intOrPtr*)(_t546 + 0x60))) == 0) goto 0x87cbee3b;
				E00007FF87FF887CCA9D0(0x30, 1, _t393, _t377 + 8);
				 *_t378 = r12d;
				_t234 = E00007FF87FF887CC9C80(_t378,  *((intOrPtr*)(_t546 + 0x60)), _t546 + 0x38);
				goto 0x87cbee43;
				_t465 = _t536;
				 *((long long*)(_t546 + 0x38)) = _t465;
				_t322 = _t465;
				if (_t322 == 0) goto 0x87cbefc7;
				__imp__??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ();
				 *((long long*)(_t543 + 0x120)) = 0x87cdd3a0;
				 *((long long*)(_t543 + 0x188)) = _t536;
				 *((long long*)(_t543 + 0x190)) = _t536;
				 *((char*)(_t543 + 0x198)) = 0;
				 *((long long*)( *((intOrPtr*)(_t543 + 0x140)))) = _t543 + 0x1a0;
				 *((long long*)( *((intOrPtr*)(_t543 + 0x160)))) = _t543 + 0x1a0;
				 *((intOrPtr*)( *((intOrPtr*)(_t543 + 0x178)))) = 0 - _t234 + 0x90;
				r9d = 1;
				r8d = 0;
				__imp__??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z();
				E00007FF87FF887CBE130(_t234, _t543 + 0x120, _t543 + 0x120);
				 *((long long*)(_t543 + 0x220)) = _t546 + 0x38;
				E00007FF87FF887CCDC80(0 - _t234 + 0x90, 0, 0xffffffff, _t322, _t543 + 0x120, _t543 + 0x120, _t540, _t564);
				r12d = r12d - 3;
				if (_t322 == 0) goto 0x87cbef30;
				r12d = r12d - 1;
				if (_t322 == 0) goto 0x87cbef21;
				if (r12d != 1) goto 0x87cbef49;
				r8d = _t565 + 0xb;
				goto 0x87cbef3d;
				r8d = 0xc;
				goto 0x87cbef3d;
				r8d = 0xa;
				E00007FF87FF887CBD2C0(_t543 + 0x120, _t543 + 0x120, "!WARNING! ", _t536, _t540, _t543, _t546 + 0x70, _t565, _t534);
				if ( *((long long*)(_t572 + 0x18)) - 0x10 < 0) goto 0x87cbef57;
				E00007FF87FF887CBD2C0(_t543 + 0x120, _t543 + 0x120,  *_t572, _t536, _t540, _t543,  *((intOrPtr*)(_t572 + 0x10)), _t538, _t542);
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				E00007FF87FF887CC9CA0(_t546 + 0x38,  *((intOrPtr*)(_t546 + 0x60)), _t546 + 0x38, _t546 + 0x48); // executed
				E00007FF87FF887CCDC10(_t543 + 0x120, _t546 + 0x38,  *((intOrPtr*)(_t572 + 0x10)));
				if ( *((long long*)(_t543 + 0x188)) == 0) goto 0x87cbefa7;
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				__imp__??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ();
				__imp__??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ();
				if ( *((intOrPtr*)(_t546 + 0x38)) == 0) goto 0x87cbefd6;
				E00007FF87FF887CC97F0( *((intOrPtr*)(_t546 + 0x38)));
				 *((long long*)(_t546 + 0x38)) = _t536;
				_t242 = E00007FF87FF887CBA280(_t546 + 0x38, _t543 + 0x120, _t546 + 0x60);
				0x87cc54f8();
				return E00007FF87FF887CC5E20(_t242, 0x30,  *(_t543 + 0x270) ^ _t546);
			}











































































                                                                                                                0x7ff887cbe600
                                                                                                                0x7ff887cbe610
                                                                                                                0x7ff887cbe618
                                                                                                                0x7ff887cbe61f
                                                                                                                0x7ff887cbe629
                                                                                                                0x7ff887cbe630
                                                                                                                0x7ff887cbe635
                                                                                                                0x7ff887cbe638
                                                                                                                0x7ff887cbe63b
                                                                                                                0x7ff887cbe63e
                                                                                                                0x7ff887cbe64c
                                                                                                                0x7ff887cbe653
                                                                                                                0x7ff887cbe65a
                                                                                                                0x7ff887cbe660
                                                                                                                0x7ff887cbe683
                                                                                                                0x7ff887cbe68d
                                                                                                                0x7ff887cbe690
                                                                                                                0x7ff887cbe69a
                                                                                                                0x7ff887cbe69e
                                                                                                                0x7ff887cbe6a6
                                                                                                                0x7ff887cbe6b3
                                                                                                                0x7ff887cbe6b7
                                                                                                                0x7ff887cbe6c9
                                                                                                                0x7ff887cbe6d7
                                                                                                                0x7ff887cbe6e0
                                                                                                                0x7ff887cbe6e7
                                                                                                                0x7ff887cbe6ee
                                                                                                                0x7ff887cbe6fd
                                                                                                                0x7ff887cbe706
                                                                                                                0x7ff887cbe70d
                                                                                                                0x7ff887cbe71c
                                                                                                                0x7ff887cbe725
                                                                                                                0x7ff887cbe72c
                                                                                                                0x7ff887cbe733
                                                                                                                0x7ff887cbe742
                                                                                                                0x7ff887cbe746
                                                                                                                0x7ff887cbe74a
                                                                                                                0x7ff887cbe756
                                                                                                                0x7ff887cbe75a
                                                                                                                0x7ff887cbe771
                                                                                                                0x7ff887cbe777
                                                                                                                0x7ff887cbe77e
                                                                                                                0x7ff887cbe782
                                                                                                                0x7ff887cbe78c
                                                                                                                0x7ff887cbe79a
                                                                                                                0x7ff887cbe79f
                                                                                                                0x7ff887cbe7a6
                                                                                                                0x7ff887cbe7ad
                                                                                                                0x7ff887cbe7b0
                                                                                                                0x7ff887cbe7b7
                                                                                                                0x7ff887cbe7ba
                                                                                                                0x7ff887cbe7c7
                                                                                                                0x7ff887cbe7cf
                                                                                                                0x7ff887cbe7db
                                                                                                                0x7ff887cbe7e2
                                                                                                                0x7ff887cbe7e7
                                                                                                                0x7ff887cbe7ee
                                                                                                                0x7ff887cbe7fd
                                                                                                                0x7ff887cbe804
                                                                                                                0x7ff887cbe807
                                                                                                                0x7ff887cbe80e
                                                                                                                0x7ff887cbe812
                                                                                                                0x7ff887cbe819
                                                                                                                0x7ff887cbe824
                                                                                                                0x7ff887cbe83a
                                                                                                                0x7ff887cbe84f
                                                                                                                0x7ff887cbe851
                                                                                                                0x7ff887cbe857
                                                                                                                0x7ff887cbe858
                                                                                                                0x7ff887cbe85f
                                                                                                                0x7ff887cbe866
                                                                                                                0x7ff887cbe871
                                                                                                                0x7ff887cbe878
                                                                                                                0x7ff887cbe880
                                                                                                                0x7ff887cbe893
                                                                                                                0x7ff887cbe8a8
                                                                                                                0x7ff887cbe8aa
                                                                                                                0x7ff887cbe8b0
                                                                                                                0x7ff887cbe8b1
                                                                                                                0x7ff887cbe8c1
                                                                                                                0x7ff887cbe8c7
                                                                                                                0x7ff887cbe8d0
                                                                                                                0x7ff887cbe8dd
                                                                                                                0x7ff887cbe8e4
                                                                                                                0x7ff887cbe8e8
                                                                                                                0x7ff887cbe8f0
                                                                                                                0x7ff887cbe8ff
                                                                                                                0x7ff887cbe90c
                                                                                                                0x7ff887cbe910
                                                                                                                0x7ff887cbe914
                                                                                                                0x7ff887cbe91d
                                                                                                                0x7ff887cbe922
                                                                                                                0x7ff887cbe926
                                                                                                                0x7ff887cbe92e
                                                                                                                0x7ff887cbe931
                                                                                                                0x7ff887cbe938
                                                                                                                0x7ff887cbe93c
                                                                                                                0x7ff887cbe943
                                                                                                                0x7ff887cbe948
                                                                                                                0x7ff887cbe94a
                                                                                                                0x7ff887cbe954
                                                                                                                0x7ff887cbe961
                                                                                                                0x7ff887cbe96e
                                                                                                                0x7ff887cbe97c
                                                                                                                0x7ff887cbe986
                                                                                                                0x7ff887cbe98a
                                                                                                                0x7ff887cbe991
                                                                                                                0x7ff887cbe99c
                                                                                                                0x7ff887cbe9a7
                                                                                                                0x7ff887cbe9ad
                                                                                                                0x7ff887cbe9b6
                                                                                                                0x7ff887cbe9be
                                                                                                                0x7ff887cbe9c0
                                                                                                                0x7ff887cbe9cb
                                                                                                                0x7ff887cbe9d3
                                                                                                                0x7ff887cbe9d8
                                                                                                                0x7ff887cbe9da
                                                                                                                0x7ff887cbe9e4
                                                                                                                0x7ff887cbe9ec
                                                                                                                0x7ff887cbe9f5
                                                                                                                0x7ff887cbea13
                                                                                                                0x7ff887cbea25
                                                                                                                0x7ff887cbea2d
                                                                                                                0x7ff887cbea31
                                                                                                                0x7ff887cbea3f
                                                                                                                0x7ff887cbea45
                                                                                                                0x7ff887cbea50
                                                                                                                0x7ff887cbea52
                                                                                                                0x7ff887cbea55
                                                                                                                0x7ff887cbea5b
                                                                                                                0x7ff887cbea5d
                                                                                                                0x7ff887cbea6d
                                                                                                                0x7ff887cbea77
                                                                                                                0x7ff887cbea7c
                                                                                                                0x7ff887cbea7f
                                                                                                                0x7ff887cbea83
                                                                                                                0x7ff887cbea8a
                                                                                                                0x7ff887cbea8f
                                                                                                                0x7ff887cbea96
                                                                                                                0x7ff887cbea9a
                                                                                                                0x7ff887cbeaa2
                                                                                                                0x7ff887cbeab9
                                                                                                                0x7ff887cbeac4
                                                                                                                0x7ff887cbead6
                                                                                                                0x7ff887cbead8
                                                                                                                0x7ff887cbeadb
                                                                                                                0x7ff887cbeadf
                                                                                                                0x7ff887cbeae3
                                                                                                                0x7ff887cbeae7
                                                                                                                0x7ff887cbeaeb
                                                                                                                0x7ff887cbeaef
                                                                                                                0x7ff887cbeaf7
                                                                                                                0x7ff887cbeafb
                                                                                                                0x7ff887cbeb03
                                                                                                                0x7ff887cbeb08
                                                                                                                0x7ff887cbeb0d
                                                                                                                0x7ff887cbeb23
                                                                                                                0x7ff887cbeb2f
                                                                                                                0x7ff887cbeb3a
                                                                                                                0x7ff887cbeb42
                                                                                                                0x7ff887cbeb4a
                                                                                                                0x7ff887cbeb51
                                                                                                                0x7ff887cbeb5a
                                                                                                                0x7ff887cbeb61
                                                                                                                0x7ff887cbeb69
                                                                                                                0x7ff887cbeb6c
                                                                                                                0x7ff887cbeb74
                                                                                                                0x7ff887cbeb87
                                                                                                                0x7ff887cbeb9c
                                                                                                                0x7ff887cbeb9e
                                                                                                                0x7ff887cbeba4
                                                                                                                0x7ff887cbeba5
                                                                                                                0x7ff887cbebab
                                                                                                                0x7ff887cbebb6
                                                                                                                0x7ff887cbebcc
                                                                                                                0x7ff887cbebe1
                                                                                                                0x7ff887cbebe3
                                                                                                                0x7ff887cbebe9
                                                                                                                0x7ff887cbebea
                                                                                                                0x7ff887cbebf0
                                                                                                                0x7ff887cbebfb
                                                                                                                0x7ff887cbec11
                                                                                                                0x7ff887cbec26
                                                                                                                0x7ff887cbec28
                                                                                                                0x7ff887cbec2e
                                                                                                                0x7ff887cbec2f
                                                                                                                0x7ff887cbec34
                                                                                                                0x7ff887cbec3b
                                                                                                                0x7ff887cbec46
                                                                                                                0x7ff887cbec4d
                                                                                                                0x7ff887cbec58
                                                                                                                0x7ff887cbec5d
                                                                                                                0x7ff887cbec6e
                                                                                                                0x7ff887cbec74
                                                                                                                0x7ff887cbec83
                                                                                                                0x7ff887cbec85
                                                                                                                0x7ff887cbec8b
                                                                                                                0x7ff887cbec8c
                                                                                                                0x7ff887cbec97
                                                                                                                0x7ff887cbeca0
                                                                                                                0x7ff887cbeca9
                                                                                                                0x7ff887cbecb3
                                                                                                                0x7ff887cbecb8
                                                                                                                0x7ff887cbecc0
                                                                                                                0x7ff887cbecc9
                                                                                                                0x7ff887cbecd6
                                                                                                                0x7ff887cbecde
                                                                                                                0x7ff887cbece0
                                                                                                                0x7ff887cbece3
                                                                                                                0x7ff887cbecee
                                                                                                                0x7ff887cbecf6
                                                                                                                0x7ff887cbecfb
                                                                                                                0x7ff887cbed00
                                                                                                                0x7ff887cbed16
                                                                                                                0x7ff887cbed22
                                                                                                                0x7ff887cbed28
                                                                                                                0x7ff887cbed30
                                                                                                                0x7ff887cbed38
                                                                                                                0x7ff887cbed3f
                                                                                                                0x7ff887cbed48
                                                                                                                0x7ff887cbed4f
                                                                                                                0x7ff887cbed51
                                                                                                                0x7ff887cbed59
                                                                                                                0x7ff887cbed5b
                                                                                                                0x7ff887cbed60
                                                                                                                0x7ff887cbed68
                                                                                                                0x7ff887cbed6d
                                                                                                                0x7ff887cbed70
                                                                                                                0x7ff887cbed78
                                                                                                                0x7ff887cbed7c
                                                                                                                0x7ff887cbed86
                                                                                                                0x7ff887cbed89
                                                                                                                0x7ff887cbed90
                                                                                                                0x7ff887cbed95
                                                                                                                0x7ff887cbed9a
                                                                                                                0x7ff887cbeda3
                                                                                                                0x7ff887cbedaa
                                                                                                                0x7ff887cbedaf
                                                                                                                0x7ff887cbedc5
                                                                                                                0x7ff887cbedd1
                                                                                                                0x7ff887cbedd7
                                                                                                                0x7ff887cbeddf
                                                                                                                0x7ff887cbede5
                                                                                                                0x7ff887cbede9
                                                                                                                0x7ff887cbedee
                                                                                                                0x7ff887cbedf7
                                                                                                                0x7ff887cbedfe
                                                                                                                0x7ff887cbee00
                                                                                                                0x7ff887cbee08
                                                                                                                0x7ff887cbee16
                                                                                                                0x7ff887cbee18
                                                                                                                0x7ff887cbee1d
                                                                                                                0x7ff887cbee2f
                                                                                                                0x7ff887cbee39
                                                                                                                0x7ff887cbee3b
                                                                                                                0x7ff887cbee3e
                                                                                                                0x7ff887cbee43
                                                                                                                0x7ff887cbee46
                                                                                                                0x7ff887cbee5a
                                                                                                                0x7ff887cbee67
                                                                                                                0x7ff887cbee6e
                                                                                                                0x7ff887cbee75
                                                                                                                0x7ff887cbee7c
                                                                                                                0x7ff887cbee91
                                                                                                                0x7ff887cbeea2
                                                                                                                0x7ff887cbeebb
                                                                                                                0x7ff887cbeebd
                                                                                                                0x7ff887cbeec3
                                                                                                                0x7ff887cbeed4
                                                                                                                0x7ff887cbeee2
                                                                                                                0x7ff887cbeeed
                                                                                                                0x7ff887cbeefb
                                                                                                                0x7ff887cbef01
                                                                                                                0x7ff887cbef05
                                                                                                                0x7ff887cbef07
                                                                                                                0x7ff887cbef0b
                                                                                                                0x7ff887cbef11
                                                                                                                0x7ff887cbef13
                                                                                                                0x7ff887cbef1f
                                                                                                                0x7ff887cbef21
                                                                                                                0x7ff887cbef2e
                                                                                                                0x7ff887cbef30
                                                                                                                0x7ff887cbef44
                                                                                                                0x7ff887cbef52
                                                                                                                0x7ff887cbef61
                                                                                                                0x7ff887cbef6d
                                                                                                                0x7ff887cbef7d
                                                                                                                0x7ff887cbef8a
                                                                                                                0x7ff887cbef98
                                                                                                                0x7ff887cbefa1
                                                                                                                0x7ff887cbefae
                                                                                                                0x7ff887cbefbb
                                                                                                                0x7ff887cbefca
                                                                                                                0x7ff887cbefcc
                                                                                                                0x7ff887cbefd1
                                                                                                                0x7ff887cbefdb
                                                                                                                0x7ff887cbefe4
                                                                                                                0x7ff887cbf012

                                                                                                                APIs
                                                                                                                • strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CBF02C
                                                                                                                  • Part of subcall function 00007FF887CBD640: __tlregdtor.LIBCMT ref: 00007FF887CBD690
                                                                                                                  • Part of subcall function 00007FF887CC17C0: _localtime64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF887CC17F4
                                                                                                                  • Part of subcall function 00007FF887CC17C0: strftime.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF887CC182E
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CBE851
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CBE8AA
                                                                                                                • _Mtx_unlock.MSVCP140 ref: 00007FF887CBE96E
                                                                                                                • AcquireSRWLockShared.KERNEL32 ref: 00007FF887CBE991
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CBE9DA
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CBEB9E
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CBEBE3
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CBEC28
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CBEC85
                                                                                                                • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF887CBEE5A
                                                                                                                • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF887CBEED4
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887CBEF6D
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887CBEFA1
                                                                                                                • ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF887CBEFAE
                                                                                                                • ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF887CBEFBB
                                                                                                                • ReleaseSRWLockShared.KERNEL32 ref: 00007FF887CBEFE4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: U?$char_traits@_invalid_parameter_noinfo_noreturn$D@std@@@std@@$?flush@?$basic_ostream@LockSharedV12@$??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_streambuf@AcquireD?$basic_ostream@D@std@@@1@_Mtx_unlockReleaseV?$basic_streambuf@__tlregdtor_localtime64strerrorstrftime
                                                                                                                • String ID: !!!ERROR!!! $!!!FATAL!!! $!WARNING! $FileName$Scope$ThreadId$Unknown error${}.{:03d} | {:<15} {}
                                                                                                                • API String ID: 1873823629-45781566
                                                                                                                • Opcode ID: f833bbec2a54a35c801347ec97c666b1a348a2b644d089022e23ab40bec8200b
                                                                                                                • Instruction ID: a41709073a684541d69a735f5d2999ffdbcdb334a3c29a5385fe611be95f0cfb
                                                                                                                • Opcode Fuzzy Hash: f833bbec2a54a35c801347ec97c666b1a348a2b644d089022e23ab40bec8200b
                                                                                                                • Instruction Fuzzy Hash: D6526A72A48A8685EB24CF25D8543AD37B2FB84BD4F404236EA5D477A5DF7CE684C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CAF010 Relevance: 35.4, APIs: 14, Strings: 6, Instructions: 426COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 201 7ff887caf010-7ff887caf076 202 7ff887caf085-7ff887caf08b 201->202 203 7ff887caf078-7ff887caf080 memset 201->203 204 7ff887caf091-7ff887caf0a4 _Mtx_lock 202->204 205 7ff887caf66c-7ff887caf6a0 call 7ff887cac8d0 call 7ff887cad750 _CxxThrowException 202->205 203->202 207 7ff887caf6a1-7ff887caf6a8 ?_Throw_C_error@std@@YAXH@Z 204->207 208 7ff887caf0aa-7ff887caf0b8 204->208 205->207 210 7ff887caf0f7-7ff887caf11d call 7ff887cacd20 208->210 211 7ff887caf0ba-7ff887caf0c7 208->211 219 7ff887caf123-7ff887caf137 210->219 220 7ff887caf634-7ff887caf66b call 7ff887caca90 call 7ff887cad5e0 _CxxThrowException 210->220 212 7ff887caf0d0-7ff887caf0eb call 7ff887cafb10 211->212 221 7ff887caf0ed-7ff887caf0f2 212->221 223 7ff887caf5c7-7ff887caf5fb _Mtx_unlock call 7ff887cc5e20 219->223 224 7ff887caf13d 219->224 220->205 221->210 227 7ff887caf140-7ff887caf16f call 7ff887cad4c0 call 7ff887cb3ff0 224->227 235 7ff887caf1a2-7ff887caf1c7 227->235 236 7ff887caf171-7ff887caf182 227->236 237 7ff887caf1c9 235->237 238 7ff887caf1cc-7ff887caf1ea call 7ff887cb3ff0 235->238 239 7ff887caf184-7ff887caf197 236->239 240 7ff887caf19d call 7ff887cc56e4 236->240 237->238 246 7ff887caf1ef-7ff887caf20b call 7ff887cb3ff0 238->246 247 7ff887caf1ec 238->247 239->240 241 7ff887caf5fc-7ff887caf602 _invalid_parameter_noinfo_noreturn 239->241 240->235 245 7ff887caf603-7ff887caf609 _invalid_parameter_noinfo_noreturn 241->245 248 7ff887caf60a-7ff887caf610 _invalid_parameter_noinfo_noreturn 245->248 253 7ff887caf211-7ff887caf214 246->253 254 7ff887caf414-7ff887caf435 246->254 247->246 250 7ff887caf611-7ff887caf617 _invalid_parameter_noinfo_noreturn 248->250 252 7ff887caf618-7ff887caf61e _invalid_parameter_noinfo_noreturn 250->252 255 7ff887caf61f-7ff887caf625 _invalid_parameter_noinfo_noreturn 252->255 258 7ff887caf4d4 253->258 259 7ff887caf21a-7ff887caf23d 253->259 257 7ff887caf440-7ff887caf44e 254->257 256 7ff887caf626-7ff887caf62c _invalid_parameter_noinfo_noreturn 255->256 260 7ff887caf62d-7ff887caf633 _invalid_parameter_noinfo_noreturn 256->260 257->257 262 7ff887caf450-7ff887caf48f call 7ff887cb4280 call 7ff887ca5600 257->262 261 7ff887caf4d7-7ff887caf4df 258->261 263 7ff887caf240-7ff887caf24e 259->263 260->220 264 7ff887caf4e1-7ff887caf4f7 261->264 265 7ff887caf517-7ff887caf530 261->265 282 7ff887caf494-7ff887caf49d 262->282 263->263 267 7ff887caf250-7ff887caf26e 263->267 268 7ff887caf512 call 7ff887cc56e4 264->268 269 7ff887caf4f9-7ff887caf50c 264->269 270 7ff887caf532-7ff887caf548 265->270 271 7ff887caf568-7ff887caf581 265->271 273 7ff887caf270-7ff887caf27e 267->273 268->265 269->255 269->268 278 7ff887caf563 call 7ff887cc56e4 270->278 279 7ff887caf54a-7ff887caf55d 270->279 275 7ff887caf583-7ff887caf59a 271->275 276 7ff887caf5b6-7ff887caf5c1 271->276 273->273 274 7ff887caf280-7ff887caf29d 273->274 283 7ff887caf2a0-7ff887caf2ae 274->283 284 7ff887caf5b1 call 7ff887cc56e4 275->284 285 7ff887caf59c-7ff887caf5af 275->285 276->223 276->227 278->271 279->256 279->278 286 7ff887caf4d0 282->286 287 7ff887caf49f-7ff887caf4b0 282->287 283->283 288 7ff887caf2b0-7ff887caf33f call 7ff887cb4280 * 3 call 7ff887cacec0 283->288 284->276 285->260 285->284 286->258 290 7ff887caf4b2-7ff887caf4c5 287->290 291 7ff887caf4cb call 7ff887cc56e4 287->291 301 7ff887caf372-7ff887caf38d 288->301 302 7ff887caf341-7ff887caf352 288->302 290->252 290->291 291->286 303 7ff887caf3c0-7ff887caf3d8 301->303 304 7ff887caf38f-7ff887caf3a0 301->304 305 7ff887caf354-7ff887caf367 302->305 306 7ff887caf36d call 7ff887cc56e4 302->306 309 7ff887caf3da-7ff887caf3eb 303->309 310 7ff887caf40b-7ff887caf40f 303->310 307 7ff887caf3a2-7ff887caf3b5 304->307 308 7ff887caf3bb call 7ff887cc56e4 304->308 305->245 305->306 306->301 307->248 307->308 308->303 313 7ff887caf406 call 7ff887cc56e4 309->313 314 7ff887caf3ed-7ff887caf400 309->314 310->261 313->310 314->250 314->313
                                                                                                                C-Code - Quality: 50%
                                                                                                                			E00007FF87FF887CAF010(intOrPtr __esi, long long __rbx, long long __rcx, long long __r9) {
				void* __rsi;
				void* __rbp;
				void* _t141;
				signed int _t152;
				signed int _t153;
				signed int _t162;
				intOrPtr _t171;
				signed int _t176;
				void* _t180;
				void* _t195;
				signed long long _t232;
				intOrPtr* _t235;
				signed long long _t238;
				signed short* _t243;
				long long _t256;
				intOrPtr* _t273;
				intOrPtr* _t275;
				signed short* _t289;
				signed short* _t292;
				signed short* _t304;
				intOrPtr _t323;
				intOrPtr _t343;
				intOrPtr _t346;
				intOrPtr _t349;
				intOrPtr _t357;
				signed long long _t360;
				signed long long _t363;
				signed long long _t366;
				void* _t369;
				void* _t372;
				intOrPtr _t374;
				long long _t375;
				long long _t376;
				long long _t377;
				long long _t378;
				void* _t380;
				intOrPtr* _t381;
				void* _t383;
				signed long long _t384;
				void* _t391;
				int _t393;
				intOrPtr* _t395;
				intOrPtr _t396;
				int _t398;
				long long _t399;
				void* _t401;
				long long* _t404;
				long long* _t405;

				 *((long long*)(_t383 + 0x10)) = __rbx;
				_t381 = _t383 - 0x30;
				_t384 = _t383 - 0x130;
				_t232 =  *0x87ceec78; // 0x53a27ff7578c
				 *(_t381 + 0x28) = _t232 ^ _t384;
				 *((long long*)(_t384 + 0x48)) = __r9;
				_t171 = r8d;
				 *((intOrPtr*)(_t384 + 0x40)) = _t171;
				 *((long long*)(_t384 + 0x58)) = __rcx;
				 *((intOrPtr*)(_t384 + 0x50)) = _t171;
				 *((long long*)(_t384 + 0x60)) =  *((intOrPtr*)(_t381 + 0x90));
				_t399 =  *((intOrPtr*)(_t381 + 0x98));
				r12d = __esi;
				r12d = r12d - r9d;
				 *((intOrPtr*)(_t384 + 0x44)) = r12d;
				if (r12d <= 0) goto 0x87caf085;
				memset(_t401, _t398, _t393);
				_t141 = __rbx - 1;
				if (_t141 - 1 > 0) goto 0x87caf66c;
				 *((long long*)(_t384 + 0x50)) = __rcx + 0x70;
				0x87cc5430(_t391, _t369, _t372, _t380);
				if (_t141 != 0) goto 0x87caf6a1;
				 *_t399 = _t141;
				_t395 =  *((intOrPtr*)(__rcx + 0x60));
				_t273 =  *_t395;
				if (_t273 == _t395) goto 0x87caf0f7;
				asm("o16 nop [eax+eax]");
				r8d =  *((intOrPtr*)(_t384 + 0x40));
				 *_t399 =  *_t399 + E00007FF87FF887CAFB10(_t273 - _t395,  *((intOrPtr*)(_t384 + 0x58)), _t273 + 0x10);
				if ( *_t273 != _t395) goto 0x87caf0d0;
				_t374 =  *((intOrPtr*)(_t384 + 0x60));
				_t404 =  *((intOrPtr*)(_t384 + 0x48));
				 *((long long*)(_t384 + 0x20)) = _t399;
				r8d = 0x122;
				E00007FF87FF887CACD20(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", _t381, "size needed is {}"); // executed
				if (r12d -  *_t399 < 0) goto 0x87caf634;
				_t396 =  *((intOrPtr*)(_t384 + 0x58));
				_t235 =  *((intOrPtr*)(_t396 + 0x60));
				 *((long long*)(_t384 + 0x48)) = _t235;
				_t275 =  *_t235;
				if (_t275 == _t235) goto 0x87caf5c7;
				r14d = 0;
				E00007FF87FF887CAD4C0(_t235, _t275, _t381 - 0x78,  *((intOrPtr*)(_t275 + 0x10)), _t374);
				_t322 =  >=  ?  *((void*)(_t381 - 0x78)) : _t381 - 0x78;
				E00007FF87FF887CB3FF0(_t171, _t275, _t384 + 0x68,  >=  ?  *((void*)(_t381 - 0x78)) : _t381 - 0x78, _t374, _t381);
				_t323 =  *((intOrPtr*)(_t381 - 0x60));
				if (_t323 - 0x10 < 0) goto 0x87caf1a2;
				if (_t323 + 1 - 0x1000 < 0) goto 0x87caf19d;
				_t238 =  *((intOrPtr*)(_t381 - 0x78)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x78)) - 8)) + 0xfffffff8;
				if (_t238 - 0x1f > 0) goto 0x87caf5fc;
				E00007FF87FF887CC56E4();
				 *((long long*)(_t381 - 0x68)) = _t399;
				 *((long long*)(_t381 - 0x60)) = 0xf;
				 *((char*)(_t381 - 0x78)) = 0;
				r12d = 2 + _t238 * 2;
				if ( *((long long*)(_t396 + 0x38)) - 0x10 < 0) goto 0x87caf1cc;
				E00007FF87FF887CB3FF0(_t171, _t275, _t381 - 0x38,  *((intOrPtr*)(_t396 + 0x20)), _t374, _t381);
				r14d = 2 + _t238 * 2;
				_t195 =  *((long long*)(_t396 + 0x58)) - 0x10;
				if (_t195 < 0) goto 0x87caf1ef;
				E00007FF87FF887CB3FF0(_t171, _t275, _t381 - 0x58,  *((intOrPtr*)(_t396 + 0x40)), _t374, _t381);
				r8d = 2 + _t238 * 2;
				if (_t195 == 0) goto 0x87caf414;
				if ( *((intOrPtr*)(_t384 + 0x40)) - 1 != 1) goto 0x87caf4d4;
				asm("xorps xmm0, xmm0");
				asm("inc ecx");
				asm("inc ecx");
				_t375 = _t374 - r14d;
				_t289 =  >=  ?  *((void*)(_t381 - 0x38)) : _t381 - 0x38;
				_t152 =  *_t289 & 0x0000ffff;
				 *(_t289 + _t375 - _t289) = _t152;
				if (_t152 != 0) goto 0x87caf240;
				 *((long long*)(_t404 + 8)) = _t375;
				_t376 = _t375 - r8d;
				_t292 =  >=  ?  *((void*)(_t381 - 0x58)) : _t381 - 0x58;
				_t153 =  *_t292 & 0x0000ffff;
				 *(_t292 + _t376 - _t292) = _t153;
				if (_t153 != 0) goto 0x87caf270;
				 *((long long*)(_t404 + 0x10)) = _t376;
				_t377 = _t376 - r12d;
				_t243 =  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68;
				_t176 =  *_t243 & 0x0000ffff;
				 *(_t243 + _t377 - _t243) = _t176;
				if (_t176 != 0) goto 0x87caf2a0;
				 *_t404 = _t377;
				_t337 =  >=  ?  *((void*)(_t381 - 0x58)) : _t381 - 0x58;
				E00007FF87FF887CB4280(_t180, _t275, _t381 - 0x18,  >=  ?  *((void*)(_t381 - 0x58)) : _t381 - 0x58, _t377, _t381);
				_t339 =  >=  ?  *((void*)(_t381 - 0x38)) : _t381 - 0x38;
				E00007FF87FF887CB4280(_t180, _t275, _t381 + 8,  >=  ?  *((void*)(_t381 - 0x38)) : _t381 - 0x38, _t377, _t381);
				_t341 =  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68;
				E00007FF87FF887CB4280(_t180, _t275, _t381 - 0x78,  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68, _t377, _t381);
				 *((long long*)(_t384 + 0x30)) = _t381 - 0x18;
				 *((long long*)(_t384 + 0x28)) = _t381 + 8;
				 *((long long*)(_t384 + 0x20)) = _t381 - 0x78;
				r8d = 0x145;
				E00007FF87FF887CACEC0(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", _t381, "copy port \'{}\', \'{}\', \'{}\'");
				_t343 =  *((intOrPtr*)(_t381 - 0x60));
				if (_t343 - 0x10 < 0) goto 0x87caf372;
				if (_t343 + 1 - 0x1000 < 0) goto 0x87caf36d;
				if ( *((intOrPtr*)(_t381 - 0x78)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x78)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87caf603;
				E00007FF87FF887CC56E4();
				r14d = 0;
				 *((long long*)(_t381 - 0x68)) = _t399;
				 *((long long*)(_t381 - 0x60)) = 0xf;
				 *((intOrPtr*)(_t381 - 0x78)) = r14b;
				_t346 =  *((intOrPtr*)(_t381 + 0x20));
				if (_t346 - 0x10 < 0) goto 0x87caf3c0;
				if (_t346 + 1 - 0x1000 < 0) goto 0x87caf3bb;
				if ( *((intOrPtr*)(_t381 + 8)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 + 8)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87caf60a;
				E00007FF87FF887CC56E4();
				 *((long long*)(_t381 + 0x18)) = _t399;
				 *((long long*)(_t381 + 0x20)) = 0xf;
				 *((char*)(_t381 + 8)) = 0;
				_t349 =  *_t381;
				if (_t349 - 0x10 < 0) goto 0x87caf40b;
				if (_t349 + 1 - 0x1000 < 0) goto 0x87caf406;
				_t256 =  *((intOrPtr*)(_t381 - 0x18)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x18)) - 8)) + 0xfffffff8;
				if (_t256 - 0x1f > 0) goto 0x87caf611;
				E00007FF87FF887CC56E4();
				_t405 = _t404 + 0x20;
				goto 0x87caf4d7;
				 *_t405 = _t256;
				_t378 = _t377 - r12d;
				_t304 =  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68;
				asm("o16 nop [eax+eax]");
				_t162 =  *_t304 & 0x0000ffff;
				 *(_t378 - _t304 + _t304) = _t162;
				if (_t162 != 0) goto 0x87caf440;
				 *_t405 = _t378;
				_t355 =  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68;
				E00007FF87FF887CB4280(_t180, _t275, _t381 - 0x18,  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68, _t378, _t381);
				 *((long long*)(_t384 + 0x20)) = _t381 - 0x18;
				r8d = 0x134;
				E00007FF87FF887CA5600(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "copy port \'{}\'"); // executed
				_t357 =  *_t381;
				if (_t357 - 0x10 < 0) goto 0x87caf4d0;
				if (_t357 + 1 - 0x1000 < 0) goto 0x87caf4cb;
				if ( *((intOrPtr*)(_t381 - 0x18)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x18)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87caf618;
				E00007FF87FF887CC56E4();
				r14d = 0;
				_t360 =  *((intOrPtr*)(_t381 - 0x40));
				if (_t360 - 8 < 0) goto 0x87caf517;
				if (2 + _t360 * 2 - 0x1000 < 0) goto 0x87caf512;
				if ( *((intOrPtr*)(_t381 - 0x58)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x58)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87caf61f;
				E00007FF87FF887CC56E4();
				 *((long long*)(_t381 - 0x48)) = _t399;
				 *((long long*)(_t381 - 0x40)) = 7;
				 *((intOrPtr*)(_t381 - 0x58)) = r14w;
				_t363 =  *((intOrPtr*)(_t381 - 0x20));
				if (_t363 - 8 < 0) goto 0x87caf568;
				if (2 + _t363 * 2 - 0x1000 < 0) goto 0x87caf563;
				if ( *((intOrPtr*)(_t381 - 0x38)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x38)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87caf626;
				E00007FF87FF887CC56E4();
				 *((long long*)(_t381 - 0x28)) = _t399;
				 *((long long*)(_t381 - 0x20)) = 7;
				 *((intOrPtr*)(_t381 - 0x38)) = r14w;
				_t366 =  *((intOrPtr*)(_t381 - 0x80));
				if (_t366 - 8 < 0) goto 0x87caf5b6;
				if (2 + _t366 * 2 - 0x1000 < 0) goto 0x87caf5b1;
				if ( *((intOrPtr*)(_t384 + 0x68)) -  *((intOrPtr*)( *((intOrPtr*)(_t384 + 0x68)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87caf62d;
				E00007FF87FF887CC56E4();
				if ( *_t275 !=  *((intOrPtr*)(_t384 + 0x48))) goto 0x87caf140;
				0x87cc5436();
				return E00007FF87FF887CC5E20( *((intOrPtr*)(_t396 + 0x68)), 1,  *(_t381 + 0x28) ^ _t384);
			}



















































                                                                                                                0x7ff887caf010
                                                                                                                0x7ff887caf020
                                                                                                                0x7ff887caf025
                                                                                                                0x7ff887caf02c
                                                                                                                0x7ff887caf036
                                                                                                                0x7ff887caf03d
                                                                                                                0x7ff887caf042
                                                                                                                0x7ff887caf045
                                                                                                                0x7ff887caf04c
                                                                                                                0x7ff887caf051
                                                                                                                0x7ff887caf05c
                                                                                                                0x7ff887caf061
                                                                                                                0x7ff887caf068
                                                                                                                0x7ff887caf06b
                                                                                                                0x7ff887caf06e
                                                                                                                0x7ff887caf076
                                                                                                                0x7ff887caf080
                                                                                                                0x7ff887caf085
                                                                                                                0x7ff887caf08b
                                                                                                                0x7ff887caf095
                                                                                                                0x7ff887caf09d
                                                                                                                0x7ff887caf0a4
                                                                                                                0x7ff887caf0aa
                                                                                                                0x7ff887caf0ad
                                                                                                                0x7ff887caf0b1
                                                                                                                0x7ff887caf0b8
                                                                                                                0x7ff887caf0c7
                                                                                                                0x7ff887caf0d4
                                                                                                                0x7ff887caf0df
                                                                                                                0x7ff887caf0eb
                                                                                                                0x7ff887caf0ed
                                                                                                                0x7ff887caf0f2
                                                                                                                0x7ff887caf0f7
                                                                                                                0x7ff887caf103
                                                                                                                0x7ff887caf115
                                                                                                                0x7ff887caf11d
                                                                                                                0x7ff887caf123
                                                                                                                0x7ff887caf128
                                                                                                                0x7ff887caf12c
                                                                                                                0x7ff887caf131
                                                                                                                0x7ff887caf137
                                                                                                                0x7ff887caf13d
                                                                                                                0x7ff887caf148
                                                                                                                0x7ff887caf157
                                                                                                                0x7ff887caf161
                                                                                                                0x7ff887caf167
                                                                                                                0x7ff887caf16f
                                                                                                                0x7ff887caf182
                                                                                                                0x7ff887caf18f
                                                                                                                0x7ff887caf197
                                                                                                                0x7ff887caf19d
                                                                                                                0x7ff887caf1a2
                                                                                                                0x7ff887caf1a6
                                                                                                                0x7ff887caf1ae
                                                                                                                0x7ff887caf1b6
                                                                                                                0x7ff887caf1c7
                                                                                                                0x7ff887caf1d0
                                                                                                                0x7ff887caf1d9
                                                                                                                0x7ff887caf1e5
                                                                                                                0x7ff887caf1ea
                                                                                                                0x7ff887caf1f3
                                                                                                                0x7ff887caf1fc
                                                                                                                0x7ff887caf20b
                                                                                                                0x7ff887caf214
                                                                                                                0x7ff887caf21a
                                                                                                                0x7ff887caf21d
                                                                                                                0x7ff887caf221
                                                                                                                0x7ff887caf229
                                                                                                                0x7ff887caf235
                                                                                                                0x7ff887caf240
                                                                                                                0x7ff887caf243
                                                                                                                0x7ff887caf24e
                                                                                                                0x7ff887caf250
                                                                                                                0x7ff887caf257
                                                                                                                0x7ff887caf263
                                                                                                                0x7ff887caf270
                                                                                                                0x7ff887caf273
                                                                                                                0x7ff887caf27e
                                                                                                                0x7ff887caf280
                                                                                                                0x7ff887caf287
                                                                                                                0x7ff887caf294
                                                                                                                0x7ff887caf2a0
                                                                                                                0x7ff887caf2a3
                                                                                                                0x7ff887caf2ae
                                                                                                                0x7ff887caf2b0
                                                                                                                0x7ff887caf2bc
                                                                                                                0x7ff887caf2c5
                                                                                                                0x7ff887caf2d4
                                                                                                                0x7ff887caf2dd
                                                                                                                0x7ff887caf2ed
                                                                                                                0x7ff887caf2f7
                                                                                                                0x7ff887caf301
                                                                                                                0x7ff887caf30a
                                                                                                                0x7ff887caf313
                                                                                                                0x7ff887caf31f
                                                                                                                0x7ff887caf331
                                                                                                                0x7ff887caf337
                                                                                                                0x7ff887caf33f
                                                                                                                0x7ff887caf352
                                                                                                                0x7ff887caf367
                                                                                                                0x7ff887caf36d
                                                                                                                0x7ff887caf372
                                                                                                                0x7ff887caf375
                                                                                                                0x7ff887caf379
                                                                                                                0x7ff887caf381
                                                                                                                0x7ff887caf385
                                                                                                                0x7ff887caf38d
                                                                                                                0x7ff887caf3a0
                                                                                                                0x7ff887caf3b5
                                                                                                                0x7ff887caf3bb
                                                                                                                0x7ff887caf3c0
                                                                                                                0x7ff887caf3c4
                                                                                                                0x7ff887caf3cc
                                                                                                                0x7ff887caf3d0
                                                                                                                0x7ff887caf3d8
                                                                                                                0x7ff887caf3eb
                                                                                                                0x7ff887caf3f8
                                                                                                                0x7ff887caf400
                                                                                                                0x7ff887caf406
                                                                                                                0x7ff887caf40b
                                                                                                                0x7ff887caf40f
                                                                                                                0x7ff887caf416
                                                                                                                0x7ff887caf41c
                                                                                                                0x7ff887caf429
                                                                                                                0x7ff887caf435
                                                                                                                0x7ff887caf440
                                                                                                                0x7ff887caf443
                                                                                                                0x7ff887caf44e
                                                                                                                0x7ff887caf450
                                                                                                                0x7ff887caf45d
                                                                                                                0x7ff887caf467
                                                                                                                0x7ff887caf471
                                                                                                                0x7ff887caf47d
                                                                                                                0x7ff887caf48f
                                                                                                                0x7ff887caf495
                                                                                                                0x7ff887caf49d
                                                                                                                0x7ff887caf4b0
                                                                                                                0x7ff887caf4c5
                                                                                                                0x7ff887caf4cb
                                                                                                                0x7ff887caf4d4
                                                                                                                0x7ff887caf4d7
                                                                                                                0x7ff887caf4df
                                                                                                                0x7ff887caf4f7
                                                                                                                0x7ff887caf50c
                                                                                                                0x7ff887caf512
                                                                                                                0x7ff887caf517
                                                                                                                0x7ff887caf51b
                                                                                                                0x7ff887caf523
                                                                                                                0x7ff887caf528
                                                                                                                0x7ff887caf530
                                                                                                                0x7ff887caf548
                                                                                                                0x7ff887caf55d
                                                                                                                0x7ff887caf563
                                                                                                                0x7ff887caf568
                                                                                                                0x7ff887caf56c
                                                                                                                0x7ff887caf574
                                                                                                                0x7ff887caf579
                                                                                                                0x7ff887caf581
                                                                                                                0x7ff887caf59a
                                                                                                                0x7ff887caf5af
                                                                                                                0x7ff887caf5b1
                                                                                                                0x7ff887caf5c1
                                                                                                                0x7ff887caf5ce
                                                                                                                0x7ff887caf5fb

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ExceptionThrow$C_error@std@@Mtx_lockMtx_unlockThrow_memset
                                                                                                                • String ID: buffer has capacity of {}, while {} is needed$c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$copy port '{}'$copy port '{}', '{}', '{}'$port level {} is not valid$size needed is {}
                                                                                                                • API String ID: 2180992759-3307107698
                                                                                                                • Opcode ID: 64d2944b245513e16204c50df8fe7ce7a03d7c54656a64c6661d9a089f48e29d
                                                                                                                • Instruction ID: cb8767bc9db06651eef744a2fa196d7d1cf1f5b63b2959a4b2625f162e10b73b
                                                                                                                • Opcode Fuzzy Hash: 64d2944b245513e16204c50df8fe7ce7a03d7c54656a64c6661d9a089f48e29d
                                                                                                                • Instruction Fuzzy Hash: 27028CA2B58B8286EF00DF68E4442AD7772FB447D9F504232EA5D57AE9DF38E585C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CC5A7C Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                C-Code - Quality: 23%
                                                                                                                			E00007FF87FF887CC5A7C(long long __rax, struct _CRITICAL_SECTION* __rbx, void* __r9, void* _a8) {

				InitializeCriticalSectionAndSpinCount(__rbx);
				GetModuleHandleW(??); // executed
				if (__rax != 0) goto 0x87cc5ac2;
				GetModuleHandleW(??);
				if (__rax == 0) goto 0x87cc5b41;
				GetProcAddress(??, ??);
				GetProcAddress(??, ??);
				if (__rax == 0) goto 0x87cc5aff;
				if (__rax == 0) goto 0x87cc5aff;
				 *0x87cf1cf8 = __rax;
				 *0x87cf1d00 = __rax;
				goto 0x87cc5b1d;
				r9d = 0;
				r8d = 0;
				CreateEventW(??, ??, ??, ??);
				 *0x87cf1cc8 = __rax;
				if (__rax == 0) goto 0x87cc5b41;
				if (E00007FF87FF887CC58B4(0, __rax) == 0) goto 0x87cc5b41;
				E00007FF87FF887CC5A64(E00007FF87FF887CC58B4(0, __rax), __rax);
				return 0;
			}



                                                                                                                0x7ff887cc5a92
                                                                                                                0x7ff887cc5a9f
                                                                                                                0x7ff887cc5aab
                                                                                                                0x7ff887cc5ab4
                                                                                                                0x7ff887cc5ac0
                                                                                                                0x7ff887cc5acc
                                                                                                                0x7ff887cc5adf
                                                                                                                0x7ff887cc5ae8
                                                                                                                0x7ff887cc5aed
                                                                                                                0x7ff887cc5aef
                                                                                                                0x7ff887cc5af6
                                                                                                                0x7ff887cc5afd
                                                                                                                0x7ff887cc5aff
                                                                                                                0x7ff887cc5b02
                                                                                                                0x7ff887cc5b0b
                                                                                                                0x7ff887cc5b11
                                                                                                                0x7ff887cc5b1b
                                                                                                                0x7ff887cc5b26
                                                                                                                0x7ff887cc5b2f
                                                                                                                0x7ff887cc5b40

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                • API String ID: 2565136772-3242537097
                                                                                                                • Opcode ID: c8cfeb344181279118086e9f2cb6b3128fcfa3d55be4f53d8fd81bed13088254
                                                                                                                • Instruction ID: 61155f2eca9f69fd489441c19e2c8f7aeb399f0db93dc1e9b0c685404cb6f592
                                                                                                                • Opcode Fuzzy Hash: c8cfeb344181279118086e9f2cb6b3128fcfa3d55be4f53d8fd81bed13088254
                                                                                                                • Instruction Fuzzy Hash: B421E920E99A4392FB64DF25F8A557C6AB3BF987C4F584439C91E036A6EF2CB445C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CBE430 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 122COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FF887CBC078,?,?,?,00007FF887CBD3C7), ref: 00007FF887CBE44F
                                                                                                                • ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FF887CBC078,?,?,?,00007FF887CBD3C7), ref: 00007FF887CBE45D
                                                                                                                • ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FF887CBC078,?,?,?,00007FF887CBD3C7), ref: 00007FF887CBE477
                                                                                                                • ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FF887CBC078,?,?,?,00007FF887CBD3C7), ref: 00007FF887CBE4A2
                                                                                                                • ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FF887CBC078,?,?,?,00007FF887CBD3C7), ref: 00007FF887CBE4CE
                                                                                                                • std::_Facet_Register.LIBCPMT ref: 00007FF887CBE4EB
                                                                                                                • ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FF887CBC078,?,?,?,00007FF887CBD3C7), ref: 00007FF887CBE50A
                                                                                                                • ?length@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1_K@Z.MSVCP140 ref: 00007FF887CBE531
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887CBE578
                                                                                                                • _localtime64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF887CBE584
                                                                                                                  • Part of subcall function 00007FF887CAD810: __std_exception_copy.VCRUNTIME140 ref: 00007FF887CAD83F
                                                                                                                  • Part of subcall function 00007FF887CB7ED0: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF887CBE5AE), ref: 00007FF887CB7EED
                                                                                                                  • Part of subcall function 00007FF887CB7ED0: _CxxThrowException.VCRUNTIME140 ref: 00007FF887CB7F20
                                                                                                                  • Part of subcall function 00007FF887CB7ED0: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,?,?,00000000), ref: 00007FF887CBD34F
                                                                                                                  • Part of subcall function 00007FF887CB7ED0: ?uncaught_exception@std@@YA_NXZ.MSVCP140(?,?,?,?,?,00000000), ref: 00007FF887CBD3DA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: D@std@@@std@@ExceptionLockit@std@@Mbstatet@@@std@@ThrowU?$char_traits@$??0_??1_?flush@?$basic_ostream@?getloc@?$basic_streambuf@?length@?$codecvt@_?uncaught_exception@std@@Bid@locale@std@@Concurrency::cancel_current_taskFacet_Getcat@?$codecvt@_Getgloballocale@locale@std@@Locimp@12@Mbstatet@@RegisterV12@V42@@Vfacet@locale@2@Vlocale@2@__std_exception_copy_localtime64std::_
                                                                                                                • String ID: could not convert calendar time to local time
                                                                                                                • API String ID: 566687407-4174379530
                                                                                                                • Opcode ID: e0b18ba387cdb8e38a93999f095384cc3ee146f97ad26351995e2e579ce75053
                                                                                                                • Instruction ID: 50297c5d5c540aef368e8ed2f81580b1aa93cf00ea21892770debaf3f1d0ac40
                                                                                                                • Opcode Fuzzy Hash: e0b18ba387cdb8e38a93999f095384cc3ee146f97ad26351995e2e579ce75053
                                                                                                                • Instruction Fuzzy Hash: 58519D62A48B8581EB149F15E48026EBB72FB84FD0F484635EB9E07BA9DF3CD544C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CABF60 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 241COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 366 7ff887cabf60-7ff887cac00c OutputDebugStringA call 7ff887cbd640 369 7ff887cac00e-7ff887cac017 366->369 370 7ff887cac02c-7ff887cac046 call 7ff887cc06f0 366->370 371 7ff887cac019 369->371 372 7ff887cac01c-7ff887cac027 call 7ff887ca9100 369->372 376 7ff887cac080-7ff887cac0e1 call 7ff887cb4280 call 7ff887ca5600 370->376 377 7ff887cac048-7ff887cac05d 370->377 371->372 372->370 386 7ff887cac0e3-7ff887cac0f8 376->386 387 7ff887cac11b-7ff887cac14c call 7ff887cae0d0 call 7ff887cb4280 call 7ff887cafe00 376->387 378 7ff887cac07b call 7ff887cc56e4 377->378 379 7ff887cac05f-7ff887cac072 377->379 378->376 379->378 381 7ff887cac074-7ff887cac07a _invalid_parameter_noinfo_noreturn 379->381 381->378 389 7ff887cac116 call 7ff887cc56e4 386->389 390 7ff887cac0fa-7ff887cac10d 386->390 398 7ff887cac187-7ff887cac1a8 387->398 399 7ff887cac14e-7ff887cac163 387->399 389->387 390->389 392 7ff887cac10f-7ff887cac115 _invalid_parameter_noinfo_noreturn 390->392 392->389 402 7ff887cac3f8-7ff887cac40b call 7ff887cc5c04 398->402 403 7ff887cac1ae-7ff887cac31c call 7ff887ca5db0 398->403 400 7ff887cac181-7ff887cac186 call 7ff887cc56e4 399->400 401 7ff887cac165-7ff887cac178 399->401 400->398 401->400 404 7ff887cac17a-7ff887cac180 _invalid_parameter_noinfo_noreturn 401->404 402->403 411 7ff887cac411-7ff887cac41e call 7ff887cc56a8 402->411 408 7ff887cac321-7ff887cac341 call 7ff887cc06f0 403->408 404->400 416 7ff887cac343-7ff887cac358 408->416 417 7ff887cac37c-7ff887cac3f7 call 7ff887cc5e20 408->417 418 7ff887cac420-7ff887cac442 411->418 419 7ff887cac449-7ff887cac46a call 7ff887cc5a64 call 7ff887cc5ba4 411->419 420 7ff887cac376-7ff887cac37b call 7ff887cc56e4 416->420 421 7ff887cac35a-7ff887cac36d 416->421 418->419 419->403 420->417 421->420 424 7ff887cac36f-7ff887cac375 _invalid_parameter_noinfo_noreturn 421->424 424->420
                                                                                                                C-Code - Quality: 20%
                                                                                                                			E00007FF87FF887CABF60(long long __rbx, void* __rcx, void* __rbp, void* __r14, long long _a16) {
				signed int _v16;
				intOrPtr _v24;
				char _v48;
				intOrPtr _v56;
				char _v80;
				long long _v88;
				long long _v96;
				char _v106;
				short _v108;
				char _v112;
				long long _v128;
				long long _v168;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				long long _v208;
				long long _v216;
				long long _v224;
				long long _v232;
				long long _v240;
				long long _v248;
				long long _v256;
				char _v264;
				long long _v280;
				char _t73;
				void* _t100;
				void* _t112;
				signed long long _t120;
				signed long long _t121;
				long long _t125;
				intOrPtr _t134;
				intOrPtr* _t135;
				long long _t149;
				intOrPtr _t154;
				void* _t159;
				intOrPtr _t160;
				intOrPtr _t174;
				signed long long _t175;
				char _t177;
				long long _t185;
				intOrPtr _t190;
				intOrPtr _t195;
				void* _t196;
				intOrPtr _t199;
				intOrPtr _t202;
				void* _t206;
				void* _t207;
				void* _t208;
				void* _t211;

				_t215 = __r14;
				_t207 = __rbp;
				_a16 = __rbx;
				_t209 = _t208 - 0x130;
				_t120 =  *0x87ceec78; // 0x53a27ff7578c
				_t121 = _t120 ^ _t208 - 0x00000130;
				_v16 = _t121;
				_t159 = __rcx;
				OutputDebugStringA(??); // executed
				_v112 = 0;
				_v88 = 0xf;
				_v96 = 6;
				_t73 = "system"; // 0x74737973
				_v112 = _t73;
				_v108 =  *0x87cdba84 & 0x0000ffff;
				_v106 = 0;
				_v80 = 0;
				asm("movdqa xmm0, [0x303b5]");
				asm("movdqu [esp+0xf8], xmm0");
				_v80 = 0;
				E00007FF87FF887CBD640(__rcx, "wfaxport.dll initialize", _t211);
				if ( &_v80 == _t121) goto 0x87cac02c;
				_t212 =  *((intOrPtr*)(_t121 + 0x10));
				if ( *((long long*)(_t121 + 0x18)) - 0x10 < 0) goto 0x87cac01c;
				E00007FF87FF887CA9100(_t159,  &_v80,  *_t121,  *((intOrPtr*)(_t121 + 0x10)), __r14);
				E00007FF87FF887CC06F0( *((long long*)(_t121 + 0x18)) - 0x10,  *_t121,  &_v112,  *((intOrPtr*)(_t121 + 0x10)));
				_t185 = _v88;
				if (_t185 - 0x10 < 0) goto 0x87cac080;
				if (_t185 + 1 - 0x1000 < 0) goto 0x87cac07b;
				_t125 = _v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8;
				if (_t125 - 0x1f <= 0) goto 0x87cac07b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v96 = 0;
				_v88 = 0xf;
				_v112 = 0;
				E00007FF87FF887CB4280(_t100, _t159,  &_v48, _t159, _t206, _t207);
				_v280 = _t125;
				r8d = 0xd7;
				E00007FF87FF887CA5600(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "InitializePrintMonitor \'{}\'"); // executed
				_t190 = _v24;
				if (_t190 - 0x10 < 0) goto 0x87cac11b;
				_t170 = _v48;
				if (_t190 + 1 - 0x1000 < 0) goto 0x87cac116;
				if (_v48 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cac116;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CAE0D0( *((intOrPtr*)(_t170 - 8)), _t190 + 0x28);
				E00007FF87FF887CB4280(_t100, _t159,  &_v48, _t159, _t206, _t207);
				E00007FF87FF887CAFE00(_v48 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8 - 0x1f, _t159, _v48 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8, _v48 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8, _t207,  *((intOrPtr*)(_t121 + 0x10)), _t215); // executed
				_t195 = _v24;
				if (_t195 - 0x10 < 0) goto 0x87cac187;
				_t196 = _t195 + 1;
				_t174 = _v48;
				if (_t196 - 0x1000 < 0) goto 0x87cac181;
				_t175 =  *((intOrPtr*)(_t174 - 8));
				if (_t174 - _t175 + 0xfffffff8 - 0x1f <= 0) goto 0x87cac181;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_t112 =  *0x87cf1a88 -  *((intOrPtr*)(_t196 + 0x27 +  *((intOrPtr*)( *[gs:0x58] + _t175 * 8)))); // 0x8000000c
				if (_t112 > 0) goto 0x87cac3f8;
				_t134 =  *0x87cf1a80; // 0xc28570
				asm("xorps xmm0, xmm0");
				asm("movups [eax+0x8], xmm0");
				asm("movups [eax+0x18], xmm0");
				asm("movups [eax+0x28], xmm0");
				asm("movups [eax+0x38], xmm0");
				asm("movups [eax+0x48], xmm0");
				asm("movups [eax+0x58], xmm0");
				asm("movups [eax+0x68], xmm0");
				asm("movups [eax+0x78], xmm0");
				 *(_t134 + 0x88) = _t175;
				_t135 =  *0x87cf1a80; // 0xc28570
				 *_t135 = 0x88;
				_v256 = 0x7ff887caa1f0;
				_v248 = 0x7ff887caa620;
				_v240 = 0x7ff887caa8e0;
				_v232 = 0x7ff887caab60;
				_v224 = 0x7ff887caae80;
				_v216 = 0x7ff887caa8f0;
				_v208 = 0x7ff887caa000;
				_v200 = 0x7ff887ca9780;
				_v192 = 0x7ff887ca93c0;
				_v184 = 0x7ff887ca9770;
				_v176 = 0x7ff887ca9980;
				_v168 = 0x7ff887ca9c50;
				asm("xorps xmm2, xmm2");
				_v128 = 0x7ff887ca9c50;
				asm("movups xmm0, [esp+0x38]");
				asm("movups [eax+0x8], xmm0");
				asm("movups xmm1, [esp+0x48]");
				asm("movups [eax+0x18], xmm1");
				asm("movups xmm0, [esp+0x58]");
				asm("movups [eax+0x28], xmm0");
				asm("movups xmm1, [esp+0x68]");
				asm("movups [eax+0x38], xmm1");
				asm("movups xmm0, [esp+0x78]");
				asm("movups [eax+0x48], xmm0");
				asm("movups xmm1, [esp+0x88]");
				asm("movups [eax+0x58], xmm1");
				asm("movups [eax+0x68], xmm2");
				asm("movups [eax+0x78], xmm2");
				asm("movsd xmm0, [esp+0xb8]");
				asm("movsd [eax+0x88], xmm0");
				_t149 =  *0x87cf1a80; // 0xc28570
				_v264 = _t149;
				_v280 =  &_v264;
				r8d = 0xf0;
				E00007FF87FF887CA5DB0(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "return MONITOREX {:#x}");
				_t160 =  *0x87cf1a80; // 0xc28570
				E00007FF87FF887CC06F0(_t112,  &_v264,  &_v80,  *((intOrPtr*)(_t121 + 0x10)));
				_t199 = _v56;
				if (_t199 - 0x10 < 0) goto 0x87cac37c;
				_t177 = _v80;
				if (_t199 + 1 - 0x1000 < 0) goto 0x87cac376;
				_t115 = _t177 -  *((intOrPtr*)(_t177 - 8)) + 0xfffffff8 - 0x1f;
				if (_t177 -  *((intOrPtr*)(_t177 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cac376;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_t154 = _t160;
				E00007FF87FF887CC06F0(_t115, _t154,  &_v80, _t212);
				_t202 = _v56;
				if (_t202 - 0x10 < 0) goto 0x87cac3d5;
				if (_t202 + 1 - 0x1000 < 0) goto 0x87cac3cf;
				if (_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cac3cf;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				return E00007FF87FF887CC5E20(0, 1, _v16 ^ _t209);
			}





















































                                                                                                                0x7ff887cabf60
                                                                                                                0x7ff887cabf60
                                                                                                                0x7ff887cabf60
                                                                                                                0x7ff887cabf66
                                                                                                                0x7ff887cabf6d
                                                                                                                0x7ff887cabf74
                                                                                                                0x7ff887cabf77
                                                                                                                0x7ff887cabf7f
                                                                                                                0x7ff887cabf89
                                                                                                                0x7ff887cabf8f
                                                                                                                0x7ff887cabf9b
                                                                                                                0x7ff887cabfa7
                                                                                                                0x7ff887cabfb3
                                                                                                                0x7ff887cabfb9
                                                                                                                0x7ff887cabfc7
                                                                                                                0x7ff887cabfcf
                                                                                                                0x7ff887cabfd7
                                                                                                                0x7ff887cabfe3
                                                                                                                0x7ff887cabfeb
                                                                                                                0x7ff887cabff4
                                                                                                                0x7ff887cabffc
                                                                                                                0x7ff887cac00c
                                                                                                                0x7ff887cac00e
                                                                                                                0x7ff887cac017
                                                                                                                0x7ff887cac027
                                                                                                                0x7ff887cac034
                                                                                                                0x7ff887cac03a
                                                                                                                0x7ff887cac046
                                                                                                                0x7ff887cac05d
                                                                                                                0x7ff887cac06a
                                                                                                                0x7ff887cac072
                                                                                                                0x7ff887cac074
                                                                                                                0x7ff887cac07a
                                                                                                                0x7ff887cac07b
                                                                                                                0x7ff887cac080
                                                                                                                0x7ff887cac08c
                                                                                                                0x7ff887cac098
                                                                                                                0x7ff887cac0ab
                                                                                                                0x7ff887cac0b1
                                                                                                                0x7ff887cac0bd
                                                                                                                0x7ff887cac0cf
                                                                                                                0x7ff887cac0d5
                                                                                                                0x7ff887cac0e1
                                                                                                                0x7ff887cac0e6
                                                                                                                0x7ff887cac0f8
                                                                                                                0x7ff887cac10d
                                                                                                                0x7ff887cac10f
                                                                                                                0x7ff887cac115
                                                                                                                0x7ff887cac116
                                                                                                                0x7ff887cac11b
                                                                                                                0x7ff887cac12e
                                                                                                                0x7ff887cac13a
                                                                                                                0x7ff887cac140
                                                                                                                0x7ff887cac14c
                                                                                                                0x7ff887cac14e
                                                                                                                0x7ff887cac151
                                                                                                                0x7ff887cac163
                                                                                                                0x7ff887cac169
                                                                                                                0x7ff887cac178
                                                                                                                0x7ff887cac17a
                                                                                                                0x7ff887cac180
                                                                                                                0x7ff887cac181
                                                                                                                0x7ff887cac1a2
                                                                                                                0x7ff887cac1a8
                                                                                                                0x7ff887cac1ae
                                                                                                                0x7ff887cac1b5
                                                                                                                0x7ff887cac1ba
                                                                                                                0x7ff887cac1be
                                                                                                                0x7ff887cac1c2
                                                                                                                0x7ff887cac1c6
                                                                                                                0x7ff887cac1ca
                                                                                                                0x7ff887cac1ce
                                                                                                                0x7ff887cac1d2
                                                                                                                0x7ff887cac1d6
                                                                                                                0x7ff887cac1da
                                                                                                                0x7ff887cac1e1
                                                                                                                0x7ff887cac1e8
                                                                                                                0x7ff887cac1f5
                                                                                                                0x7ff887cac201
                                                                                                                0x7ff887cac20d
                                                                                                                0x7ff887cac219
                                                                                                                0x7ff887cac225
                                                                                                                0x7ff887cac231
                                                                                                                0x7ff887cac23d
                                                                                                                0x7ff887cac249
                                                                                                                0x7ff887cac255
                                                                                                                0x7ff887cac261
                                                                                                                0x7ff887cac270
                                                                                                                0x7ff887cac27f
                                                                                                                0x7ff887cac287
                                                                                                                0x7ff887cac28c
                                                                                                                0x7ff887cac29b
                                                                                                                0x7ff887cac2a0
                                                                                                                0x7ff887cac2a4
                                                                                                                0x7ff887cac2a9
                                                                                                                0x7ff887cac2ad
                                                                                                                0x7ff887cac2b2
                                                                                                                0x7ff887cac2b6
                                                                                                                0x7ff887cac2bb
                                                                                                                0x7ff887cac2bf
                                                                                                                0x7ff887cac2c4
                                                                                                                0x7ff887cac2c8
                                                                                                                0x7ff887cac2d0
                                                                                                                0x7ff887cac2d4
                                                                                                                0x7ff887cac2d8
                                                                                                                0x7ff887cac2dc
                                                                                                                0x7ff887cac2e5
                                                                                                                0x7ff887cac2ed
                                                                                                                0x7ff887cac2f4
                                                                                                                0x7ff887cac2fe
                                                                                                                0x7ff887cac30a
                                                                                                                0x7ff887cac31c
                                                                                                                0x7ff887cac321
                                                                                                                0x7ff887cac330
                                                                                                                0x7ff887cac335
                                                                                                                0x7ff887cac341
                                                                                                                0x7ff887cac346
                                                                                                                0x7ff887cac358
                                                                                                                0x7ff887cac369
                                                                                                                0x7ff887cac36d
                                                                                                                0x7ff887cac36f
                                                                                                                0x7ff887cac375
                                                                                                                0x7ff887cac376
                                                                                                                0x7ff887cac37c
                                                                                                                0x7ff887cac389
                                                                                                                0x7ff887cac38e
                                                                                                                0x7ff887cac39a
                                                                                                                0x7ff887cac3b1
                                                                                                                0x7ff887cac3c6
                                                                                                                0x7ff887cac3c8
                                                                                                                0x7ff887cac3ce
                                                                                                                0x7ff887cac3cf
                                                                                                                0x7ff887cac3f7

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$DebugOutputString__tlregdtor
                                                                                                                • String ID: InitializePrintMonitor '{}'$c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$return MONITOREX {:#x}$system$wfaxport.dll initialize
                                                                                                                • API String ID: 4009608328-1001868195
                                                                                                                • Opcode ID: d29b204d750ee2104ba942948662fceb891a18b0ed60b6343b5aa9bbfca1335b
                                                                                                                • Instruction ID: 7513db50e61034f113982cc45942ccde42b7c94667d470d86c02a09666cef090
                                                                                                                • Opcode Fuzzy Hash: d29b204d750ee2104ba942948662fceb891a18b0ed60b6343b5aa9bbfca1335b
                                                                                                                • Instruction Fuzzy Hash: 74D15B62E59B8285E760CB14E9403BDB772FB99794F109236DA9D037A6EF6CE1C4C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB0020 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 193COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 432 7ff887cb0020-7ff887cb0083 call 7ff887cb3d90 call 7ff887cb3c10 437 7ff887cb00f5 432->437 438 7ff887cb0085-7ff887cb008e 432->438 439 7ff887cb00f7-7ff887cb0103 437->439 440 7ff887cb0090-7ff887cb00a2 438->440 441 7ff887cb00be-7ff887cb00f3 438->441 442 7ff887cb0105-7ff887cb011a 439->442 443 7ff887cb013e-7ff887cb0156 call 7ff887cb3b40 439->443 444 7ff887cb00a4-7ff887cb00b7 440->444 445 7ff887cb00b9 call 7ff887cc56e4 440->445 441->439 446 7ff887cb0138-7ff887cb013d call 7ff887cc56e4 442->446 447 7ff887cb011c-7ff887cb012f 442->447 455 7ff887cb0158-7ff887cb017a call 7ff887ca5600 443->455 456 7ff887cb017f-7ff887cb0202 call 7ff887ca49b0 call 7ff887cb3b40 443->456 444->445 449 7ff887cb0131-7ff887cb0137 _invalid_parameter_noinfo_noreturn 444->449 445->441 446->443 447->446 447->449 449->446 455->456 462 7ff887cb0204-7ff887cb0229 call 7ff887ca5600 456->462 463 7ff887cb022e-7ff887cb02b3 call 7ff887ca49b0 call 7ff887cb3b40 456->463 462->463 468 7ff887cb02b8-7ff887cb02ba 463->468 469 7ff887cb02e6-7ff887cb0325 468->469 470 7ff887cb02bc-7ff887cb02e1 call 7ff887ca5600 468->470 471 7ff887cb0327-7ff887cb033c 469->471 472 7ff887cb035f-7ff887cb0384 469->472 470->469 474 7ff887cb035a call 7ff887cc56e4 471->474 475 7ff887cb033e-7ff887cb0351 471->475 476 7ff887cb0386-7ff887cb0398 472->476 477 7ff887cb03bb-7ff887cb03e2 call 7ff887cc5e20 472->477 474->472 475->474 478 7ff887cb0353-7ff887cb0359 _invalid_parameter_noinfo_noreturn 475->478 480 7ff887cb03b6 call 7ff887cc56e4 476->480 481 7ff887cb039a-7ff887cb03ad 476->481 478->474 480->477 481->480 483 7ff887cb03af-7ff887cb03b5 _invalid_parameter_noinfo_noreturn 481->483 483->480
                                                                                                                C-Code - Quality: 36%
                                                                                                                			E00007FF87FF887CB0020(long long __rbx, long long __rcx, long long __rsi, void* __r8, long long _a16, long long _a24) {
				void* _v8;
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v88;
				long long _v96;
				char _v104;
				long long _v112;
				long long _v120;
				char _v136;
				long long _v144;
				long long _v152;
				char _v168;
				long long _v176;
				char _v184;
				long long _v208;
				long long _v216;
				long long _v232;
				void* __rdi;
				void* _t77;
				void* _t81;
				void* _t84;
				void* _t87;
				void* _t92;
				signed long long _t118;
				signed long long _t119;
				long long _t170;
				intOrPtr _t173;
				long long _t181;
				intOrPtr _t184;
				long long _t187;
				signed long long _t189;
				void* _t191;
				void* _t192;
				void* _t195;
				void* _t202;

				_t195 = __r8;
				_a16 = __rbx;
				_a24 = __rsi;
				_t193 = _t192 - 0x100;
				_t118 =  *0x87ceec78; // 0x53a27ff7578c
				_t119 = _t118 ^ _t192 - 0x00000100;
				_v24 = _t119;
				_v104 = __rcx;
				_t77 = E00007FF87FF887CB3D90(_t92, __rcx,  &_v168, __rsi, _t191, __r8, _t202);
				asm("movups xmm0, [0x2e0f7]");
				asm("movaps [esp+0x30], xmm0");
				E00007FF87FF887CB3C10(_t77, _t92, __rcx,  &_v56, _t195, _t202); // executed
				_t189 = _t119;
				if ( &_v168 == _t189) goto 0x87cb00f5;
				_t170 = _v144;
				if (_t170 - 0x10 < 0) goto 0x87cb00be;
				if (_t170 + 1 - 0x1000 < 0) goto 0x87cb00b9;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87cb0131;
				E00007FF87FF887CC56E4();
				_v152 = _t187;
				_v144 = 0xf;
				_v168 = dil;
				asm("movups xmm0, [esi]");
				asm("movups [esp+0x60], xmm0");
				asm("movups xmm1, [esi+0x10]");
				asm("movups [esp+0x70], xmm1");
				 *((long long*)(_t189 + 0x10)) = _t187;
				 *((long long*)(_t189 + 0x18)) = 0xf;
				 *_t189 = dil;
				goto 0x87cb00f7;
				_t173 = _v32;
				if (_t173 - 0x10 < 0) goto 0x87cb013e;
				if (_t173 + 1 - 0x1000 < 0) goto 0x87cb0138;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cb0138;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_t81 = E00007FF87FF887CB3B40( &_v168); // executed
				if (_t81 != 0) goto 0x87cb017f;
				_v232 =  &_v168;
				r8d = 0x1d;
				E00007FF87FF887CA5600(_t195 - 0x19, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create ProgramData dir \'{}\'");
				_t129 =  >=  ? _v168 :  &_v168;
				_v104 =  >=  ? _v168 :  &_v168;
				_v96 = _v152;
				_v184 = 0xe;
				_v176 =  &_v104;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x30], xmm0");
				_v184 = "{}\\Wildix";
				_v176 = 9;
				E00007FF87FF887CA49B0(_v104,  &_v136, _t187, _t189);
				_t84 = E00007FF87FF887CB3B40( &_v136); // executed
				if (_t84 != 0) goto 0x87cb022e;
				_v232 =  &_v136;
				r8d = 0x20;
				E00007FF87FF887CA5600( &_v216 - 0x1c, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create Wildix dir \'{}\'");
				_t135 =  >=  ? _v136 :  &_v136;
				_v184 =  >=  ? _v136 :  &_v136;
				_v176 = _v120;
				_v216 = 0xe;
				_v208 =  &_v184;
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0xd0], xmm0");
				_v216 = "{}\\FaxPrinter";
				_v208 = 0xd;
				E00007FF87FF887CA49B0(_v104,  &_v88, _t187, _t189);
				_t87 = E00007FF87FF887CB3B40( &_v88); // executed
				if (_t87 != 0) goto 0x87cb02e6;
				_v232 =  &_v88;
				r8d = 0x23;
				E00007FF87FF887CA5600( &_v56 - 0x1f, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create printing dir \'{}\'");
				asm("movups xmm0, [esp+0xb0]");
				asm("movups [ebx], xmm0");
				asm("movups xmm1, [esp+0xc0]");
				asm("movups [ebx+0x10], xmm1");
				_v72 = _t187;
				_v64 = 0xf;
				_v88 = 0;
				_t181 = _v112;
				if (_t181 - 0x10 < 0) goto 0x87cb035f;
				if (_t181 + 1 - 0x1000 < 0) goto 0x87cb035a;
				if (_v136 -  *((intOrPtr*)(_v136 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cb035a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v120 = _t187;
				_v112 = 0xf;
				_v136 = 0;
				_t184 = _v144;
				if (_t184 - 0x10 < 0) goto 0x87cb03bb;
				if (_t184 + 1 - 0x1000 < 0) goto 0x87cb03b6;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cb03b6;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887CC5E20(E00007FF87FF887CC56E4(),  &_v56 - 0x1f, _v24 ^ _t193);
			}









































                                                                                                                0x7ff887cb0020
                                                                                                                0x7ff887cb0020
                                                                                                                0x7ff887cb0025
                                                                                                                0x7ff887cb002b
                                                                                                                0x7ff887cb0032
                                                                                                                0x7ff887cb0039
                                                                                                                0x7ff887cb003c
                                                                                                                0x7ff887cb0047
                                                                                                                0x7ff887cb0054
                                                                                                                0x7ff887cb005a
                                                                                                                0x7ff887cb0061
                                                                                                                0x7ff887cb0073
                                                                                                                0x7ff887cb0078
                                                                                                                0x7ff887cb0083
                                                                                                                0x7ff887cb0085
                                                                                                                0x7ff887cb008e
                                                                                                                0x7ff887cb00a2
                                                                                                                0x7ff887cb00b7
                                                                                                                0x7ff887cb00b9
                                                                                                                0x7ff887cb00c0
                                                                                                                0x7ff887cb00c5
                                                                                                                0x7ff887cb00ce
                                                                                                                0x7ff887cb00d3
                                                                                                                0x7ff887cb00d6
                                                                                                                0x7ff887cb00db
                                                                                                                0x7ff887cb00df
                                                                                                                0x7ff887cb00e4
                                                                                                                0x7ff887cb00e8
                                                                                                                0x7ff887cb00f0
                                                                                                                0x7ff887cb00f3
                                                                                                                0x7ff887cb00f7
                                                                                                                0x7ff887cb0103
                                                                                                                0x7ff887cb011a
                                                                                                                0x7ff887cb012f
                                                                                                                0x7ff887cb0131
                                                                                                                0x7ff887cb0137
                                                                                                                0x7ff887cb0138
                                                                                                                0x7ff887cb014f
                                                                                                                0x7ff887cb0156
                                                                                                                0x7ff887cb015d
                                                                                                                0x7ff887cb0169
                                                                                                                0x7ff887cb017a
                                                                                                                0x7ff887cb018a
                                                                                                                0x7ff887cb0190
                                                                                                                0x7ff887cb019d
                                                                                                                0x7ff887cb01a5
                                                                                                                0x7ff887cb01b6
                                                                                                                0x7ff887cb01bb
                                                                                                                0x7ff887cb01c0
                                                                                                                0x7ff887cb01cd
                                                                                                                0x7ff887cb01d2
                                                                                                                0x7ff887cb01ed
                                                                                                                0x7ff887cb01fb
                                                                                                                0x7ff887cb0202
                                                                                                                0x7ff887cb020c
                                                                                                                0x7ff887cb0218
                                                                                                                0x7ff887cb0229
                                                                                                                0x7ff887cb023f
                                                                                                                0x7ff887cb0248
                                                                                                                0x7ff887cb0255
                                                                                                                0x7ff887cb025a
                                                                                                                0x7ff887cb0268
                                                                                                                0x7ff887cb026d
                                                                                                                0x7ff887cb0272
                                                                                                                0x7ff887cb0282
                                                                                                                0x7ff887cb0287
                                                                                                                0x7ff887cb02a5
                                                                                                                0x7ff887cb02b3
                                                                                                                0x7ff887cb02ba
                                                                                                                0x7ff887cb02c4
                                                                                                                0x7ff887cb02d0
                                                                                                                0x7ff887cb02e1
                                                                                                                0x7ff887cb02e6
                                                                                                                0x7ff887cb02ee
                                                                                                                0x7ff887cb02f1
                                                                                                                0x7ff887cb02f9
                                                                                                                0x7ff887cb02fd
                                                                                                                0x7ff887cb0305
                                                                                                                0x7ff887cb0311
                                                                                                                0x7ff887cb0319
                                                                                                                0x7ff887cb0325
                                                                                                                0x7ff887cb033c
                                                                                                                0x7ff887cb0351
                                                                                                                0x7ff887cb0353
                                                                                                                0x7ff887cb0359
                                                                                                                0x7ff887cb035a
                                                                                                                0x7ff887cb035f
                                                                                                                0x7ff887cb0367
                                                                                                                0x7ff887cb0373
                                                                                                                0x7ff887cb037b
                                                                                                                0x7ff887cb0384
                                                                                                                0x7ff887cb0398
                                                                                                                0x7ff887cb03ad
                                                                                                                0x7ff887cb03af
                                                                                                                0x7ff887cb03b5
                                                                                                                0x7ff887cb03e2

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CB3D90: GetTempPathW.KERNEL32 ref: 00007FF887CB3DDA
                                                                                                                  • Part of subcall function 00007FF887CB3D90: GetLastError.KERNEL32 ref: 00007FF887CB3DE4
                                                                                                                  • Part of subcall function 00007FF887CB3D90: WideCharToMultiByte.KERNEL32 ref: 00007FF887CB3E63
                                                                                                                  • Part of subcall function 00007FF887CB3D90: WideCharToMultiByte.KERNEL32 ref: 00007FF887CB3E9C
                                                                                                                  • Part of subcall function 00007FF887CB3C10: WideCharToMultiByte.KERNEL32 ref: 00007FF887CB3CE0
                                                                                                                  • Part of subcall function 00007FF887CB3C10: WideCharToMultiByte.KERNEL32 ref: 00007FF887CB3D19
                                                                                                                  • Part of subcall function 00007FF887CB3C10: CoTaskMemFree.OLE32 ref: 00007FF887CB3D27
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CB0131
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$ErrorFreeLastPathTaskTemp_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't create ProgramData dir '{}'$couldn't create Wildix dir '{}'$couldn't create printing dir '{}'${}\FaxPrinter${}\Wildix
                                                                                                                • API String ID: 965925647-3675253893
                                                                                                                • Opcode ID: 4b7fa8c768ee2c16942a9a368381ddd9c296f7df4a3629eeaca66301d26fb190
                                                                                                                • Instruction ID: ed5377e3e7a1811192877986e12b50b354464cb9d5f19387ed25ec17846a629d
                                                                                                                • Opcode Fuzzy Hash: 4b7fa8c768ee2c16942a9a368381ddd9c296f7df4a3629eeaca66301d26fb190
                                                                                                                • Instruction Fuzzy Hash: 3FA11C62658BC585EB20CB24F4443AEB362FB943D4F505236E6DD53AAAEF7CD184C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB0140 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 127COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                C-Code - Quality: 45%
                                                                                                                			E00007FF87FF887CB0140(long long __rdi, void* __rsi, void* __r8, long long _a32, long long _a48, long long _a56, char _a80, long long _a88, char _a96, long long _a112, intOrPtr _a120, char _a128, long long _a144, long long _a152, char _a160, long long _a168, char _a176, long long _a192, long long _a200, char _a208, signed int _a240, void* _a256) {
				void* _t58;
				void* _t61;
				void* _t64;
				long long _t123;
				intOrPtr _t126;
				long long _t129;
				signed long long _t133;

				_t131 = __rsi;
				_t129 = __rdi;
				_t58 = E00007FF87FF887CB3B40( &_a96); // executed
				if (_t58 != 0) goto 0x87cb017f;
				_a32 =  &_a96;
				r8d = 0x1d;
				E00007FF87FF887CA5600(__r8 - 0x19, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create ProgramData dir \'{}\'");
				_t87 =  >=  ? _a96 :  &_a96;
				_a160 =  >=  ? _a96 :  &_a96;
				_a168 = _a112;
				_a80 = 0xe;
				_a88 =  &_a160;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x30], xmm0");
				_a80 = "{}\\Wildix";
				_a88 = 9;
				E00007FF87FF887CA49B0(_a160,  &_a128, __rdi, __rsi);
				_t61 = E00007FF87FF887CB3B40( &_a128); // executed
				if (_t61 != 0) goto 0x87cb022e;
				_a32 =  &_a128;
				r8d = 0x20;
				E00007FF87FF887CA5600( &_a48 - 0x1c, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create Wildix dir \'{}\'");
				_t93 =  >=  ? _a128 :  &_a128;
				_a80 =  >=  ? _a128 :  &_a128;
				_a88 = _a144;
				_a48 = 0xe;
				_a56 =  &_a80;
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0xd0], xmm0");
				_a48 = "{}\\FaxPrinter";
				_a56 = 0xd;
				E00007FF87FF887CA49B0(_a160,  &_a176, _t129, _t131);
				_t64 = E00007FF87FF887CB3B40( &_a176); // executed
				if (_t64 != 0) goto 0x87cb02e6;
				_a32 =  &_a176;
				r8d = 0x23;
				E00007FF87FF887CA5600( &_a208 - 0x1f, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create printing dir \'{}\'");
				asm("movups xmm0, [esp+0xb0]");
				asm("movups [ebx], xmm0");
				asm("movups xmm1, [esp+0xc0]");
				asm("movups [ebx+0x10], xmm1");
				_a192 = _t129;
				_a200 = 0xf;
				_a176 = 0;
				_t123 = _a152;
				if (_t123 - 0x10 < 0) goto 0x87cb035f;
				if (_t123 + 1 - 0x1000 < 0) goto 0x87cb035a;
				if (_a128 -  *((intOrPtr*)(_a128 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cb035a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_a144 = _t129;
				_a152 = 0xf;
				_a128 = 0;
				_t126 = _a120;
				if (_t126 - 0x10 < 0) goto 0x87cb03bb;
				if (_t126 + 1 - 0x1000 < 0) goto 0x87cb03b6;
				if (_a96 -  *((intOrPtr*)(_a96 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cb03b6;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887CC5E20(E00007FF87FF887CC56E4(),  &_a208 - 0x1f, _a240 ^ _t133);
			}










                                                                                                                0x7ff887cb0140
                                                                                                                0x7ff887cb0140
                                                                                                                0x7ff887cb014f
                                                                                                                0x7ff887cb0156
                                                                                                                0x7ff887cb015d
                                                                                                                0x7ff887cb0169
                                                                                                                0x7ff887cb017a
                                                                                                                0x7ff887cb018a
                                                                                                                0x7ff887cb0190
                                                                                                                0x7ff887cb019d
                                                                                                                0x7ff887cb01a5
                                                                                                                0x7ff887cb01b6
                                                                                                                0x7ff887cb01bb
                                                                                                                0x7ff887cb01c0
                                                                                                                0x7ff887cb01cd
                                                                                                                0x7ff887cb01d2
                                                                                                                0x7ff887cb01ed
                                                                                                                0x7ff887cb01fb
                                                                                                                0x7ff887cb0202
                                                                                                                0x7ff887cb020c
                                                                                                                0x7ff887cb0218
                                                                                                                0x7ff887cb0229
                                                                                                                0x7ff887cb023f
                                                                                                                0x7ff887cb0248
                                                                                                                0x7ff887cb0255
                                                                                                                0x7ff887cb025a
                                                                                                                0x7ff887cb0268
                                                                                                                0x7ff887cb026d
                                                                                                                0x7ff887cb0272
                                                                                                                0x7ff887cb0282
                                                                                                                0x7ff887cb0287
                                                                                                                0x7ff887cb02a5
                                                                                                                0x7ff887cb02b3
                                                                                                                0x7ff887cb02ba
                                                                                                                0x7ff887cb02c4
                                                                                                                0x7ff887cb02d0
                                                                                                                0x7ff887cb02e1
                                                                                                                0x7ff887cb02e6
                                                                                                                0x7ff887cb02ee
                                                                                                                0x7ff887cb02f1
                                                                                                                0x7ff887cb02f9
                                                                                                                0x7ff887cb02fd
                                                                                                                0x7ff887cb0305
                                                                                                                0x7ff887cb0311
                                                                                                                0x7ff887cb0319
                                                                                                                0x7ff887cb0325
                                                                                                                0x7ff887cb033c
                                                                                                                0x7ff887cb0351
                                                                                                                0x7ff887cb0353
                                                                                                                0x7ff887cb0359
                                                                                                                0x7ff887cb035a
                                                                                                                0x7ff887cb035f
                                                                                                                0x7ff887cb0367
                                                                                                                0x7ff887cb0373
                                                                                                                0x7ff887cb037b
                                                                                                                0x7ff887cb0384
                                                                                                                0x7ff887cb0398
                                                                                                                0x7ff887cb03ad
                                                                                                                0x7ff887cb03af
                                                                                                                0x7ff887cb03b5
                                                                                                                0x7ff887cb03e2

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CB3B40: CreateDirectoryW.KERNELBASE ref: 00007FF887CB3B7F
                                                                                                                  • Part of subcall function 00007FF887CB3B40: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CB3BC0
                                                                                                                  • Part of subcall function 00007FF887CB3B40: GetLastError.KERNEL32 ref: 00007FF887CB3BD0
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CB0353
                                                                                                                  • Part of subcall function 00007FF887CA5600: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA574B
                                                                                                                  • Part of subcall function 00007FF887CA5600: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA5792
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CB03AF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CreateDirectoryErrorLast
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't create ProgramData dir '{}'$couldn't create Wildix dir '{}'$couldn't create printing dir '{}'${}\FaxPrinter${}\Wildix
                                                                                                                • API String ID: 3337396845-3675253893
                                                                                                                • Opcode ID: bc4d2d5f8bdbedb0a4f703c6c7585547c95cd15cfb6ae6dd60a5954717e37821
                                                                                                                • Instruction ID: 3c91fef1c31adb97726f8c5c801de5ac9f2678a3aa41f061a1edf023771a9a96
                                                                                                                • Opcode Fuzzy Hash: bc4d2d5f8bdbedb0a4f703c6c7585547c95cd15cfb6ae6dd60a5954717e37821
                                                                                                                • Instruction Fuzzy Hash: 9861FE72658BC585EB60CB54F4443AEB366FB95394F404236EADD43A9AEF7CD188CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CABD60 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 113threadCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                C-Code - Quality: 60%
                                                                                                                			E00007FF87FF887CABD60(void* __edx, long long __rbx, long long __rcx, void* __rbp, void* __r14, long long _a16) {
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v80;
				char _v88;
				char _v104;
				long long _v120;
				signed long long _t64;
				long long _t76;
				long long _t91;
				intOrPtr _t97;
				long long _t100;
				void* _t102;
				void* _t105;

				_t76 = __rbx;
				_a16 = __rbx;
				_t64 =  *0x87ceec78; // 0x53a27ff7578c
				_v24 = _t64 ^ _t102 - 0x00000090;
				_t100 = __rcx;
				_v64 = 0xf;
				_v72 = 8;
				_v88 = 0x5f6c6c64;
				_v80 = 0;
				_v56 = 0;
				asm("movdqa xmm0, [0x305e5]");
				asm("movdqu [esp+0x70], xmm0");
				_v56 = 0;
				E00007FF87FF887CBD640(__rbx, __rcx, _t105);
				if ( &_v56 == 0x5f6c6c64) goto 0x87cabdf0;
				if ( *0x6E69616D5F6C6C7C - 0x10 < 0) goto 0x87cabde3;
				E00007FF87FF887CA9100(_t76,  &_v56,  *0x5f6c6c64,  *0x6E69616D5F6C6C74, __r14);
				E00007FF87FF887CC06F0( *0x6E69616D5F6C6C7C - 0x10,  *0x5f6c6c64,  &_v88,  *0x6E69616D5F6C6C74);
				_t91 = _v64;
				if (_t91 - 0x10 < 0) goto 0x87cabe3b;
				if (_t91 + 1 - 0x1000 < 0) goto 0x87cabe36;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cabe36;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v72 = 0;
				_v64 = 0xf;
				_v88 = 0;
				E00007FF87FF887CC06D0(0, __edx, _v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f, _v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8,  *((intOrPtr*)(_v88 - 8)), _t91 + 0x28,  *0x6E69616D5F6C6C74); // executed
				if (__edx == 0) goto 0x87cabebc;
				if (__edx != 1) goto 0x87cabeea;
				_v104 = _t100;
				_v120 =  &_v104;
				r8d = 0xfb;
				E00007FF87FF887CA5DB0(__edx, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "process attach, instance {:#x}"); // executed
				if (DisableThreadLibraryCalls(??) != 0) goto 0x87cabeea;
				r8d = 0xfd;
				E00007FF87FF887CA52D0(_t76 + 2, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "DisableThreadLibraryCalls() failed");
				goto 0x87cabeea;
				_v104 = _t100;
				_v120 =  &_v104;
				r8d = 0x101;
				E00007FF87FF887CA5DB0(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "process detach, instance {:#x}");
				E00007FF87FF887CC06F0(DisableThreadLibraryCalls(??),  &_v104,  &_v56,  *0x6E69616D5F6C6C74);
				_t97 = _v32;
				if (_t97 - 0x10 < 0) goto 0x87cabf35;
				if (_t97 + 1 - 0x1000 < 0) goto 0x87cabf2f;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cabf2f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				return E00007FF87FF887CC5E20(1, 1, _v24 ^ _t102 - 0x00000090);
			}



















                                                                                                                0x7ff887cabd60
                                                                                                                0x7ff887cabd60
                                                                                                                0x7ff887cabd6d
                                                                                                                0x7ff887cabd77
                                                                                                                0x7ff887cabd81
                                                                                                                0x7ff887cabd84
                                                                                                                0x7ff887cabd8d
                                                                                                                0x7ff887cabda0
                                                                                                                0x7ff887cabda5
                                                                                                                0x7ff887cabdaa
                                                                                                                0x7ff887cabdb3
                                                                                                                0x7ff887cabdbb
                                                                                                                0x7ff887cabdc1
                                                                                                                0x7ff887cabdc6
                                                                                                                0x7ff887cabdd3
                                                                                                                0x7ff887cabdde
                                                                                                                0x7ff887cabdeb
                                                                                                                0x7ff887cabdf5
                                                                                                                0x7ff887cabdfb
                                                                                                                0x7ff887cabe04
                                                                                                                0x7ff887cabe18
                                                                                                                0x7ff887cabe2d
                                                                                                                0x7ff887cabe2f
                                                                                                                0x7ff887cabe35
                                                                                                                0x7ff887cabe36
                                                                                                                0x7ff887cabe3b
                                                                                                                0x7ff887cabe44
                                                                                                                0x7ff887cabe4d
                                                                                                                0x7ff887cabe54
                                                                                                                0x7ff887cabe5c
                                                                                                                0x7ff887cabe61
                                                                                                                0x7ff887cabe67
                                                                                                                0x7ff887cabe71
                                                                                                                0x7ff887cabe7d
                                                                                                                0x7ff887cabe8c
                                                                                                                0x7ff887cabe9c
                                                                                                                0x7ff887cabea5
                                                                                                                0x7ff887cabeb5
                                                                                                                0x7ff887cabeba
                                                                                                                0x7ff887cabebc
                                                                                                                0x7ff887cabec6
                                                                                                                0x7ff887cabed2
                                                                                                                0x7ff887cabee4
                                                                                                                0x7ff887cabeef
                                                                                                                0x7ff887cabef4
                                                                                                                0x7ff887cabefd
                                                                                                                0x7ff887cabf11
                                                                                                                0x7ff887cabf26
                                                                                                                0x7ff887cabf28
                                                                                                                0x7ff887cabf2e
                                                                                                                0x7ff887cabf2f
                                                                                                                0x7ff887cabf5a

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CallsDisableLibraryThread__tlregdtor
                                                                                                                • String ID: DisableThreadLibraryCalls() failed$c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$dll_main$process attach, instance {:#x}$process detach, instance {:#x}
                                                                                                                • API String ID: 4146258558-105971010
                                                                                                                • Opcode ID: 9852e080176ad4184d1f8a0dc61604868615179f14254849b48dcbae1d6757dd
                                                                                                                • Instruction ID: 11ab57e2a4b480c6e18919d7f371d033b359772f2c732e50d83af88acf7252da
                                                                                                                • Opcode Fuzzy Hash: 9852e080176ad4184d1f8a0dc61604868615179f14254849b48dcbae1d6757dd
                                                                                                                • Instruction Fuzzy Hash: E4518F62A58B8681EB20CF24E5443AEB772FB847D4F404235EA9D07BD6DF6CD044C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CC61F0 Relevance: 13.7, APIs: 9, Instructions: 230COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 561 7ff887cc61f0-7ff887cc61f6 562 7ff887cc6231-7ff887cc623b 561->562 563 7ff887cc61f8-7ff887cc61fb 561->563 566 7ff887cc6358-7ff887cc636d 562->566 564 7ff887cc6225-7ff887cc6264 call 7ff887cc5868 563->564 565 7ff887cc61fd-7ff887cc6200 563->565 581 7ff887cc6332 564->581 582 7ff887cc626a-7ff887cc627f call 7ff887cc56fc 564->582 567 7ff887cc6202-7ff887cc6205 565->567 568 7ff887cc6218 __scrt_dllmain_crt_thread_attach 565->568 569 7ff887cc636f 566->569 570 7ff887cc637c-7ff887cc6396 call 7ff887cc56fc 566->570 572 7ff887cc6211-7ff887cc6216 call 7ff887cc57ac 567->572 573 7ff887cc6207-7ff887cc6210 567->573 576 7ff887cc621d-7ff887cc6224 568->576 574 7ff887cc6371-7ff887cc637b 569->574 584 7ff887cc6398-7ff887cc63cd call 7ff887cc5824 call 7ff887cc6960 call 7ff887cc69d4 call 7ff887cc59d8 call 7ff887cc59fc call 7ff887cc5854 570->584 585 7ff887cc63cf-7ff887cc6400 call 7ff887cc6758 570->585 572->576 586 7ff887cc6334-7ff887cc6349 581->586 593 7ff887cc6285-7ff887cc6296 call 7ff887cc576c 582->593 594 7ff887cc634a-7ff887cc6357 call 7ff887cc6758 582->594 584->574 595 7ff887cc6402-7ff887cc6408 585->595 596 7ff887cc6411-7ff887cc6417 585->596 612 7ff887cc62e7-7ff887cc62f1 call 7ff887cc59d8 593->612 613 7ff887cc6298-7ff887cc62b5 call 7ff887cc6998 call 7ff887cc6950 call 7ff887cc6974 call 7ff887cd718b 593->613 594->566 595->596 600 7ff887cc640a-7ff887cc640c 595->600 601 7ff887cc6419-7ff887cc6423 596->601 602 7ff887cc645e-7ff887cc6466 call 7ff887cabd60 596->602 607 7ff887cc64ff-7ff887cc650c 600->607 608 7ff887cc6425-7ff887cc642d 601->608 609 7ff887cc642f-7ff887cc643d 601->609 614 7ff887cc646b-7ff887cc6474 602->614 615 7ff887cc6443-7ff887cc644b call 7ff887cc61f0 608->615 609->615 625 7ff887cc64f5-7ff887cc64fd 609->625 612->581 633 7ff887cc62f3-7ff887cc62ff call 7ff887cc6990 612->633 659 7ff887cc62ba-7ff887cc62bc 613->659 621 7ff887cc6476-7ff887cc6478 614->621 622 7ff887cc64ac-7ff887cc64ae 614->622 627 7ff887cc6450-7ff887cc6458 615->627 621->622 630 7ff887cc647a-7ff887cc649c call 7ff887cabd60 call 7ff887cc6358 621->630 623 7ff887cc64b0-7ff887cc64b3 622->623 624 7ff887cc64b5-7ff887cc64ca call 7ff887cc61f0 622->624 623->624 623->625 624->625 642 7ff887cc64cc-7ff887cc64d6 624->642 625->607 627->602 627->625 630->622 656 7ff887cc649e-7ff887cc64a3 630->656 650 7ff887cc6301-7ff887cc630b call 7ff887cc5940 633->650 651 7ff887cc6325-7ff887cc6330 633->651 647 7ff887cc64e1-7ff887cc64f1 642->647 648 7ff887cc64d8-7ff887cc64df 642->648 647->625 648->625 650->651 660 7ff887cc630d-7ff887cc631b 650->660 651->586 656->622 659->612 661 7ff887cc62be-7ff887cc62c5 __scrt_dllmain_after_initialize_c 659->661 660->651 661->612 662 7ff887cc62c7-7ff887cc62e4 call 7ff887cd7185 661->662 662->612
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00007FF87FF887CC61F0(void* __edx) {
				void* _t5;

				_t5 = __edx;
				if (_t5 == 0) goto 0x87cc6231;
				if (_t5 == 0) goto 0x87cc6225;
				if (_t5 == 0) goto 0x87cc6218;
				if (__edx == 1) goto 0x87cc6211;
				return 1;
			}




                                                                                                                0x7ff887cc61f4
                                                                                                                0x7ff887cc61f6
                                                                                                                0x7ff887cc61fb
                                                                                                                0x7ff887cc6200
                                                                                                                0x7ff887cc6205
                                                                                                                0x7ff887cc6210

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                • String ID:
                                                                                                                • API String ID: 349153199-0
                                                                                                                • Opcode ID: eb18400eeceb43c411f8f7cee53bc90404758fa191ef5bee891e186665a63c3a
                                                                                                                • Instruction ID: 0cddb17a6371296e881bad5995b7d2a4bab2cb7ff70288a23c4f5a861d19f9f1
                                                                                                                • Opcode Fuzzy Hash: eb18400eeceb43c411f8f7cee53bc90404758fa191ef5bee891e186665a63c3a
                                                                                                                • Instruction Fuzzy Hash: 22818B20E9C24386FB64DB26E6412BD66B2BFD67C4F184035DA0C67796DE3CE841C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CAA1F0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 183COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 665 7ff887caa1f0-7ff887caa2ad call 7ff887cbd640 668 7ff887caa2af-7ff887caa2b8 665->668 669 7ff887caa2cd-7ff887caa2e7 call 7ff887cc06f0 665->669 670 7ff887caa2ba 668->670 671 7ff887caa2bd-7ff887caa2c8 call 7ff887ca9100 668->671 675 7ff887caa321-7ff887caa3cf call 7ff887cb4280 call 7ff887ca57c0 669->675 676 7ff887caa2e9-7ff887caa2fe 669->676 670->671 671->669 685 7ff887caa3d1-7ff887caa3e6 675->685 686 7ff887caa409-7ff887caa440 call 7ff887cae0d0 call 7ff887cb4280 call 7ff887caf010 675->686 677 7ff887caa300-7ff887caa313 676->677 678 7ff887caa31c call 7ff887cc56e4 676->678 677->678 680 7ff887caa315-7ff887caa31b _invalid_parameter_noinfo_noreturn 677->680 678->675 680->678 687 7ff887caa404 call 7ff887cc56e4 685->687 688 7ff887caa3e8-7ff887caa3fb 685->688 696 7ff887caa445-7ff887caa453 686->696 687->686 688->687 690 7ff887caa3fd-7ff887caa403 _invalid_parameter_noinfo_noreturn 688->690 690->687 697 7ff887caa455-7ff887caa46a 696->697 698 7ff887caa48e-7ff887caa4b2 call 7ff887cc06f0 696->698 700 7ff887caa488-7ff887caa48d call 7ff887cc56e4 697->700 701 7ff887caa46c-7ff887caa47f 697->701 706 7ff887caa4b4-7ff887caa4c9 698->706 707 7ff887caa4ed-7ff887caa61b call 7ff887cc5e20 698->707 700->698 701->700 702 7ff887caa481-7ff887caa487 _invalid_parameter_noinfo_noreturn 701->702 702->700 708 7ff887caa4e7-7ff887caa4ec call 7ff887cc56e4 706->708 709 7ff887caa4cb-7ff887caa4de 706->709 708->707 709->708 711 7ff887caa4e0-7ff887caa4e6 _invalid_parameter_noinfo_noreturn 709->711 711->708
                                                                                                                C-Code - Quality: 34%
                                                                                                                			E00007FF87FF887CAA1F0(char __edx, void* __rcx, void* __rbp, long long __r8, intOrPtr* _a40, intOrPtr* _a48) {
				signed int _v72;
				intOrPtr _v80;
				char _v104;
				long long _v112;
				long long _v120;
				char _v130;
				short _v132;
				char _v136;
				intOrPtr _v144;
				char _v168;
				char _v200;
				char _v208;
				char _v216;
				char _v224;
				char _v232;
				long long _v240;
				char _v248;
				long long _v256;
				long long _v264;
				long long _v272;
				long long _v280;
				long long _v288;
				long long _v296;
				void* __rbx;
				void* __rsi;
				void* __r14;
				char _t71;
				intOrPtr _t82;
				void* _t98;
				signed long long _t124;
				signed long long _t125;
				long long _t129;
				void* _t148;
				long long _t149;
				char _t170;
				long long _t184;
				intOrPtr _t189;
				intOrPtr _t194;
				intOrPtr _t197;
				intOrPtr _t200;
				intOrPtr _t203;
				intOrPtr _t206;
				long long _t209;
				long long _t210;
				void* _t212;
				void* _t213;
				intOrPtr _t217;
				void* _t220;
				intOrPtr* _t221;
				intOrPtr* _t222;
				void* _t223;

				_t212 = __rbp;
				_t220 = _t213;
				_t214 = _t213 - 0x110;
				_t124 =  *0x87ceec78; // 0x53a27ff7578c
				_t125 = _t124 ^ _t213 - 0x00000110;
				_v72 = _t125;
				_t209 = __r8;
				r13d = __edx;
				_t223 = __rcx;
				_v224 = __edx;
				_v232 = r9d;
				_t221 = _a40;
				_v240 = _t221;
				_t222 = _a48;
				 *((long long*)(_t220 - 0x88)) = _t210;
				 *((long long*)(_t220 - 0x70)) = 0xf;
				 *((long long*)(_t220 - 0x78)) = 6;
				_t71 = "system"; // 0x74737973
				_v136 = _t71;
				_v132 =  *0x87cdba84 & 0x0000ffff;
				_v130 = sil;
				 *((long long*)(_t220 - 0xa8)) = _t210;
				asm("movdqa xmm0, [0x32114]");
				asm("movdqu [esp+0xb0], xmm0");
				_v168 = sil;
				E00007FF87FF887CBD640(_t148, __rcx, __r8);
				if ( &_v168 == _t125) goto 0x87caa2cd;
				_t217 =  *((intOrPtr*)(_t125 + 0x10));
				if ( *((long long*)(_t125 + 0x18)) - 0x10 < 0) goto 0x87caa2bd;
				E00007FF87FF887CA9100(_t148,  &_v168,  *_t125, _t217, _t222);
				E00007FF87FF887CC06F0( *((long long*)(_t125 + 0x18)) - 0x10,  *_t125,  &_v136, _t217);
				_t184 = _v112;
				if (_t184 - 0x10 < 0) goto 0x87caa321;
				if (_t184 + 1 - 0x1000 < 0) goto 0x87caa31c;
				_t129 = _v136 -  *((intOrPtr*)(_v136 - 8)) + 0xfffffff8;
				if (_t129 - 0x1f <= 0) goto 0x87caa31c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v120 = _t210;
				_v112 = 0xf;
				_v136 = 0;
				_v248 = 0;
				 *_t222 = 0;
				 *_t221 = 0;
				_v208 = _t222;
				_v200 = _t209;
				_v216 = _t209;
				E00007FF87FF887CB4280(_t98, _t148,  &_v104, _t223, _t210, _t212);
				_v256 =  &_v208;
				_v264 =  &_v200;
				_v272 =  &_v232;
				_v280 =  &_v216;
				_v288 =  &_v224;
				_v296 = _t129;
				r8d = 0x74;
				_t96 = _t217 - 0x73;
				E00007FF87FF887CA57C0(_t217 - 0x73, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_enumports \'{}\', {}, {:#x}, {}, {:#x}, {:#x}"); // executed
				_t189 = _v80;
				if (_t189 - 0x10 < 0) goto 0x87caa409;
				if (_t189 + 1 - 0x1000 < 0) goto 0x87caa404;
				_t132 = _v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8;
				if (_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caa404;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CAE0D0( *((intOrPtr*)(_v104 - 8)), _t189 + 0x28);
				_t149 = _t148 + _t209;
				E00007FF87FF887CB4280(_t98, _t149,  &_v104, _t223, _v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8, _t212);
				_v288 =  &_v248;
				_v296 = _t149;
				r8d = r13d;
				_t82 = E00007FF87FF887CAF010(0, _t149, _t132, _t209); // executed
				_t194 = _v80;
				if (_t194 - 0x10 < 0) goto 0x87caa48e;
				if (_t194 + 1 - 0x1000 < 0) goto 0x87caa488;
				if (_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caa488;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				 *_t221 = _v248;
				 *_t222 = _t82;
				E00007FF87FF887CC06F0(_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f, _v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8,  &_v168, _t217);
				_t197 = _v144;
				if (_t197 - 0x10 < 0) goto 0x87caa4ed;
				_t170 = _v168;
				if (_t197 + 1 - 0x1000 < 0) goto 0x87caa4e7;
				_t138 = _t170 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8;
				_t113 = _t170 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8 - 0x1f;
				if (_t170 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caa4e7;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CC06F0(_t113, _t138,  &_v168, _t217);
				_t200 = _v144;
				if (_t200 - 0x10 < 0) goto 0x87caa5f7;
				if (_t200 + 1 - 0x1000 < 0) goto 0x87caa5f1;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caa5f1;
				__imp___invalid_parameter_noinfo_noreturn();
				E00007FF87FF887CC06F0(_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f, _v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8,  &_v168, _t217);
				_t203 = _v144;
				if (_t203 - 0x10 < 0) goto 0x87caa5f7;
				if (_t203 + 1 - 0x1000 < 0) goto 0x87caa5f1;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caa5f1;
				__imp___invalid_parameter_noinfo_noreturn();
				E00007FF87FF887CC06F0(_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f, _v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8,  &_v168, _t217);
				_t206 = _v144;
				if (_t206 - 0x10 < 0) goto 0x87caa5f7;
				if (_t206 + 1 - 0x1000 < 0) goto 0x87caa5f1;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caa5f1;
				__imp___invalid_parameter_noinfo_noreturn();
				E00007FF87FF887CC56E4();
				return E00007FF87FF887CC5E20(0, _t96, _v72 ^ _t214);
			}






















































                                                                                                                0x7ff887caa1f0
                                                                                                                0x7ff887caa1f0
                                                                                                                0x7ff887caa1fe
                                                                                                                0x7ff887caa205
                                                                                                                0x7ff887caa20c
                                                                                                                0x7ff887caa20f
                                                                                                                0x7ff887caa21a
                                                                                                                0x7ff887caa21d
                                                                                                                0x7ff887caa220
                                                                                                                0x7ff887caa223
                                                                                                                0x7ff887caa227
                                                                                                                0x7ff887caa22b
                                                                                                                0x7ff887caa233
                                                                                                                0x7ff887caa238
                                                                                                                0x7ff887caa242
                                                                                                                0x7ff887caa249
                                                                                                                0x7ff887caa251
                                                                                                                0x7ff887caa259
                                                                                                                0x7ff887caa25f
                                                                                                                0x7ff887caa26d
                                                                                                                0x7ff887caa275
                                                                                                                0x7ff887caa27d
                                                                                                                0x7ff887caa284
                                                                                                                0x7ff887caa28c
                                                                                                                0x7ff887caa295
                                                                                                                0x7ff887caa29d
                                                                                                                0x7ff887caa2ad
                                                                                                                0x7ff887caa2af
                                                                                                                0x7ff887caa2b8
                                                                                                                0x7ff887caa2c8
                                                                                                                0x7ff887caa2d5
                                                                                                                0x7ff887caa2db
                                                                                                                0x7ff887caa2e7
                                                                                                                0x7ff887caa2fe
                                                                                                                0x7ff887caa30b
                                                                                                                0x7ff887caa313
                                                                                                                0x7ff887caa315
                                                                                                                0x7ff887caa31b
                                                                                                                0x7ff887caa31c
                                                                                                                0x7ff887caa321
                                                                                                                0x7ff887caa329
                                                                                                                0x7ff887caa335
                                                                                                                0x7ff887caa33d
                                                                                                                0x7ff887caa341
                                                                                                                0x7ff887caa344
                                                                                                                0x7ff887caa348
                                                                                                                0x7ff887caa34d
                                                                                                                0x7ff887caa355
                                                                                                                0x7ff887caa365
                                                                                                                0x7ff887caa370
                                                                                                                0x7ff887caa37d
                                                                                                                0x7ff887caa387
                                                                                                                0x7ff887caa391
                                                                                                                0x7ff887caa39b
                                                                                                                0x7ff887caa3a0
                                                                                                                0x7ff887caa3ac
                                                                                                                0x7ff887caa3b9
                                                                                                                0x7ff887caa3bd
                                                                                                                0x7ff887caa3c3
                                                                                                                0x7ff887caa3cf
                                                                                                                0x7ff887caa3e6
                                                                                                                0x7ff887caa3f3
                                                                                                                0x7ff887caa3fb
                                                                                                                0x7ff887caa3fd
                                                                                                                0x7ff887caa403
                                                                                                                0x7ff887caa404
                                                                                                                0x7ff887caa409
                                                                                                                0x7ff887caa411
                                                                                                                0x7ff887caa41f
                                                                                                                0x7ff887caa42a
                                                                                                                0x7ff887caa42f
                                                                                                                0x7ff887caa437
                                                                                                                0x7ff887caa440
                                                                                                                0x7ff887caa447
                                                                                                                0x7ff887caa453
                                                                                                                0x7ff887caa46a
                                                                                                                0x7ff887caa47f
                                                                                                                0x7ff887caa481
                                                                                                                0x7ff887caa487
                                                                                                                0x7ff887caa488
                                                                                                                0x7ff887caa492
                                                                                                                0x7ff887caa496
                                                                                                                0x7ff887caa4a1
                                                                                                                0x7ff887caa4a6
                                                                                                                0x7ff887caa4b2
                                                                                                                0x7ff887caa4b7
                                                                                                                0x7ff887caa4c9
                                                                                                                0x7ff887caa4d6
                                                                                                                0x7ff887caa4da
                                                                                                                0x7ff887caa4de
                                                                                                                0x7ff887caa4e0
                                                                                                                0x7ff887caa4e6
                                                                                                                0x7ff887caa4e7
                                                                                                                0x7ff887caa4ff
                                                                                                                0x7ff887caa504
                                                                                                                0x7ff887caa510
                                                                                                                0x7ff887caa52b
                                                                                                                0x7ff887caa544
                                                                                                                0x7ff887caa54a
                                                                                                                0x7ff887caa559
                                                                                                                0x7ff887caa55e
                                                                                                                0x7ff887caa56a
                                                                                                                0x7ff887caa585
                                                                                                                0x7ff887caa59a
                                                                                                                0x7ff887caa59c
                                                                                                                0x7ff887caa5ab
                                                                                                                0x7ff887caa5b0
                                                                                                                0x7ff887caa5bc
                                                                                                                0x7ff887caa5d3
                                                                                                                0x7ff887caa5e8
                                                                                                                0x7ff887caa5ea
                                                                                                                0x7ff887caa5f1
                                                                                                                0x7ff887caa61b

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CBD640: __tlregdtor.LIBCMT ref: 00007FF887CBD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAA315
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAA3FD
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAA481
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAA4E0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_enumports '{}', {}, {:#x}, {}, {:#x}, {:#x}$system
                                                                                                                • API String ID: 333172304-2864149607
                                                                                                                • Opcode ID: 9bf2fde0c874050469056fbb2993a46d0ec429c9a4e55342d40de94e9496e62f
                                                                                                                • Instruction ID: e72cda745af4164596fe5a433a7daebb8127cbaa50a4f9312fcb33a5cb38259f
                                                                                                                • Opcode Fuzzy Hash: 9bf2fde0c874050469056fbb2993a46d0ec429c9a4e55342d40de94e9496e62f
                                                                                                                • Instruction Fuzzy Hash: 41814D72A59A8181EB20CB55F4443AEB762FB857E0F404236EAAD43BD9DF7CD085D700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CAA620 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 147COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 716 7ff887caa620-7ff887caa6a1 call 7ff887cbd640 719 7ff887caa6a3-7ff887caa6ac 716->719 720 7ff887caa6be-7ff887caa6d2 call 7ff887cc06f0 716->720 721 7ff887caa6b1-7ff887caa6b9 call 7ff887ca9100 719->721 722 7ff887caa6ae 719->722 726 7ff887caa6d4-7ff887caa6e6 720->726 727 7ff887caa709-7ff887caa759 call 7ff887cb4280 call 7ff887ca59e0 720->727 721->720 722->721 728 7ff887caa704 call 7ff887cc56e4 726->728 729 7ff887caa6e8-7ff887caa6fb 726->729 735 7ff887caa75e-7ff887caa76b 727->735 728->727 729->728 731 7ff887caa6fd-7ff887caa703 _invalid_parameter_noinfo_noreturn 729->731 731->728 736 7ff887caa7a5-7ff887caa7d9 call 7ff887cae0d0 call 7ff887cb4280 call 7ff887cb03f0 735->736 737 7ff887caa76d-7ff887caa782 735->737 748 7ff887caa814-7ff887caa827 call 7ff887cc06f0 736->748 749 7ff887caa7db-7ff887caa7f0 736->749 739 7ff887caa7a0 call 7ff887cc56e4 737->739 740 7ff887caa784-7ff887caa797 737->740 739->736 740->739 742 7ff887caa799-7ff887caa79f _invalid_parameter_noinfo_noreturn 740->742 742->739 756 7ff887caa829-7ff887caa83b 748->756 757 7ff887caa85f-7ff887caa8d7 call 7ff887cc5e20 748->757 750 7ff887caa7f2-7ff887caa805 749->750 751 7ff887caa80e-7ff887caa813 call 7ff887cc56e4 749->751 750->751 753 7ff887caa807-7ff887caa80d _invalid_parameter_noinfo_noreturn 750->753 751->748 753->751 759 7ff887caa859-7ff887caa85e call 7ff887cc56e4 756->759 760 7ff887caa83d-7ff887caa850 756->760 759->757 760->759 762 7ff887caa852-7ff887caa858 _invalid_parameter_noinfo_noreturn 760->762 762->759
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E00007FF87FF887CAA620(long long __rbx, void* __rcx, long long __rdx, long long __rsi, void* __rbp, void* __r14, long long _a24, long long _a32) {
				void* _v8;
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				intOrPtr _v64;
				char _v88;
				long long _v96;
				long long _v104;
				char _v114;
				short _v116;
				char _v120;
				char _v136;
				long long _v144;
				long long _v152;
				char _t48;
				void* _t58;
				void* _t70;
				signed long long _t89;
				signed long long _t90;
				long long _t94;
				long long _t107;
				char _t125;
				long long _t134;
				intOrPtr _t139;
				intOrPtr _t144;
				intOrPtr _t147;
				intOrPtr _t150;
				void* _t153;
				long long _t155;
				void* _t157;
				void* _t158;
				void* _t161;
				intOrPtr _t162;

				_t157 = __rbp;
				_t107 = __rbx;
				_a24 = __rbx;
				_a32 = __rsi;
				_t159 = _t158 - 0xb0;
				_t89 =  *0x87ceec78; // 0x53a27ff7578c
				_t90 = _t89 ^ _t158 - 0x000000b0;
				_v24 = _t90;
				_t155 = __rdx;
				_t153 = __rcx;
				_v120 = __rbx;
				_v96 = 0xf;
				_v104 = 6;
				_t48 = "system"; // 0x74737973
				_v120 = _t48;
				_v116 =  *0x87cdba84 & 0x0000ffff;
				_v114 = 0;
				_v88 = __rbx;
				asm("movdqa xmm0, [0x31d16]");
				asm("movdqu [esp+0x70], xmm0");
				_v88 = 0;
				E00007FF87FF887CBD640(__rbx, __rcx, _t161);
				if ( &_v88 == _t90) goto 0x87caa6be;
				_t162 =  *((intOrPtr*)(_t90 + 0x10));
				if ( *((long long*)(_t90 + 0x18)) - 0x10 < 0) goto 0x87caa6b1;
				E00007FF87FF887CA9100(_t107,  &_v88,  *_t90, _t162, __r14);
				E00007FF87FF887CC06F0( *((long long*)(_t90 + 0x18)) - 0x10,  *_t90,  &_v120, _t162);
				_t134 = _v96;
				if (_t134 - 0x10 < 0) goto 0x87caa709;
				if (_t134 + 1 - 0x1000 < 0) goto 0x87caa704;
				_t94 = _v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8;
				if (_t94 - 0x1f <= 0) goto 0x87caa704;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v104 = _t107;
				_v96 = 0xf;
				_v120 = 0;
				_v136 = _t155;
				E00007FF87FF887CB4280(_t70, _t107,  &_v56, _t153, _t155, _t157);
				_v144 =  &_v136;
				_v152 = _t94;
				r8d = 0x2e;
				_t69 = _t162 - 0x2d;
				E00007FF87FF887CA59E0(_t162 - 0x2d, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_openport \'{}\', {:#x}"); // executed
				_t139 = _v32;
				if (_t139 - 0x10 < 0) goto 0x87caa7a5;
				if (_t139 + 1 - 0x1000 < 0) goto 0x87caa7a0;
				_t97 = _v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caa7a0;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CAE0D0( *((intOrPtr*)(_v56 - 8)), _t139 + 0x28);
				_t58 = E00007FF87FF887CB4280(_t70, _t97,  &_v56, _t153, _t155, _t157);
				_t163 = _t155;
				E00007FF87FF887CB03F0(_t58, _t97, _t97, _t97, _t157, _t155);
				_t144 = _v32;
				if (_t144 - 0x10 < 0) goto 0x87caa814;
				if (_t144 + 1 - 0x1000 < 0) goto 0x87caa80e;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caa80e;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CC06F0(_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f, _v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8,  &_v88, _t155);
				_t147 = _v64;
				if (_t147 - 0x10 < 0) goto 0x87caa85f;
				_t125 = _v88;
				if (_t147 + 1 - 0x1000 < 0) goto 0x87caa859;
				_t103 = _t125 -  *((intOrPtr*)(_t125 - 8)) + 0xfffffff8;
				_t84 = _t125 -  *((intOrPtr*)(_t125 - 8)) + 0xfffffff8 - 0x1f;
				if (_t125 -  *((intOrPtr*)(_t125 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caa859;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CC06F0(_t84, _t103,  &_v88, _t163);
				_t150 = _v64;
				if (_t150 - 0x10 < 0) goto 0x87caa8b1;
				if (_t150 + 1 - 0x1000 < 0) goto 0x87caa8ab;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caa8ab;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				return E00007FF87FF887CC5E20(0, _t69, _v24 ^ _t159);
			}




































                                                                                                                0x7ff887caa620
                                                                                                                0x7ff887caa620
                                                                                                                0x7ff887caa620
                                                                                                                0x7ff887caa625
                                                                                                                0x7ff887caa62b
                                                                                                                0x7ff887caa632
                                                                                                                0x7ff887caa639
                                                                                                                0x7ff887caa63c
                                                                                                                0x7ff887caa644
                                                                                                                0x7ff887caa647
                                                                                                                0x7ff887caa64c
                                                                                                                0x7ff887caa651
                                                                                                                0x7ff887caa65a
                                                                                                                0x7ff887caa663
                                                                                                                0x7ff887caa669
                                                                                                                0x7ff887caa674
                                                                                                                0x7ff887caa679
                                                                                                                0x7ff887caa67d
                                                                                                                0x7ff887caa682
                                                                                                                0x7ff887caa68a
                                                                                                                0x7ff887caa690
                                                                                                                0x7ff887caa694
                                                                                                                0x7ff887caa6a1
                                                                                                                0x7ff887caa6a3
                                                                                                                0x7ff887caa6ac
                                                                                                                0x7ff887caa6b9
                                                                                                                0x7ff887caa6c3
                                                                                                                0x7ff887caa6c9
                                                                                                                0x7ff887caa6d2
                                                                                                                0x7ff887caa6e6
                                                                                                                0x7ff887caa6f3
                                                                                                                0x7ff887caa6fb
                                                                                                                0x7ff887caa6fd
                                                                                                                0x7ff887caa703
                                                                                                                0x7ff887caa704
                                                                                                                0x7ff887caa709
                                                                                                                0x7ff887caa70e
                                                                                                                0x7ff887caa717
                                                                                                                0x7ff887caa71c
                                                                                                                0x7ff887caa72c
                                                                                                                0x7ff887caa737
                                                                                                                0x7ff887caa73c
                                                                                                                0x7ff887caa748
                                                                                                                0x7ff887caa755
                                                                                                                0x7ff887caa759
                                                                                                                0x7ff887caa75f
                                                                                                                0x7ff887caa76b
                                                                                                                0x7ff887caa782
                                                                                                                0x7ff887caa78f
                                                                                                                0x7ff887caa797
                                                                                                                0x7ff887caa799
                                                                                                                0x7ff887caa79f
                                                                                                                0x7ff887caa7a0
                                                                                                                0x7ff887caa7a5
                                                                                                                0x7ff887caa7b8
                                                                                                                0x7ff887caa7be
                                                                                                                0x7ff887caa7c7
                                                                                                                0x7ff887caa7cd
                                                                                                                0x7ff887caa7d9
                                                                                                                0x7ff887caa7f0
                                                                                                                0x7ff887caa805
                                                                                                                0x7ff887caa807
                                                                                                                0x7ff887caa80d
                                                                                                                0x7ff887caa80e
                                                                                                                0x7ff887caa819
                                                                                                                0x7ff887caa81e
                                                                                                                0x7ff887caa827
                                                                                                                0x7ff887caa82c
                                                                                                                0x7ff887caa83b
                                                                                                                0x7ff887caa848
                                                                                                                0x7ff887caa84c
                                                                                                                0x7ff887caa850
                                                                                                                0x7ff887caa852
                                                                                                                0x7ff887caa858
                                                                                                                0x7ff887caa859
                                                                                                                0x7ff887caa86b
                                                                                                                0x7ff887caa870
                                                                                                                0x7ff887caa879
                                                                                                                0x7ff887caa88d
                                                                                                                0x7ff887caa8a2
                                                                                                                0x7ff887caa8a4
                                                                                                                0x7ff887caa8aa
                                                                                                                0x7ff887caa8ab
                                                                                                                0x7ff887caa8d7

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CBD640: __tlregdtor.LIBCMT ref: 00007FF887CBD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAA6FD
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAA799
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAA807
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAA852
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_openport '{}', {:#x}$system
                                                                                                                • API String ID: 333172304-33612538
                                                                                                                • Opcode ID: 6fa6c247fdee1d97a4ab246a2aee9091d9b3f152b3ee41501171ff8f04a6126a
                                                                                                                • Instruction ID: b9bc616a9a6f8506717a55146789d685819bb7dd8dfc9393c24a97d9ead3d4f7
                                                                                                                • Opcode Fuzzy Hash: 6fa6c247fdee1d97a4ab246a2aee9091d9b3f152b3ee41501171ff8f04a6126a
                                                                                                                • Instruction Fuzzy Hash: 8251B3B2A98A8641EB10CB65E54436EB773FB857E0F504235EAAD43BDADF6CD480C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB3C10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$FreeTask
                                                                                                                • String ID: c:\design\wiservice\wiservice\ext\win\ext-win-winutil.cpp$couldn't get special folder, error {}
                                                                                                                • API String ID: 1807027773-2105816268
                                                                                                                • Opcode ID: 1622e010b120b899079a5ea0814c22eff35c6c73c0cfa628f69e3cba74106a05
                                                                                                                • Instruction ID: b65f35395fd6acd2b0522571103cf16ac7ccd16be6835923e1a47432f191722e
                                                                                                                • Opcode Fuzzy Hash: 1622e010b120b899079a5ea0814c22eff35c6c73c0cfa628f69e3cba74106a05
                                                                                                                • Instruction Fuzzy Hash: B8414932648B8586E7218F26F4502AABBB2FB85BD0F544235EB8D03B99DF3CE545C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB9190 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 141COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                C-Code - Quality: 40%
                                                                                                                			E00007FF87FF887CB9190(void* __eflags, long long __rbx, intOrPtr* __rcx, long long __rsi, long long _a16, long long _a24) {
				void* _v8;
				signed int _v16;
				long long _v24;
				long long _v32;
				char _v48;
				long long _v56;
				long long _v64;
				char _v80;
				long long _v88;
				long long _v96;
				intOrPtr _v102;
				short _v104;
				char _v112;
				long long _v120;
				void* __rdi;
				void* _t60;
				signed long long _t78;
				char* _t93;
				intOrPtr _t113;
				long long _t116;
				long long _t119;
				intOrPtr _t122;
				void* _t125;
				void* _t129;
				void* _t134;

				_t127 = __rsi;
				_a16 = __rbx;
				_a24 = __rsi;
				_t78 =  *0x87ceec78; // 0x53a27ff7578c
				_v16 = _t78 ^ _t129 - 0x00000090;
				_t93 = __rcx;
				_v120 = __rcx;
				 *((long long*)(__rcx)) = __rsi;
				 *((long long*)(__rcx + 0x10)) = __rsi;
				 *((long long*)(__rcx + 0x18)) = 0xf;
				 *__rcx = sil;
				 *((long long*)(__rcx + 0x38)) = 0xf;
				 *((intOrPtr*)(__rcx + 0x20)) = sil;
				 *((long long*)(__rcx + 0x30)) = 8;
				 *((long long*)(__rcx + 0x20)) = 0x646c6f5f;
				 *((intOrPtr*)(__rcx + 0x28)) = sil;
				 *((long long*)(__rcx + 0x40)) = 0x2710;
				 *((long long*)(__rcx + 0x48)) = __rsi;
				 *((intOrPtr*)(__rcx + 0x50)) = 0;
				 *((intOrPtr*)(__rcx + 0x50)) = 0x3a875d21;
				_v88 = 0xf;
				_v96 = 0xa;
				asm("movsd xmm0, [0x24162]");
				asm("movsd [esp+0x28], xmm0");
				_v104 =  *0x87cdd390 & 0x0000ffff;
				_v102 = sil;
				E00007FF87FF887CBD6B0(0x646c6f5f,  &_v48); // executed
				E00007FF87FF887CB3370(__rcx,  &_v80, 0x646c6f5f, _t125,  &_v112);
				if (__rcx == 0x646c6f5f) goto 0x87cb92c4;
				_t113 =  *((intOrPtr*)(__rcx + 0x18));
				if (_t113 - 0x10 < 0) goto 0x87cb9298;
				if (_t113 + 1 - 0x1000 < 0) goto 0x87cb9293;
				if ( *__rcx -  *((intOrPtr*)( *__rcx - 8)) - 8 - 0x1f > 0) goto 0x87cb92f8;
				E00007FF87FF887CC56E4();
				 *((long long*)(_t93 + 0x10)) = __rsi;
				 *((long long*)(_t93 + 0x18)) = 0xf;
				 *_t93 = 0;
				asm("movups xmm0, [edi]");
				asm("movups [ebx], xmm0");
				asm("movups xmm1, [edi+0x10]");
				asm("movups [ebx+0x10], xmm1");
				 *0x7478742E646C6F6F = __rsi;
				 *0x7478742E646C6F77 = 0xf;
				 *0x646c6f5f = 0;
				_t116 = _v56;
				if (_t116 - 0x10 < 0) goto 0x87cb9304;
				if (_t116 + 1 - 0x1000 < 0) goto 0x87cb92ff;
				if (_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cb92ff;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v64 = __rsi;
				_v56 = 0xf;
				_v80 = 0;
				_t119 = _v24;
				if (_t119 - 0x10 < 0) goto 0x87cb935a;
				if (_t119 + 1 - 0x1000 < 0) goto 0x87cb9355;
				if (_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cb9355;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v32 = __rsi;
				_v24 = 0xf;
				_v48 = 0;
				_t122 = _v88;
				if (_t122 - 0x10 < 0) goto 0x87cb93b0;
				if (_t122 + 1 - 0x1000 < 0) goto 0x87cb93ab;
				if (_v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cb93ab;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CBDE70(_t60, _t93, _t93, _t122 + 0x28, 0x646c6f5f, __rsi, _t134);
				E00007FF87FF887CBDB70(_v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8, _t93, _t93, _t122 + 0x28, 0x646c6f5f, _t127, _t134);
				return E00007FF87FF887CC5E20(E00007FF87FF887CC05F0(0, _v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8, _t93, _t93, _t127), _t60, _v16 ^ _t129 - 0x00000090);
			}




























                                                                                                                0x7ff887cb9190
                                                                                                                0x7ff887cb9190
                                                                                                                0x7ff887cb9195
                                                                                                                0x7ff887cb91a2
                                                                                                                0x7ff887cb91ac
                                                                                                                0x7ff887cb91b4
                                                                                                                0x7ff887cb91b7
                                                                                                                0x7ff887cb91be
                                                                                                                0x7ff887cb91c1
                                                                                                                0x7ff887cb91c5
                                                                                                                0x7ff887cb91cd
                                                                                                                0x7ff887cb91d0
                                                                                                                0x7ff887cb91d8
                                                                                                                0x7ff887cb91dc
                                                                                                                0x7ff887cb91ee
                                                                                                                0x7ff887cb91f2
                                                                                                                0x7ff887cb91f6
                                                                                                                0x7ff887cb91fe
                                                                                                                0x7ff887cb9202
                                                                                                                0x7ff887cb9205
                                                                                                                0x7ff887cb920c
                                                                                                                0x7ff887cb9215
                                                                                                                0x7ff887cb921e
                                                                                                                0x7ff887cb9226
                                                                                                                0x7ff887cb9233
                                                                                                                0x7ff887cb9238
                                                                                                                0x7ff887cb9242
                                                                                                                0x7ff887cb9255
                                                                                                                0x7ff887cb9260
                                                                                                                0x7ff887cb9262
                                                                                                                0x7ff887cb926a
                                                                                                                0x7ff887cb9279
                                                                                                                0x7ff887cb928e
                                                                                                                0x7ff887cb9293
                                                                                                                0x7ff887cb9298
                                                                                                                0x7ff887cb929c
                                                                                                                0x7ff887cb92a4
                                                                                                                0x7ff887cb92a7
                                                                                                                0x7ff887cb92aa
                                                                                                                0x7ff887cb92ad
                                                                                                                0x7ff887cb92b1
                                                                                                                0x7ff887cb92b5
                                                                                                                0x7ff887cb92b9
                                                                                                                0x7ff887cb92c1
                                                                                                                0x7ff887cb92c4
                                                                                                                0x7ff887cb92cd
                                                                                                                0x7ff887cb92e1
                                                                                                                0x7ff887cb92f6
                                                                                                                0x7ff887cb92f8
                                                                                                                0x7ff887cb92fe
                                                                                                                0x7ff887cb92ff
                                                                                                                0x7ff887cb9304
                                                                                                                0x7ff887cb9309
                                                                                                                0x7ff887cb9312
                                                                                                                0x7ff887cb9317
                                                                                                                0x7ff887cb9323
                                                                                                                0x7ff887cb9337
                                                                                                                0x7ff887cb934c
                                                                                                                0x7ff887cb934e
                                                                                                                0x7ff887cb9354
                                                                                                                0x7ff887cb9355
                                                                                                                0x7ff887cb935a
                                                                                                                0x7ff887cb935f
                                                                                                                0x7ff887cb936b
                                                                                                                0x7ff887cb9370
                                                                                                                0x7ff887cb9379
                                                                                                                0x7ff887cb938d
                                                                                                                0x7ff887cb93a2
                                                                                                                0x7ff887cb93a4
                                                                                                                0x7ff887cb93aa
                                                                                                                0x7ff887cb93ab
                                                                                                                0x7ff887cb93b3
                                                                                                                0x7ff887cb93bb
                                                                                                                0x7ff887cb93f2

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CB92F8
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CB934E
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CB93A4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: _old.txt
                                                                                                                • API String ID: 3668304517-616907513
                                                                                                                • Opcode ID: e2eeb52d6b6e59b90e3991592558ed2ba420185344d285cf3c641dcd5f9135e0
                                                                                                                • Instruction ID: 7ac799f30337b76ecbafdba76f2cf5e825cf1de9fe3e44f582a7280de5288d4b
                                                                                                                • Opcode Fuzzy Hash: e2eeb52d6b6e59b90e3991592558ed2ba420185344d285cf3c641dcd5f9135e0
                                                                                                                • Instruction Fuzzy Hash: EC617A62A58B8181EB14CB28E44436E7772FB95BE4F204235E7AD07AEADF7DD581C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB6090 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                C-Code - Quality: 35%
                                                                                                                			E00007FF87FF887CB6090(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v32;
				char _v40;
				char _v56;
				void* _t25;
				void* _t32;
				void* _t36;
				long long _t41;
				long long _t44;
				long long _t63;
				void* _t67;
				void* _t78;

				_t41 = __rax;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_a8 = __rcx;
				_t44 = __rcx;
				_t25 = E00007FF87FF887CD6670(__rax);
				if (_t41 == 0) goto 0x87cb60d1;
				r8d =  *((intOrPtr*)(__rcx + 0x28));
				if ( *_t41 == r8d) goto 0x87cb6145;
				_v40 = __rcx + 0x10;
				__imp__AcquireSRWLockShared();
				E00007FF87FF887CC56A8(_t25, _t41, __rcx + 0x10);
				_v32 = _t41;
				if (_t41 == 0) goto 0x87cb6110;
				E00007FF87FF887CB9AD0(_t32,  *((intOrPtr*)(_t44 + 0x28)), _t36, _t44, _t41, _t44 + 0x38, _t44 + 0x30);
				_t63 = _t41;
				goto 0x87cb6112;
				__imp__ReleaseSRWLockShared();
				E00007FF87FF887CD6670(_t41);
				if (_t41 == _t63) goto 0x87cb6145;
				_v56 = 1;
				E00007FF87FF887CD6E20( *((intOrPtr*)(_t44 + 0x28)), _t41, _t44, _t44 + 0x48, 0x87cbc340, _t63, __rsi, _t67,  *((intOrPtr*)(_t44 + 0x48)), _t63, _t78);
				_v40 = _t63;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t63 + 0x128))))))();
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				E00007FF87FF887CCDF50(); // executed
				return E00007FF87FF887CBA810(_t44,  &_v40);
			}














                                                                                                                0x7ff887cb6090
                                                                                                                0x7ff887cb6090
                                                                                                                0x7ff887cb6095
                                                                                                                0x7ff887cb609a
                                                                                                                0x7ff887cb609f
                                                                                                                0x7ff887cb60b4
                                                                                                                0x7ff887cb60bb
                                                                                                                0x7ff887cb60c6
                                                                                                                0x7ff887cb60c8
                                                                                                                0x7ff887cb60cf
                                                                                                                0x7ff887cb60d5
                                                                                                                0x7ff887cb60dd
                                                                                                                0x7ff887cb60e9
                                                                                                                0x7ff887cb60ee
                                                                                                                0x7ff887cb60f6
                                                                                                                0x7ff887cb6106
                                                                                                                0x7ff887cb610b
                                                                                                                0x7ff887cb610e
                                                                                                                0x7ff887cb6115
                                                                                                                0x7ff887cb611f
                                                                                                                0x7ff887cb6127
                                                                                                                0x7ff887cb6129
                                                                                                                0x7ff887cb6140
                                                                                                                0x7ff887cb6145
                                                                                                                0x7ff887cb615b
                                                                                                                0x7ff887cb6164
                                                                                                                0x7ff887cb6174
                                                                                                                0x7ff887cb619d

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LockShared$?flush@?$basic_ostream@AcquireD@std@@@std@@ReleaseU?$char_traits@V12@
                                                                                                                • String ID:
                                                                                                                • API String ID: 2998771425-0
                                                                                                                • Opcode ID: e5e5c596da9bdb092d5d06463e3ff5beb724132a46c9db2d6cb914413f5afd47
                                                                                                                • Instruction ID: 2f0c56c7728d5fc65a6ba67c8ff9bdcc72adfec2a0407ab2c545fca7d74ad797
                                                                                                                • Opcode Fuzzy Hash: e5e5c596da9bdb092d5d06463e3ff5beb724132a46c9db2d6cb914413f5afd47
                                                                                                                • Instruction Fuzzy Hash: 41216B22658B4692DB14DF22E4010ADA7B6FF85BD4F400432EE8E13B6ADF3CE695C740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB3B40 Relevance: 4.5, APIs: 3, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 26%
                                                                                                                			E00007FF87FF887CB3B40(intOrPtr* __rcx) {
				signed int _v24;
				signed long long _v32;
				char _v56;
				void* __rbx;
				int _t14;
				void* _t19;
				void* _t21;
				signed long long _t31;
				void* _t36;
				void* _t41;
				signed long long _t47;
				void* _t50;
				void* _t51;
				signed long long _t52;

				_t31 =  *0x87ceec78; // 0x53a27ff7578c
				_v24 = _t31 ^ _t52;
				if ( *((long long*)(__rcx + 0x18)) - 0x10 < 0) goto 0x87cb3b5f;
				E00007FF87FF887CB3FF0(_t19, _t36,  &_v56,  *__rcx, _t50, _t51);
				_t41 =  >=  ? _v56 :  &_v56;
				_t14 = CreateDirectoryW(??, ??); // executed
				_t47 = _v32;
				if (_t47 - 8 < 0) goto 0x87cb3bcc;
				if (2 + _t47 * 2 - 0x1000 < 0) goto 0x87cb3bc7;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cb3bc7;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				if (_t14 != 0) goto 0x87cb3bf2;
				if (GetLastError() == 0xb7) goto 0x87cb3bf2;
				return E00007FF87FF887CC5E20(0, _t21, _v24 ^ _t52);
			}

















                                                                                                                0x7ff887cb3b46
                                                                                                                0x7ff887cb3b50
                                                                                                                0x7ff887cb3b5a
                                                                                                                0x7ff887cb3b67
                                                                                                                0x7ff887cb3b77
                                                                                                                0x7ff887cb3b7f
                                                                                                                0x7ff887cb3b85
                                                                                                                0x7ff887cb3b90
                                                                                                                0x7ff887cb3ba9
                                                                                                                0x7ff887cb3bbe
                                                                                                                0x7ff887cb3bc0
                                                                                                                0x7ff887cb3bc6
                                                                                                                0x7ff887cb3bc7
                                                                                                                0x7ff887cb3bce
                                                                                                                0x7ff887cb3bdb
                                                                                                                0x7ff887cb3bf1

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateDirectoryErrorLast_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 1363081247-0
                                                                                                                • Opcode ID: faef024df2a03db1270b99d93008469492379fdd24af4c472736017e69ee614e
                                                                                                                • Instruction ID: ff7a999d7ea0fcbeb78dc28ee3ee9f88b0a329498c06e68971725561767fb827
                                                                                                                • Opcode Fuzzy Hash: faef024df2a03db1270b99d93008469492379fdd24af4c472736017e69ee614e
                                                                                                                • Instruction Fuzzy Hash: 82114F62A58A4281FF209B25E49922D3373FB987D4F500636EA6E476E9DF6CE185C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD7B10 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00007FF87FF887CD7B10(long long __rdx, void* __r8) {
				void* _t11;
				long long _t15;
				long _t22;
				void* _t25;

				 *((long long*)(_t25 + 0x10)) = __rdx;
				_t15 =  *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x88))));
				 *((intOrPtr*)(_t15 + 8))();
				 *((long long*)(__rdx + 0x70)) = _t15;
				 *((long long*)(_t25 - 0x50 + 0x20)) = __rdx + 0x70;
				r8d = 0x7a;
				_t11 = E00007FF87FF887CA5460(__r8 - 0x76, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "\'enum_ports\' method throwed BufferSizeException: {}"); // executed
				SetLastError(_t22);
				 *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x58)))) =  *((intOrPtr*)(__rdx + 0x50));
				return _t11;
			}







                                                                                                                0x7ff887cd7b10
                                                                                                                0x7ff887cd7b24
                                                                                                                0x7ff887cd7b27
                                                                                                                0x7ff887cd7b2a
                                                                                                                0x7ff887cd7b32
                                                                                                                0x7ff887cd7b3e
                                                                                                                0x7ff887cd7b4f
                                                                                                                0x7ff887cd7b59
                                                                                                                0x7ff887cd7b66
                                                                                                                0x7ff887cd7b77

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CA5460: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA558E
                                                                                                                  • Part of subcall function 00007FF887CA5460: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA55D5
                                                                                                                • SetLastError.KERNEL32 ref: 00007FF887CD7B59
                                                                                                                Strings
                                                                                                                • 'enum_ports' method throwed BufferSizeException: {}, xrefs: 00007FF887CD7B37
                                                                                                                • c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp, xrefs: 00007FF887CD7B44
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ErrorLast
                                                                                                                • String ID: 'enum_ports' method throwed BufferSizeException: {}$c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp
                                                                                                                • API String ID: 3964982034-30933652
                                                                                                                • Opcode ID: 7869ff0d80f280c4edbe0d1ae805a5289204315e6fb73086d8f10c0cbf007131
                                                                                                                • Instruction ID: b64f50eb21ce4f7991aff511726ae735952fa96e286215b09ace682e23ed19fa
                                                                                                                • Opcode Fuzzy Hash: 7869ff0d80f280c4edbe0d1ae805a5289204315e6fb73086d8f10c0cbf007131
                                                                                                                • Instruction Fuzzy Hash: B6F01776A04B448AD710CF24E8403AD3BB2FB88B98F40813AEA4D07B65DF3CE549C740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB3980 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(?,?,?,?,00007FF887CB41C5,?,?,?,?,00000000,?,?,?,00000000,00007FF887CB3B6C), ref: 00007FF887CB398B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Xlength_error@std@@
                                                                                                                • String ID: vector too long
                                                                                                                • API String ID: 1004598685-2873823879
                                                                                                                • Opcode ID: 7facf0b4ce551dd9ebe7992f8db6e7374516873740b80f86a9a3de763a5ba51c
                                                                                                                • Instruction ID: 42ce1e10f7653eb2b714ab4bbefc80be35e6c8ae0a9810275fcc34bd12fb191b
                                                                                                                • Opcode Fuzzy Hash: 7facf0b4ce551dd9ebe7992f8db6e7374516873740b80f86a9a3de763a5ba51c
                                                                                                                • Instruction Fuzzy Hash: A5A0121095400180D314F740D8510AC11316F60380E700831D11C46452DD085042C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA57C0 Relevance: 3.1, APIs: 2, Instructions: 120COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 40%
                                                                                                                			E00007FF87FF887CA57C0(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40, intOrPtr* _a48, intOrPtr* _a56, intOrPtr* _a64, intOrPtr* _a72, intOrPtr* _a80) {
				signed int _v56;
				long long _v72;
				long long _v88;
				intOrPtr _v104;
				long long _v120;
				intOrPtr _v136;
				long long _v144;
				char _v152;
				intOrPtr _v160;
				char _v184;
				long long _v208;
				long long _v216;
				long long _v224;
				long long _v232;
				char _v248;
				long long _v272;
				long long _v280;
				intOrPtr _v288;
				intOrPtr _v296;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t56;
				signed long long _t68;
				intOrPtr* _t70;
				intOrPtr _t105;
				intOrPtr _t108;
				intOrPtr* _t111;
				void* _t112;
				void* _t113;
				signed long long _t114;

				_t68 =  *0x87ceec78; // 0x53a27ff7578c
				_v56 = _t68 ^ _t114;
				_t111 = __rdx;
				_v288 = __ecx;
				_v272 = __rdx;
				_v296 = r14d;
				_v280 = __r9;
				_t70 = _a40;
				if ( *((long long*)(_t70 + 0x18)) - 0x10 < 0) goto 0x87ca580f;
				_v152 =  *_t70;
				_v144 =  *((intOrPtr*)(_t70 + 0x10));
				_v136 =  *_a48;
				_v120 =  *_a56;
				_v104 =  *_a64;
				_v88 =  *_a72;
				_v72 =  *_a80;
				_v216 = 0xa51946e;
				_v208 =  &_v152;
				asm("movaps xmm0, [esp+0x80]");
				asm("movdqa [esp+0x60], xmm0");
				_v216 = __r9;
				asm("o16 nop [eax+eax]");
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x87ca58c0;
				_v208 = 0;
				E00007FF87FF887CA49B0(0xffffffff,  &_v184, __rdx, _t112);
				_v248 = 0;
				_v232 = 0;
				_v224 = 0xf;
				_v248 = 0;
				if ( *_t111 != 0) goto 0x87ca5906;
				E00007FF87FF887CA9100(0,  &_v248, _t111, 0, r8d);
				E00007FF87FF887CBE5B0(__ecx, _t56, 0, 0,  &_v248,  &_v248, _t112, _t113, r8d,  &_v184); // executed
				_t105 = _v224;
				if (_t105 - 0x10 < 0) goto 0x87ca5978;
				if (_t105 + 1 - 0x1000 < 0) goto 0x87ca5972;
				if (_v248 -  *((intOrPtr*)(_v248 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca5972;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_t108 = _v160;
				if (_t108 - 0x10 < 0) goto 0x87ca59bf;
				if (_t108 + 1 - 0x1000 < 0) goto 0x87ca59b9;
				if (_v184 -  *((intOrPtr*)(_v184 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca59b9;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887CC5E20(E00007FF87FF887CC56E4(), __ecx, _v56 ^ _t114);
			}



































                                                                                                                0x7ff887ca57cd
                                                                                                                0x7ff887ca57d7
                                                                                                                0x7ff887ca57e2
                                                                                                                0x7ff887ca57e7
                                                                                                                0x7ff887ca57eb
                                                                                                                0x7ff887ca57f0
                                                                                                                0x7ff887ca57f5
                                                                                                                0x7ff887ca57fa
                                                                                                                0x7ff887ca580a
                                                                                                                0x7ff887ca5813
                                                                                                                0x7ff887ca581b
                                                                                                                0x7ff887ca582d
                                                                                                                0x7ff887ca583f
                                                                                                                0x7ff887ca5851
                                                                                                                0x7ff887ca5863
                                                                                                                0x7ff887ca5876
                                                                                                                0x7ff887ca587e
                                                                                                                0x7ff887ca5892
                                                                                                                0x7ff887ca589a
                                                                                                                0x7ff887ca58a2
                                                                                                                0x7ff887ca58a8
                                                                                                                0x7ff887ca58ba
                                                                                                                0x7ff887ca58c8
                                                                                                                0x7ff887ca58ca
                                                                                                                0x7ff887ca58e7
                                                                                                                0x7ff887ca58ef
                                                                                                                0x7ff887ca58f4
                                                                                                                0x7ff887ca58f9
                                                                                                                0x7ff887ca5902
                                                                                                                0x7ff887ca590c
                                                                                                                0x7ff887ca5919
                                                                                                                0x7ff887ca5931
                                                                                                                0x7ff887ca5937
                                                                                                                0x7ff887ca5940
                                                                                                                0x7ff887ca5954
                                                                                                                0x7ff887ca5969
                                                                                                                0x7ff887ca596b
                                                                                                                0x7ff887ca5971
                                                                                                                0x7ff887ca5972
                                                                                                                0x7ff887ca5978
                                                                                                                0x7ff887ca5984
                                                                                                                0x7ff887ca599b
                                                                                                                0x7ff887ca59b0
                                                                                                                0x7ff887ca59b2
                                                                                                                0x7ff887ca59b8
                                                                                                                0x7ff887ca59db

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA596B
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA59B2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: 1981f29843fd0f811de58866de1893ec40f798ca1c83c1463f06fc5a1154a23e
                                                                                                                • Instruction ID: 021a75dd0f5b2b05281c2eef78146b65a5c792e20c5842a43ba7fb880e4e6087
                                                                                                                • Opcode Fuzzy Hash: 1981f29843fd0f811de58866de1893ec40f798ca1c83c1463f06fc5a1154a23e
                                                                                                                • Instruction Fuzzy Hash: 67513CB2A49BC985EB60CB15F4407AEB762F7897E0F408225DA9D43B99DF3CD085CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA59E0 Relevance: 3.1, APIs: 2, Instructions: 107COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 41%
                                                                                                                			E00007FF87FF887CA59E0(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40, intOrPtr* _a48) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v104;
				long long _v112;
				char _v120;
				long long _v144;
				long long _v152;
				long long _v160;
				long long _v168;
				char _v184;
				long long _v208;
				long long _v216;
				intOrPtr _v224;
				intOrPtr _v232;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t46;
				signed long long _t58;
				intOrPtr* _t60;
				intOrPtr _t89;
				intOrPtr _t92;
				intOrPtr* _t95;
				void* _t96;
				void* _t97;
				signed long long _t98;

				_t58 =  *0x87ceec78; // 0x53a27ff7578c
				_v56 = _t58 ^ _t98;
				_t95 = __rdx;
				_v224 = __ecx;
				_v208 = __rdx;
				_v232 = r14d;
				_v216 = __r9;
				_t60 = _a40;
				if ( *((long long*)(_t60 + 0x18)) - 0x10 < 0) goto 0x87ca5a2f;
				_v120 =  *_t60;
				_v112 =  *((intOrPtr*)(_t60 + 0x10));
				_v104 =  *_a48;
				_v152 = 0xae;
				_v144 =  &_v120;
				asm("movaps xmm0, [esp+0x80]");
				asm("movdqa [esp+0x60], xmm0");
				_v152 = __r9;
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x87ca5a92;
				_v144 = 0;
				E00007FF87FF887CA49B0(0xffffffff,  &_v88, __rdx, _t96);
				_v184 = 0;
				_v168 = 0;
				_v160 = 0xf;
				_v184 = 0;
				if ( *_t95 != 0) goto 0x87ca5ad8;
				E00007FF87FF887CA9100(0,  &_v184, _t95, 0, r8d);
				E00007FF87FF887CBE5B0(__ecx, _t46, 0, 0,  &_v184,  &_v184, _t96, _t97, r8d,  &_v88); // executed
				_t89 = _v160;
				if (_t89 - 0x10 < 0) goto 0x87ca5b4a;
				if (_t89 + 1 - 0x1000 < 0) goto 0x87ca5b44;
				if (_v184 -  *((intOrPtr*)(_v184 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca5b44;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_t92 = _v64;
				if (_t92 - 0x10 < 0) goto 0x87ca5b91;
				if (_t92 + 1 - 0x1000 < 0) goto 0x87ca5b8b;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca5b8b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887CC5E20(E00007FF87FF887CC56E4(), __ecx, _v56 ^ _t98);
			}































                                                                                                                0x7ff887ca59ed
                                                                                                                0x7ff887ca59f7
                                                                                                                0x7ff887ca5a02
                                                                                                                0x7ff887ca5a07
                                                                                                                0x7ff887ca5a0b
                                                                                                                0x7ff887ca5a10
                                                                                                                0x7ff887ca5a15
                                                                                                                0x7ff887ca5a1a
                                                                                                                0x7ff887ca5a2a
                                                                                                                0x7ff887ca5a33
                                                                                                                0x7ff887ca5a3b
                                                                                                                0x7ff887ca5a4e
                                                                                                                0x7ff887ca5a56
                                                                                                                0x7ff887ca5a6a
                                                                                                                0x7ff887ca5a72
                                                                                                                0x7ff887ca5a7a
                                                                                                                0x7ff887ca5a80
                                                                                                                0x7ff887ca5a9a
                                                                                                                0x7ff887ca5a9c
                                                                                                                0x7ff887ca5ab9
                                                                                                                0x7ff887ca5ac1
                                                                                                                0x7ff887ca5ac6
                                                                                                                0x7ff887ca5acb
                                                                                                                0x7ff887ca5ad4
                                                                                                                0x7ff887ca5ade
                                                                                                                0x7ff887ca5aeb
                                                                                                                0x7ff887ca5b03
                                                                                                                0x7ff887ca5b09
                                                                                                                0x7ff887ca5b12
                                                                                                                0x7ff887ca5b26
                                                                                                                0x7ff887ca5b3b
                                                                                                                0x7ff887ca5b3d
                                                                                                                0x7ff887ca5b43
                                                                                                                0x7ff887ca5b44
                                                                                                                0x7ff887ca5b4a
                                                                                                                0x7ff887ca5b56
                                                                                                                0x7ff887ca5b6d
                                                                                                                0x7ff887ca5b82
                                                                                                                0x7ff887ca5b84
                                                                                                                0x7ff887ca5b8a
                                                                                                                0x7ff887ca5bad

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA5B3D
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA5B84
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: 29762b3e575b918b7c6d014bbb7e81ba7728309e426f5e8661c010412e15b857
                                                                                                                • Instruction ID: fb2d2e1b97783d0118eff366811619e5e03b65f967c7ee835d0b9846cbc127dc
                                                                                                                • Opcode Fuzzy Hash: 29762b3e575b918b7c6d014bbb7e81ba7728309e426f5e8661c010412e15b857
                                                                                                                • Instruction Fuzzy Hash: 81414CB2648BC981EB60CB25F5443AEA662FB857E1F508235DAAD43BD9DF3CD085C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA5600 Relevance: 3.1, APIs: 2, Instructions: 105COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 41%
                                                                                                                			E00007FF87FF887CA5600(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v96;
				char _v104;
				long long _v128;
				long long _v136;
				long long _v144;
				long long _v152;
				char _v168;
				long long _v192;
				long long _v200;
				intOrPtr _v208;
				intOrPtr _v216;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t44;
				signed long long _t56;
				intOrPtr* _t58;
				intOrPtr _t85;
				intOrPtr _t88;
				intOrPtr* _t91;
				void* _t92;
				void* _t93;
				signed long long _t94;

				_t56 =  *0x87ceec78; // 0x53a27ff7578c
				_v56 = _t56 ^ _t94;
				_t91 = __rdx;
				_v208 = __ecx;
				_v192 = __rdx;
				_v216 = r14d;
				_v200 = __r9;
				_t58 = _a40;
				if ( *((long long*)(_t58 + 0x18)) - 0x10 < 0) goto 0x87ca564f;
				_v104 =  *_t58;
				_v96 =  *((intOrPtr*)(_t58 + 0x10));
				_v136 = 0xe;
				_v128 =  &_v104;
				asm("movaps xmm0, [esp+0x80]");
				asm("movdqa [esp+0x60], xmm0");
				_v136 = __r9;
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x87ca56a0;
				_v128 = 0;
				E00007FF87FF887CA49B0(0xffffffff,  &_v88, __rdx, _t92);
				_v168 = 0;
				_v152 = 0;
				_v144 = 0xf;
				_v168 = 0;
				if ( *_t91 != 0) goto 0x87ca56e6;
				E00007FF87FF887CA9100(0,  &_v168, _t91, 0, r8d);
				E00007FF87FF887CBE5B0(__ecx, _t44, 0, 0,  &_v168,  &_v168, _t92, _t93, r8d,  &_v88); // executed
				_t85 = _v144;
				if (_t85 - 0x10 < 0) goto 0x87ca5758;
				if (_t85 + 1 - 0x1000 < 0) goto 0x87ca5752;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca5752;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_t88 = _v64;
				if (_t88 - 0x10 < 0) goto 0x87ca579f;
				if (_t88 + 1 - 0x1000 < 0) goto 0x87ca5799;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca5799;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887CC5E20(E00007FF87FF887CC56E4(), __ecx, _v56 ^ _t94);
			}






























                                                                                                                0x7ff887ca560d
                                                                                                                0x7ff887ca5617
                                                                                                                0x7ff887ca5622
                                                                                                                0x7ff887ca5627
                                                                                                                0x7ff887ca562b
                                                                                                                0x7ff887ca5630
                                                                                                                0x7ff887ca5635
                                                                                                                0x7ff887ca563a
                                                                                                                0x7ff887ca564a
                                                                                                                0x7ff887ca5653
                                                                                                                0x7ff887ca565b
                                                                                                                0x7ff887ca5663
                                                                                                                0x7ff887ca5677
                                                                                                                0x7ff887ca567f
                                                                                                                0x7ff887ca5687
                                                                                                                0x7ff887ca568d
                                                                                                                0x7ff887ca56a8
                                                                                                                0x7ff887ca56aa
                                                                                                                0x7ff887ca56c7
                                                                                                                0x7ff887ca56cf
                                                                                                                0x7ff887ca56d4
                                                                                                                0x7ff887ca56d9
                                                                                                                0x7ff887ca56e2
                                                                                                                0x7ff887ca56ec
                                                                                                                0x7ff887ca56f9
                                                                                                                0x7ff887ca5711
                                                                                                                0x7ff887ca5717
                                                                                                                0x7ff887ca5720
                                                                                                                0x7ff887ca5734
                                                                                                                0x7ff887ca5749
                                                                                                                0x7ff887ca574b
                                                                                                                0x7ff887ca5751
                                                                                                                0x7ff887ca5752
                                                                                                                0x7ff887ca5758
                                                                                                                0x7ff887ca5764
                                                                                                                0x7ff887ca577b
                                                                                                                0x7ff887ca5790
                                                                                                                0x7ff887ca5792
                                                                                                                0x7ff887ca5798
                                                                                                                0x7ff887ca57bb

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA574B
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA5792
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: 9b71f734a2d08e80426e159237ae319ab05393ace36e9f7cc8abe1b1d6941eb1
                                                                                                                • Instruction ID: 261385a75eb55fccc86d08aa5515966a74055ac697258233adc9d3cc45fe819a
                                                                                                                • Opcode Fuzzy Hash: 9b71f734a2d08e80426e159237ae319ab05393ace36e9f7cc8abe1b1d6941eb1
                                                                                                                • Instruction Fuzzy Hash: D8417FB2659BC581EB60CB15F5403AEA662FB857E0F508235DAAD53BD9DF3CD084C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA5460 Relevance: 3.1, APIs: 2, Instructions: 101COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E00007FF87FF887CA5460(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v128;
				long long _v136;
				char _v152;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				intOrPtr _v208;
				intOrPtr _v216;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t41;
				signed long long _t52;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t85;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t96;

				_t96 = _t88;
				_t52 =  *0x87ceec78; // 0x53a27ff7578c
				_v56 = _t52 ^ _t88 - 0x000000e8;
				_t85 = __rdx;
				_v208 = __ecx;
				_v176 = __rdx;
				_v216 = r14d;
				_v184 = __r9;
				 *((long long*)(_t96 - 0x78)) =  *_a40;
				_v200 = 0xd;
				_v192 = _t96 - 0x78;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x70], xmm0");
				_v200 = __r9;
				asm("o16 nop [eax+eax]");
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x87ca54e0;
				_v192 = 0;
				E00007FF87FF887CA49B0(0xffffffff,  &_v88, __rdx, _t86);
				_v152 = 0;
				_v136 = 0;
				_v128 = 0xf;
				_v152 = 0;
				if ( *_t85 != 0) goto 0x87ca5526;
				E00007FF87FF887CA9100(0,  &_v152, _t85, 0, r8d);
				E00007FF87FF887CBE5B0(__ecx, _t41, 0, 0,  &_v152,  &_v152, _t86, _t87, r8d,  &_v88); // executed
				_t79 = _v128;
				if (_t79 - 0x10 < 0) goto 0x87ca559b;
				if (_t79 + 1 - 0x1000 < 0) goto 0x87ca5595;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca5595;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_t82 = _v64;
				if (_t82 - 0x10 < 0) goto 0x87ca55e2;
				if (_t82 + 1 - 0x1000 < 0) goto 0x87ca55dc;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca55dc;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887CC5E20(E00007FF87FF887CC56E4(), __ecx, _v56 ^ _t88 - 0x000000e8);
			}




























                                                                                                                0x7ff887ca5460
                                                                                                                0x7ff887ca546f
                                                                                                                0x7ff887ca5479
                                                                                                                0x7ff887ca5484
                                                                                                                0x7ff887ca5489
                                                                                                                0x7ff887ca548d
                                                                                                                0x7ff887ca5492
                                                                                                                0x7ff887ca5497
                                                                                                                0x7ff887ca54a7
                                                                                                                0x7ff887ca54ab
                                                                                                                0x7ff887ca54b8
                                                                                                                0x7ff887ca54bd
                                                                                                                0x7ff887ca54c2
                                                                                                                0x7ff887ca54c8
                                                                                                                0x7ff887ca54d7
                                                                                                                0x7ff887ca54e8
                                                                                                                0x7ff887ca54ea
                                                                                                                0x7ff887ca5501
                                                                                                                0x7ff887ca5509
                                                                                                                0x7ff887ca550e
                                                                                                                0x7ff887ca5516
                                                                                                                0x7ff887ca5522
                                                                                                                0x7ff887ca552c
                                                                                                                0x7ff887ca5539
                                                                                                                0x7ff887ca5551
                                                                                                                0x7ff887ca5557
                                                                                                                0x7ff887ca5563
                                                                                                                0x7ff887ca5577
                                                                                                                0x7ff887ca558c
                                                                                                                0x7ff887ca558e
                                                                                                                0x7ff887ca5594
                                                                                                                0x7ff887ca5595
                                                                                                                0x7ff887ca559b
                                                                                                                0x7ff887ca55a7
                                                                                                                0x7ff887ca55be
                                                                                                                0x7ff887ca55d3
                                                                                                                0x7ff887ca55d5
                                                                                                                0x7ff887ca55db
                                                                                                                0x7ff887ca55fe

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA558E
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA55D5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: aae03a3d95e0946a8272b2168d489ddbc761b8d8e3ec7c44dd737b3b500582f4
                                                                                                                • Instruction ID: 182142648c1c2c24f0709bf8d04a6c373de55478876373f204cf769ee44c9bb1
                                                                                                                • Opcode Fuzzy Hash: aae03a3d95e0946a8272b2168d489ddbc761b8d8e3ec7c44dd737b3b500582f4
                                                                                                                • Instruction Fuzzy Hash: 2B4172A2A48AC581EB10CB64F54039EA762FB857E0F505235EAAC437D9DF3CC441C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA5DB0 Relevance: 3.1, APIs: 2, Instructions: 101COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E00007FF87FF887CA5DB0(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v128;
				long long _v136;
				char _v152;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				intOrPtr _v208;
				intOrPtr _v216;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t41;
				signed long long _t52;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t85;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t96;

				_t96 = _t88;
				_t52 =  *0x87ceec78; // 0x53a27ff7578c
				_v56 = _t52 ^ _t88 - 0x000000e8;
				_t85 = __rdx;
				_v208 = __ecx;
				_v176 = __rdx;
				_v216 = r14d;
				_v184 = __r9;
				 *((long long*)(_t96 - 0x78)) =  *_a40;
				_v200 = 5;
				_v192 = _t96 - 0x78;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x70], xmm0");
				_v200 = __r9;
				asm("o16 nop [eax+eax]");
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x87ca5e30;
				_v192 = 0;
				E00007FF87FF887CA49B0(0xffffffff,  &_v88, __rdx, _t86);
				_v152 = 0;
				_v136 = 0;
				_v128 = 0xf;
				_v152 = 0;
				if ( *_t85 != 0) goto 0x87ca5e76;
				E00007FF87FF887CA9100(0,  &_v152, _t85, 0, r8d);
				E00007FF87FF887CBE5B0(__ecx, _t41, 0, 0,  &_v152,  &_v152, _t86, _t87, r8d,  &_v88); // executed
				_t79 = _v128;
				if (_t79 - 0x10 < 0) goto 0x87ca5eeb;
				if (_t79 + 1 - 0x1000 < 0) goto 0x87ca5ee5;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca5ee5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_t82 = _v64;
				if (_t82 - 0x10 < 0) goto 0x87ca5f32;
				if (_t82 + 1 - 0x1000 < 0) goto 0x87ca5f2c;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca5f2c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887CC5E20(E00007FF87FF887CC56E4(), __ecx, _v56 ^ _t88 - 0x000000e8);
			}




























                                                                                                                0x7ff887ca5db0
                                                                                                                0x7ff887ca5dbf
                                                                                                                0x7ff887ca5dc9
                                                                                                                0x7ff887ca5dd4
                                                                                                                0x7ff887ca5dd9
                                                                                                                0x7ff887ca5ddd
                                                                                                                0x7ff887ca5de2
                                                                                                                0x7ff887ca5de7
                                                                                                                0x7ff887ca5df7
                                                                                                                0x7ff887ca5dfb
                                                                                                                0x7ff887ca5e08
                                                                                                                0x7ff887ca5e0d
                                                                                                                0x7ff887ca5e12
                                                                                                                0x7ff887ca5e18
                                                                                                                0x7ff887ca5e27
                                                                                                                0x7ff887ca5e38
                                                                                                                0x7ff887ca5e3a
                                                                                                                0x7ff887ca5e51
                                                                                                                0x7ff887ca5e59
                                                                                                                0x7ff887ca5e5e
                                                                                                                0x7ff887ca5e66
                                                                                                                0x7ff887ca5e72
                                                                                                                0x7ff887ca5e7c
                                                                                                                0x7ff887ca5e89
                                                                                                                0x7ff887ca5ea1
                                                                                                                0x7ff887ca5ea7
                                                                                                                0x7ff887ca5eb3
                                                                                                                0x7ff887ca5ec7
                                                                                                                0x7ff887ca5edc
                                                                                                                0x7ff887ca5ede
                                                                                                                0x7ff887ca5ee4
                                                                                                                0x7ff887ca5ee5
                                                                                                                0x7ff887ca5eeb
                                                                                                                0x7ff887ca5ef7
                                                                                                                0x7ff887ca5f0e
                                                                                                                0x7ff887ca5f23
                                                                                                                0x7ff887ca5f25
                                                                                                                0x7ff887ca5f2b
                                                                                                                0x7ff887ca5f4e

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA5EDE
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA5F25
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: e18008437c69ac987c1083b57540c6eb0e4324fcdc79bb6acb94207609e365fd
                                                                                                                • Instruction ID: f4a9ca01b16c3a23de3b7481e75e0f40b36bd4933d8fb6e7185789392b4211a8
                                                                                                                • Opcode Fuzzy Hash: e18008437c69ac987c1083b57540c6eb0e4324fcdc79bb6acb94207609e365fd
                                                                                                                • Instruction Fuzzy Hash: 554160A2A58AC582EB10CB29F5403AEB6A2FB957E0F505235DAAC437D9DF3CD445C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CACD20 Relevance: 3.1, APIs: 2, Instructions: 101COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 40%
                                                                                                                			E00007FF87FF887CACD20(intOrPtr __ecx, long long __rdx, void* __rbp, long long __r9, intOrPtr* _a40) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v128;
				long long _v136;
				char _v152;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				intOrPtr _v208;
				intOrPtr _v216;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t42;
				signed long long _t53;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t85;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t96;

				_t87 = __rbp;
				_t96 = _t88;
				_t53 =  *0x87ceec78; // 0x53a27ff7578c
				_v56 = _t53 ^ _t88 - 0x000000e8;
				_t85 = __rdx;
				_v208 = __ecx;
				_v176 = __rdx;
				_v216 = r14d;
				_v184 = __r9;
				 *((intOrPtr*)(_t96 - 0x78)) =  *_a40;
				_v200 = 2;
				_v192 = _t96 - 0x78;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x70], xmm0");
				_v200 = __r9;
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x87cacd96;
				_v192 = 0;
				E00007FF87FF887CA49B0(0xffffffff,  &_v88, __rdx, _t86);
				_v152 = 0;
				_v136 = 0;
				_v128 = 0xf;
				_v152 = 0;
				if ( *_t85 != 0) goto 0x87cacde0;
				E00007FF87FF887CA9100(0,  &_v152, _t85, 0, r8d);
				E00007FF87FF887CBE5B0(__ecx, _t42, 0, 0,  &_v152,  &_v152, _t86, _t87, r8d,  &_v88); // executed
				_t79 = _v128;
				if (_t79 - 0x10 < 0) goto 0x87cace55;
				if (_t79 + 1 - 0x1000 < 0) goto 0x87cace4f;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cace4f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_t82 = _v64;
				if (_t82 - 0x10 < 0) goto 0x87cace9c;
				if (_t82 + 1 - 0x1000 < 0) goto 0x87cace96;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cace96;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887CC5E20(E00007FF87FF887CC56E4(), __ecx, _v56 ^ _t88 - 0x000000e8);
			}




























                                                                                                                0x7ff887cacd20
                                                                                                                0x7ff887cacd20
                                                                                                                0x7ff887cacd2f
                                                                                                                0x7ff887cacd39
                                                                                                                0x7ff887cacd44
                                                                                                                0x7ff887cacd49
                                                                                                                0x7ff887cacd4d
                                                                                                                0x7ff887cacd52
                                                                                                                0x7ff887cacd57
                                                                                                                0x7ff887cacd66
                                                                                                                0x7ff887cacd6a
                                                                                                                0x7ff887cacd77
                                                                                                                0x7ff887cacd7c
                                                                                                                0x7ff887cacd81
                                                                                                                0x7ff887cacd87
                                                                                                                0x7ff887cacd9e
                                                                                                                0x7ff887cacda0
                                                                                                                0x7ff887cacdb7
                                                                                                                0x7ff887cacdbf
                                                                                                                0x7ff887cacdc4
                                                                                                                0x7ff887cacdcc
                                                                                                                0x7ff887cacdd8
                                                                                                                0x7ff887cacde6
                                                                                                                0x7ff887cacdf3
                                                                                                                0x7ff887cace0b
                                                                                                                0x7ff887cace11
                                                                                                                0x7ff887cace1d
                                                                                                                0x7ff887cace31
                                                                                                                0x7ff887cace46
                                                                                                                0x7ff887cace48
                                                                                                                0x7ff887cace4e
                                                                                                                0x7ff887cace4f
                                                                                                                0x7ff887cace55
                                                                                                                0x7ff887cace61
                                                                                                                0x7ff887cace78
                                                                                                                0x7ff887cace8d
                                                                                                                0x7ff887cace8f
                                                                                                                0x7ff887cace95
                                                                                                                0x7ff887caceb8

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CACE48
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CACE8F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: 402de58a4d92593279dd9034f4693e62950564fd35a04b631d78653cefa4ad41
                                                                                                                • Instruction ID: 067def6a225bbbe29f8f9de78aa5c9dae56c1ed222665f63c2dc741158c480b7
                                                                                                                • Opcode Fuzzy Hash: 402de58a4d92593279dd9034f4693e62950564fd35a04b631d78653cefa4ad41
                                                                                                                • Instruction Fuzzy Hash: 394181A2A48BC586EB208B68F54039EB6A2FB957E0F505235D7AC437D9DF3CD481CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB8050 Relevance: 3.1, APIs: 2, Instructions: 54threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 33%
                                                                                                                			E00007FF87FF887CB8050(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __r8, void* __r9, long long _a8, long long _a16, void* _a24) {
				long long _v40;
				void* __rdi;
				void* __rsi;
				long _t12;
				void* _t21;
				intOrPtr* _t25;

				_a16 = __rbx;
				_a8 = __rcx;
				_t25 = __r8;
				_t12 = GetCurrentThreadId();
				r10d =  *(__r8 + 4);
				_t21 = r10d - _t12;
				if (_t21 != 0) goto 0x87cb8082;
				 *((intOrPtr*)(__r8)) =  *((intOrPtr*)(__r8)) + 1;
				goto 0x87cb8093;
				asm("lock bts dword [ebx+0x8], 0x1f");
				if (_t21 < 0) goto 0x87cb80f6;
				 *(__r8 + 4) = _t12;
				 *((intOrPtr*)(__r8)) = 1;
				_v40 = __r8;
				E00007FF87FF887CB6090(__rax, __r8, __rcx, __rdx, __rcx, __r9, __r9); // executed
				 *_t25 =  *_t25 - 1;
				if (_t21 != 0) goto 0x87cb80e6;
				 *((intOrPtr*)(_t25 + 4)) = 0;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t21 < 0) goto 0x87cb80e6;
				if (0x80000000 - 0x80000000 <= 0) goto 0x87cb80e6;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x87cb80e6;
				E00007FF87FF887CBD940(_t25 + 8);
				SetEvent(??);
				return 1;
			}









                                                                                                                0x7ff887cb8050
                                                                                                                0x7ff887cb8055
                                                                                                                0x7ff887cb8065
                                                                                                                0x7ff887cb806e
                                                                                                                0x7ff887cb8074
                                                                                                                0x7ff887cb8079
                                                                                                                0x7ff887cb807c
                                                                                                                0x7ff887cb807e
                                                                                                                0x7ff887cb8080
                                                                                                                0x7ff887cb8082
                                                                                                                0x7ff887cb8088
                                                                                                                0x7ff887cb808a
                                                                                                                0x7ff887cb808d
                                                                                                                0x7ff887cb8093
                                                                                                                0x7ff887cb80a6
                                                                                                                0x7ff887cb80ac
                                                                                                                0x7ff887cb80af
                                                                                                                0x7ff887cb80b3
                                                                                                                0x7ff887cb80bf
                                                                                                                0x7ff887cb80c3
                                                                                                                0x7ff887cb80c7
                                                                                                                0x7ff887cb80ce
                                                                                                                0x7ff887cb80d0
                                                                                                                0x7ff887cb80d5
                                                                                                                0x7ff887cb80d7
                                                                                                                0x7ff887cb80df
                                                                                                                0x7ff887cb80f5

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentEventThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2592414440-0
                                                                                                                • Opcode ID: 834fed51e2728882df6bb9cdc2855ed8d83aedfefd05cddf5e5c8f44ad8cabbe
                                                                                                                • Instruction ID: 90a7978362dcdf2880003be8c5878fb133e1795f5060c80cfca1a4f338c04c1d
                                                                                                                • Opcode Fuzzy Hash: 834fed51e2728882df6bb9cdc2855ed8d83aedfefd05cddf5e5c8f44ad8cabbe
                                                                                                                • Instruction Fuzzy Hash: 71116D3294C64286EB118F36F48426E67F2FB45BD9F18C030EB5D97295DE3CE542DA90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CC17C0 Relevance: 3.0, APIs: 2, Instructions: 47stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _localtime64strftime
                                                                                                                • String ID:
                                                                                                                • API String ID: 1396910471-0
                                                                                                                • Opcode ID: 5b3d6727782fdf8fe32fba85827f6283c99371045998f41104964c7c4878100e
                                                                                                                • Instruction ID: fce602030b05be7972d3b1780a04ab0b8589321ce8983521f4573e6704e9a603
                                                                                                                • Opcode Fuzzy Hash: 5b3d6727782fdf8fe32fba85827f6283c99371045998f41104964c7c4878100e
                                                                                                                • Instruction Fuzzy Hash: 96214D22A08B8486E7208F25E54036EB7B1FB98BE8F455235DB9D4779ADF3CD194CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 00007FF887CC4820 Relevance: 21.1, APIs: 14, Instructions: 134COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Locinfo@std@@$??0_??1_Cvtvec@@Getcvt@_Lockit@std@@$??0facet@locale@std@@?c_str@?$_Bid@locale@std@@D@std@@Facet_Getfalse@_Getgloballocale@locale@std@@Gettrue@_Locimp@12@RegisterYarn@localeconvmallocstd::_
                                                                                                                • String ID:
                                                                                                                • API String ID: 2189335433-0
                                                                                                                • Opcode ID: dfaa5a83ef0c475c2ab3f4a0cde281c453823de07ddfc9b990716296e89603ee
                                                                                                                • Instruction ID: aef9d249fa2d6be742cefc4a1f9dc6dba93424a4e77a554db3d6d6212bf01327
                                                                                                                • Opcode Fuzzy Hash: dfaa5a83ef0c475c2ab3f4a0cde281c453823de07ddfc9b990716296e89603ee
                                                                                                                • Instruction Fuzzy Hash: 84513822A89B8182EB24DF11E9443AE6BB2FF88BC4F454136DA8E43B55DF3CE555C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CC6758 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 313767242-0
                                                                                                                • Opcode ID: ec673b4035b9770a6a4f4f059dcc0db7cd818e2d541853e018e626a61b69cb06
                                                                                                                • Instruction ID: 2f01bd1dd61d09c5a4dd0e58432357214d1ff8951e2e2fcc917cecc90a2bc782
                                                                                                                • Opcode Fuzzy Hash: ec673b4035b9770a6a4f4f059dcc0db7cd818e2d541853e018e626a61b69cb06
                                                                                                                • Instruction Fuzzy Hash: 94315B72649B818AEB708F60E8903ED7772FB85788F44443ADA4E57B99DF38D648C710
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA14A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 48%
                                                                                                                			E00007FF87FF887CA14A0(signed int __ebx) {
				void* __rbx;
				void* _t13;
				void* _t15;
				void* _t28;
				void* _t32;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t36;

				asm("cpuid");
				r8d = 0;
				if (0 - 1 < 0) goto 0x87ca1589;
				asm("cpuid");
				asm("bt ecx, 0x9");
				if (0 - 1 >= 0) goto 0x87ca14ff;
				 *0x87ceecb0 = E00007FF87FF887CD14B0;
				 *0x87ceecb8 = E00007FF87FF887CD1B10;
				 *0x87ceecc0 = E00007FF87FF887CD0610;
				 *0x87ceecc8 = E00007FF87FF887CD0C50;
				_t15 = r8d - 7;
				if (_t15 < 0) goto 0x87ca1589;
				asm("bt ecx, 0x1b");
				if (_t15 >= 0) goto 0x87ca1589;
				GetModuleHandleW(??);
				if (E00007FF87FF887CD0C50 == 0) goto 0x87ca1589;
				GetProcAddress(??, ??);
				if (E00007FF87FF887CD0C50 == 0) goto 0x87ca1589;
				E00007FF87FF887CD0C50(_t13, E00007FF87FF887CD0C50, _t28, E00007FF87FF887CD0C50, "GetEnabledExtendedFeatures", _t32, _t33, _t34, _t35, _t36);
				if (E00007FF87FF887CD0C50 != 6) goto 0x87ca1589;
				asm("cpuid");
				if ((__ebx & 0x00000020) == 0) goto 0x87ca1589;
				 *0x87ceecb0 = 0x87cd2ee0;
				 *0x87ceecb8 = 0x87cd3570;
				 *0x87ceecc0 = 0x87cd2150;
				 *0x87ceecc8 = 0x87cd2760;
				return 7;
			}












                                                                                                                0x7ff887ca14aa
                                                                                                                0x7ff887ca14ac
                                                                                                                0x7ff887ca14b2
                                                                                                                0x7ff887ca14bf
                                                                                                                0x7ff887ca14c1
                                                                                                                0x7ff887ca14c5
                                                                                                                0x7ff887ca14ce
                                                                                                                0x7ff887ca14dc
                                                                                                                0x7ff887ca14ea
                                                                                                                0x7ff887ca14f8
                                                                                                                0x7ff887ca14ff
                                                                                                                0x7ff887ca1503
                                                                                                                0x7ff887ca1509
                                                                                                                0x7ff887ca150d
                                                                                                                0x7ff887ca1516
                                                                                                                0x7ff887ca151f
                                                                                                                0x7ff887ca152b
                                                                                                                0x7ff887ca1534
                                                                                                                0x7ff887ca153b
                                                                                                                0x7ff887ca1541
                                                                                                                0x7ff887ca154a
                                                                                                                0x7ff887ca154f
                                                                                                                0x7ff887ca1558
                                                                                                                0x7ff887ca1566
                                                                                                                0x7ff887ca1574
                                                                                                                0x7ff887ca1582
                                                                                                                0x7ff887ca158e

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: GetEnabledExtendedFeatures$kernel32.dll
                                                                                                                • API String ID: 1646373207-4263775254
                                                                                                                • Opcode ID: f850ac751b7abb382709fc12ac46b43635d4a10ee8e8d7862937cf4f812eeb49
                                                                                                                • Instruction ID: 05ec9cc1ddaa289221998d5c614e0981f0e9b96c58d02aaa98eca033083f11f0
                                                                                                                • Opcode Fuzzy Hash: f850ac751b7abb382709fc12ac46b43635d4a10ee8e8d7862937cf4f812eeb49
                                                                                                                • Instruction Fuzzy Hash: 2921C065A89B0296FB659F18E9491BD77BBBF483C1F40493AD84E433B1EF2CA194C214
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CCA560 Relevance: 4.5, APIs: 3, Instructions: 37memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocProcessstd::bad_alloc::bad_alloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 3165967205-0
                                                                                                                • Opcode ID: db558d07e4aa709bf04ad3ba02a471e0ef772492a5870d7bc0de8774af9f4f29
                                                                                                                • Instruction ID: 939cbc3abc5126c81dc52639f6bfaa84589b918117fb045146b4f05f841b6e6d
                                                                                                                • Opcode Fuzzy Hash: db558d07e4aa709bf04ad3ba02a471e0ef772492a5870d7bc0de8774af9f4f29
                                                                                                                • Instruction Fuzzy Hash: 8DF03062E49F4681EB159B65E8140BC6772BFD9784B088034DA4E133A6EE3CE9D5C600
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CAE730 Relevance: 56.5, APIs: 24, Strings: 8, Instructions: 451COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 21%
                                                                                                                			E00007FF87FF887CAE730(void* __eax, void* __esi, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __rbp, void* __r8, long long _a8, long long _a24, long long _a32) {
				void* _v24;
				signed int _v32;
				intOrPtr _v72;
				char _v96;
				long long _v104;
				long long _v112;
				long long _v120;
				char _v128;
				long long _v136;
				long long _v144;
				long long _v152;
				char _v160;
				intOrPtr _v168;
				char _v192;
				intOrPtr _v200;
				char _v224;
				long long _v232;
				long long _v240;
				char _v256;
				long long _v264;
				long long _v272;
				short _v288;
				long long _v296;
				long long _v304;
				char _v320;
				long long _v328;
				long long _v336;
				char _v352;
				long long _v360;
				long long _v368;
				char _v384;
				long long _v392;
				long long _v400;
				char _v416;
				void* _v504;
				void* _v520;
				long long _v544;
				long long _v552;
				long long _v560;
				long long _v568;
				long long _v576;
				long long _v584;
				long long _v592;
				long long _v600;
				long long _v616;
				long long _v624;
				long long _v640;
				char _v656;
				char _v664;
				long long _v672;
				void* _v680;
				char _v688;
				char _v696;
				long long _v704;
				long long _v712;
				long long _v720;
				long long _v728;
				signed long long _t255;
				intOrPtr* _t257;
				intOrPtr _t258;
				long long _t313;
				intOrPtr _t317;
				void* _t340;
				intOrPtr* _t364;
				long long _t368;
				long long _t371;
				long long _t377;
				long long _t380;
				signed long long _t387;
				intOrPtr _t390;
				intOrPtr _t395;
				long long _t400;
				intOrPtr _t403;
				long long _t407;
				long long _t412;
				long long _t413;
				intOrPtr* _t414;
				void* _t416;
				void* _t417;
				long long _t427;

				_t416 = __rbp;
				_a8 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t418 = _t417 - 0x2e0;
				_t255 =  *0x87ceec78; // 0x53a27ff7578c
				_v32 = _t255 ^ _t417 - 0x000002e0;
				asm("xorps xmm0, xmm0");
				asm("movdqu [esp+0x88], xmm0");
				_t407 = __rcx + 0x70;
				_v672 = _t407;
				0x87cc5430();
				if (__eax != 0) goto 0x87caef5b;
				_t364 =  *((intOrPtr*)(__rcx + 0x60));
				_t257 =  *_t364;
				if (_t257 == _t364) goto 0x87caef63;
				if ( *((intOrPtr*)(_t257 + 0x10)) == __rdx) goto 0x87cae7b7;
				_t317 =  *_t257;
				_t258 = _t317;
				if (_t317 == _t364) goto 0x87caef63;
				goto 0x87cae7a0;
				_t412 =  *((intOrPtr*)(_t258 + 0x18));
				_v680 = _t412;
				if (_t412 == 0) goto 0x87cae7d7;
				asm("lock inc dword [esi+0x8]");
				_t413 =  *((intOrPtr*)(_t258 + 0x18));
				_v680 = _t413;
				_t313 = _v672;
				_t427 =  *((intOrPtr*)(_t258 + 0x10));
				_v624 = _t427;
				_v616 = _t413;
				0x87cc5436();
				_v640 = _t407;
				0x87cc5430();
				if (__eax != 0) goto 0x87caefad;
				if ( *((intOrPtr*)(_t427 + 0xf0)) == 0) goto 0x87caeef3;
				FlushFileBuffers(??);
				CloseHandle(??);
				E00007FF87FF887CAD4C0(_t258, _t313,  &_v384, _t427 + 0x40, _t413);
				E00007FF87FF887CAD4C0(_t258, _t313,  &_v416, _t427 + 0x60, _t413);
				_t260 =  >=  ? _v416 :  &_v416;
				_v160 =  >=  ? _v416 :  &_v416;
				_v152 = _v400;
				_t263 =  >=  ? _v384 :  &_v384;
				_v144 =  >=  ? _v384 :  &_v384;
				_v136 = _v368;
				_v600 = 0x1ce;
				_v592 =  &_v160;
				asm("movaps xmm0, [esp+0xa0]");
				asm("movdqa [esp+0xf0], xmm0");
				_v584 = "{}\\temp_{}";
				_v576 = 0xa;
				E00007FF87FF887CA49B0(_t313,  &_v192, _t407, _t413);
				_t368 = _v392;
				if (_t368 - 0x10 < 0) goto 0x87cae95f;
				if (_t368 + 1 - 0x1000 < 0) goto 0x87cae95a;
				if (_v416 -  *((intOrPtr*)(_v416 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cae95a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v400 = _t313;
				_v392 = 0xf;
				_v416 = 0;
				_t371 = _v360;
				if (_t371 - 0x10 < 0) goto 0x87cae9c2;
				if (_t371 + 1 - 0x1000 < 0) goto 0x87cae9bd;
				if (_v384 -  *((intOrPtr*)(_v384 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cae9bd;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v368 = _t313;
				_v360 = 0xf;
				_v384 = 0;
				E00007FF87FF887CAD4C0(_v384 -  *((intOrPtr*)(_v384 - 8)) + 0xfffffff8, _t313,  &_v320, _t427 + 0x40, _t413);
				E00007FF87FF887CAD4C0(_v384 -  *((intOrPtr*)(_v384 - 8)) + 0xfffffff8, _t313,  &_v352, _t427 + 0x60, _t413);
				_t274 =  >=  ? _v352 :  &_v352;
				_v128 =  >=  ? _v352 :  &_v352;
				_v120 = _v336;
				_t277 =  >=  ? _v320 :  &_v320;
				_v112 =  >=  ? _v320 :  &_v320;
				_v104 = _v304;
				_v568 = 0x1ce;
				_v560 =  &_v128;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movdqa [esp+0x100], xmm0");
				_v552 = "{}\\{}";
				_v544 = 5;
				E00007FF87FF887CA49B0(_t313,  &_v256, _t407, _t413);
				_t377 = _v328;
				if (_t377 - 0x10 < 0) goto 0x87caeb12;
				if (_t377 + 1 - 0x1000 < 0) goto 0x87caeb0d;
				if (_v352 -  *((intOrPtr*)(_v352 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caeb0d;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v336 = _t313;
				_v328 = 0xf;
				_v352 = 0;
				_t380 = _v296;
				if (_t380 - 0x10 < 0) goto 0x87caeb74;
				if (_t380 + 1 - 0x1000 < 0) goto 0x87caeb6f;
				if (_v320 -  *((intOrPtr*)(_v320 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caeb6f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v304 = _t313;
				_v296 = 0xf;
				_v320 = 0;
				if ( *((intOrPtr*)(_t427 + 0x100)) == 0) goto 0x87caeba2;
				DeleteDC(??);
				 *((long long*)(_t427 + 0xf0)) = _t313;
				 *((long long*)(_t427 + 0x100)) = _t313;
				 *((char*)(_t427 + 0xa1)) = 0;
				_v688 = _t313;
				E00007FF87FF887CAD4C0(_v320 -  *((intOrPtr*)(_v320 - 8)) + 0xfffffff8, _t313,  &_v224, _t427 + 0x80, _t413);
				_t385 =  >=  ? _v224 :  &_v224;
				E00007FF87FF887CB3FF0(0, _t313,  &_v288,  >=  ? _v224 :  &_v224, _t413, _t416);
				_t340 =  >=  ? _v288 :  &_v288;
				r8d = 0;
				r15b = OpenPrinterW(??, ??, ??) > 0;
				_v696 = r15b;
				_t387 = _v264;
				if (_t387 - 8 < 0) goto 0x87caec76;
				if (2 + _t387 * 2 - 0x1000 < 0) goto 0x87caec71;
				if (_v288 -  *((intOrPtr*)(_v288 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caec71;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v272 = _t313;
				_v264 = 7;
				_v288 = 0;
				_t390 = _v200;
				if (_t390 - 0x10 < 0) goto 0x87caecd8;
				if (_t390 + 1 - 0x1000 < 0) goto 0x87caecd3;
				if (_v224 -  *((intOrPtr*)(_v224 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caecd3;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v664 = _v688;
				_v656 =  &_v688;
				E00007FF87FF887CAD4C0( &_v688, _t313,  &_v96, _t427 + 0x80, _t413);
				_v704 =  &_v696;
				_v712 =  &_v664;
				_v720 =  &_v656;
				_v728 =  &_v96;
				r8d = 0x210;
				E00007FF87FF887CAD2C0(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", _t416, "OpenPrinterW (\'{}\', {:#x} -> {:#x}, NULL) -> {}");
				_t395 = _v72;
				if (_t395 - 0x10 < 0) goto 0x87caed91;
				if (_t395 + 1 - 0x1000 < 0) goto 0x87caed8c;
				if (_v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caed8c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				if (r15b == 0) goto 0x87caedc1;
				_v728 = 5;
				r9d = 0;
				r8d = 0;
				0x87cc5406();
				CloseHandle(??);
				_v728 =  &_v192;
				r8d = 0x24d;
				E00007FF87FF887CA5600(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "finalizing PCL \'{}\'");
				if (E00007FF87FF887CB3F10( &_v192) == 0) goto 0x87caefb5;
				if (E00007FF87FF887CB3F10( &_v256) == 0) goto 0x87caee1f;
				E00007FF87FF887CB2D50( &_v256);
				if (E00007FF87FF887CB2DE0(0, _t313,  &_v192,  &_v256) == 0) goto 0x87caefdd;
				_t414 = _v680;
				_t400 = _v232;
				if (_t400 - 0x10 < 0) goto 0x87caee90;
				if (_t400 + 1 - 0x1000 < 0) goto 0x87caee8b;
				if (_v256 -  *((intOrPtr*)(_v256 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caee8b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v240 = _t313;
				_v232 = 0xf;
				_v256 = 0;
				_t403 = _v168;
				if (_t403 - 0x10 < 0) goto 0x87caeef3;
				if (_t403 + 1 - 0x1000 < 0) goto 0x87caeeed;
				if (_v192 -  *((intOrPtr*)(_v192 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caeeed;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				0x87cc5436();
				if (_t414 == 0) goto 0x87caef2d;
				asm("lock xadd [esi+0x8], eax");
				if (0xffffffff != 1) goto 0x87caef2d;
				 *((intOrPtr*)( *_t414))();
				asm("lock xadd [esi+0xc], ebx");
				if (0xffffffff != 1) goto 0x87caef2d;
				return E00007FF87FF887CC5E20( *((intOrPtr*)( *_t414 + 8))(), 1, _v32 ^ _t418);
			}



















































































                                                                                                                0x7ff887cae730
                                                                                                                0x7ff887cae730
                                                                                                                0x7ff887cae735
                                                                                                                0x7ff887cae73a
                                                                                                                0x7ff887cae745
                                                                                                                0x7ff887cae74c
                                                                                                                0x7ff887cae756
                                                                                                                0x7ff887cae764
                                                                                                                0x7ff887cae767
                                                                                                                0x7ff887cae770
                                                                                                                0x7ff887cae777
                                                                                                                0x7ff887cae77f
                                                                                                                0x7ff887cae786
                                                                                                                0x7ff887cae78c
                                                                                                                0x7ff887cae790
                                                                                                                0x7ff887cae796
                                                                                                                0x7ff887cae7a4
                                                                                                                0x7ff887cae7a6
                                                                                                                0x7ff887cae7a9
                                                                                                                0x7ff887cae7af
                                                                                                                0x7ff887cae7b5
                                                                                                                0x7ff887cae7b7
                                                                                                                0x7ff887cae7bb
                                                                                                                0x7ff887cae7c3
                                                                                                                0x7ff887cae7c5
                                                                                                                0x7ff887cae7c9
                                                                                                                0x7ff887cae7cd
                                                                                                                0x7ff887cae7d2
                                                                                                                0x7ff887cae7d7
                                                                                                                0x7ff887cae7db
                                                                                                                0x7ff887cae7e3
                                                                                                                0x7ff887cae7ee
                                                                                                                0x7ff887cae7f3
                                                                                                                0x7ff887cae7fb
                                                                                                                0x7ff887cae802
                                                                                                                0x7ff887cae812
                                                                                                                0x7ff887cae818
                                                                                                                0x7ff887cae825
                                                                                                                0x7ff887cae837
                                                                                                                0x7ff887cae849
                                                                                                                0x7ff887cae860
                                                                                                                0x7ff887cae869
                                                                                                                0x7ff887cae879
                                                                                                                0x7ff887cae892
                                                                                                                0x7ff887cae89b
                                                                                                                0x7ff887cae8ab
                                                                                                                0x7ff887cae8b3
                                                                                                                0x7ff887cae8c7
                                                                                                                0x7ff887cae8cf
                                                                                                                0x7ff887cae8d7
                                                                                                                0x7ff887cae8e7
                                                                                                                0x7ff887cae8ef
                                                                                                                0x7ff887cae913
                                                                                                                0x7ff887cae919
                                                                                                                0x7ff887cae925
                                                                                                                0x7ff887cae93c
                                                                                                                0x7ff887cae951
                                                                                                                0x7ff887cae953
                                                                                                                0x7ff887cae959
                                                                                                                0x7ff887cae95a
                                                                                                                0x7ff887cae961
                                                                                                                0x7ff887cae969
                                                                                                                0x7ff887cae975
                                                                                                                0x7ff887cae97c
                                                                                                                0x7ff887cae988
                                                                                                                0x7ff887cae99f
                                                                                                                0x7ff887cae9b4
                                                                                                                0x7ff887cae9b6
                                                                                                                0x7ff887cae9bc
                                                                                                                0x7ff887cae9bd
                                                                                                                0x7ff887cae9c2
                                                                                                                0x7ff887cae9ca
                                                                                                                0x7ff887cae9d6
                                                                                                                0x7ff887cae9ea
                                                                                                                0x7ff887cae9fc
                                                                                                                0x7ff887caea13
                                                                                                                0x7ff887caea1c
                                                                                                                0x7ff887caea2c
                                                                                                                0x7ff887caea45
                                                                                                                0x7ff887caea4e
                                                                                                                0x7ff887caea5e
                                                                                                                0x7ff887caea66
                                                                                                                0x7ff887caea7a
                                                                                                                0x7ff887caea82
                                                                                                                0x7ff887caea8a
                                                                                                                0x7ff887caea9a
                                                                                                                0x7ff887caeaa2
                                                                                                                0x7ff887caeac6
                                                                                                                0x7ff887caeacc
                                                                                                                0x7ff887caead8
                                                                                                                0x7ff887caeaef
                                                                                                                0x7ff887caeb04
                                                                                                                0x7ff887caeb06
                                                                                                                0x7ff887caeb0c
                                                                                                                0x7ff887caeb0d
                                                                                                                0x7ff887caeb12
                                                                                                                0x7ff887caeb1a
                                                                                                                0x7ff887caeb26
                                                                                                                0x7ff887caeb2e
                                                                                                                0x7ff887caeb3a
                                                                                                                0x7ff887caeb51
                                                                                                                0x7ff887caeb66
                                                                                                                0x7ff887caeb68
                                                                                                                0x7ff887caeb6e
                                                                                                                0x7ff887caeb6f
                                                                                                                0x7ff887caeb74
                                                                                                                0x7ff887caeb7c
                                                                                                                0x7ff887caeb88
                                                                                                                0x7ff887caeb9a
                                                                                                                0x7ff887caeb9c
                                                                                                                0x7ff887caeba2
                                                                                                                0x7ff887caeba9
                                                                                                                0x7ff887caebb0
                                                                                                                0x7ff887caebb8
                                                                                                                0x7ff887caebcc
                                                                                                                0x7ff887caebe3
                                                                                                                0x7ff887caebf4
                                                                                                                0x7ff887caec0a
                                                                                                                0x7ff887caec13
                                                                                                                0x7ff887caec22
                                                                                                                0x7ff887caec26
                                                                                                                0x7ff887caec2b
                                                                                                                0x7ff887caec37
                                                                                                                0x7ff887caec53
                                                                                                                0x7ff887caec68
                                                                                                                0x7ff887caec6a
                                                                                                                0x7ff887caec70
                                                                                                                0x7ff887caec71
                                                                                                                0x7ff887caec76
                                                                                                                0x7ff887caec7e
                                                                                                                0x7ff887caec8a
                                                                                                                0x7ff887caec92
                                                                                                                0x7ff887caec9e
                                                                                                                0x7ff887caecb5
                                                                                                                0x7ff887caecca
                                                                                                                0x7ff887caeccc
                                                                                                                0x7ff887caecd2
                                                                                                                0x7ff887caecd3
                                                                                                                0x7ff887caecdd
                                                                                                                0x7ff887caece7
                                                                                                                0x7ff887caecfb
                                                                                                                0x7ff887caed06
                                                                                                                0x7ff887caed10
                                                                                                                0x7ff887caed1a
                                                                                                                0x7ff887caed27
                                                                                                                0x7ff887caed33
                                                                                                                0x7ff887caed45
                                                                                                                0x7ff887caed4b
                                                                                                                0x7ff887caed57
                                                                                                                0x7ff887caed6e
                                                                                                                0x7ff887caed83
                                                                                                                0x7ff887caed85
                                                                                                                0x7ff887caed8b
                                                                                                                0x7ff887caed8c
                                                                                                                0x7ff887caed94
                                                                                                                0x7ff887caed96
                                                                                                                0x7ff887caed9e
                                                                                                                0x7ff887caeda1
                                                                                                                0x7ff887caedb0
                                                                                                                0x7ff887caedba
                                                                                                                0x7ff887caedc9
                                                                                                                0x7ff887caedd5
                                                                                                                0x7ff887caede7
                                                                                                                0x7ff887caedfb
                                                                                                                0x7ff887caee10
                                                                                                                0x7ff887caee1a
                                                                                                                0x7ff887caee36
                                                                                                                0x7ff887caee45
                                                                                                                0x7ff887caee4a
                                                                                                                0x7ff887caee56
                                                                                                                0x7ff887caee6d
                                                                                                                0x7ff887caee82
                                                                                                                0x7ff887caee84
                                                                                                                0x7ff887caee8a
                                                                                                                0x7ff887caee8b
                                                                                                                0x7ff887caee90
                                                                                                                0x7ff887caee98
                                                                                                                0x7ff887caeea4
                                                                                                                0x7ff887caeeac
                                                                                                                0x7ff887caeeb8
                                                                                                                0x7ff887caeecf
                                                                                                                0x7ff887caeee4
                                                                                                                0x7ff887caeee6
                                                                                                                0x7ff887caeeec
                                                                                                                0x7ff887caeeed
                                                                                                                0x7ff887caeef6
                                                                                                                0x7ff887caeeff
                                                                                                                0x7ff887caef08
                                                                                                                0x7ff887caef10
                                                                                                                0x7ff887caef18
                                                                                                                0x7ff887caef1a
                                                                                                                0x7ff887caef22
                                                                                                                0x7ff887caef5a

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ExceptionThrow$C_error@std@@CloseHandleMtx_lockMtx_unlockThrow_$BuffersConcurrency::cancel_current_taskDeleteFileFlushOpenPrinter__std_exception_copymemmove
                                                                                                                • String ID: OpenPrinterW ('{}', {:#x} -> {:#x}, NULL) -> {}$c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't rename file$file not found$finalizing PCL '{}'$port object {:#x} is not present in the list${}\temp_{}${}\{}
                                                                                                                • API String ID: 2160768893-1265162037
                                                                                                                • Opcode ID: 58beda62e6417c6e25b5ef48cfd193df8d72ce1e7ef7f8c60a0b7f69ff954c08
                                                                                                                • Instruction ID: 6cb30dda46c8082349999882707d24f70696a75ac9fc0c6588136c63c4fa7816
                                                                                                                • Opcode Fuzzy Hash: 58beda62e6417c6e25b5ef48cfd193df8d72ce1e7ef7f8c60a0b7f69ff954c08
                                                                                                                • Instruction Fuzzy Hash: B6223BB2649BC280EB70DB14E5853EEA372FB94795F504232DA9D43AA9DF7CD085C740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB2420 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 260fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$C_error@std@@Mtx_lockMtx_unlockThrow_$ExceptionThrow$CloseFileHandleOpenPrinterWrite
                                                                                                                • String ID: OpenPrinterW ('{}', {:#x} -> {:#x}, NULL) -> {}$c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$no file handle to write$port object {:#x} is not present in the list
                                                                                                                • API String ID: 2224752147-625230079
                                                                                                                • Opcode ID: 932e98acf6a538dfd0b4d71e54e13c4e5c1377931cc4050753ee50d299f82302
                                                                                                                • Instruction ID: 0e3c30a704394a6481d91292680e9f86a48165e9cc4d213df534aef18b9c89d8
                                                                                                                • Opcode Fuzzy Hash: 932e98acf6a538dfd0b4d71e54e13c4e5c1377931cc4050753ee50d299f82302
                                                                                                                • Instruction Fuzzy Hash: 36B18A72B48B8285EB10DB65E4403AD6772FB947E8FA04136EE5D17BA9DF38E581C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD5590 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 250COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 25%
                                                                                                                			E00007FF87FF887CD5590(void* __ecx, void* __edx, long long __rbx, long long* __rcx, long long __rsi, long long __rbp, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				char _v144;
				long long _v152;
				void* _t78;
				void* _t83;
				void* _t95;
				char _t100;
				signed long long _t109;
				intOrPtr* _t119;
				intOrPtr* _t121;
				intOrPtr* _t122;
				long long _t138;
				intOrPtr _t144;
				intOrPtr _t156;
				intOrPtr* _t157;
				intOrPtr _t160;
				intOrPtr* _t162;
				intOrPtr _t167;
				void* _t169;
				long long* _t174;
				long long _t175;
				intOrPtr _t176;
				intOrPtr _t177;

				_t78 = __ecx;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t109 =  *0x87ceec78; // 0x53a27ff7578c
				_v56 = _t109 ^ _t169 - 0x00000090;
				_t174 = __rcx;
				 *__rcx = 0x87cdef88;
				_t162 =  *((intOrPtr*)(__rcx + 0x38));
				_t167 =  *((intOrPtr*)(__rcx + 0x40));
				r13d = 0;
				_t83 = _t162 - _t167;
				if (_t83 == 0) goto 0x87cd5744;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t83 < 0) goto 0x87cd5611;
				if (0x80000000 - 0x80000000 <= 0) goto 0x87cd5611;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x87cd5611;
				E00007FF87FF887CBD940( *((intOrPtr*)(_t162 + 8)));
				SetEvent(??);
				_t176 =  *_t162;
				if ( *((intOrPtr*)(_t176 + 0x10)) == 0) goto 0x87cd5737;
				E00007FF87FF887CD6690( *((intOrPtr*)(_t176 + 0x10)), 0x87cdef88, __rbx, _t176, _t162);
				if ( *((intOrPtr*)(_t176 + 0x10)) != 0) goto 0x87cd5635;
				goto 0x87cd5706;
				 *((intOrPtr*)(_t176 + 0x10)) = r13d;
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				_t119 =  *((intOrPtr*)(_t176 + 0x18));
				_t156 =  *((intOrPtr*)(_t176 + 0x20));
				if (_t119 == _t156) goto 0x87cd567f;
				asm("o16 nop [eax+eax]");
				 *((char*)( *_t119 + 0x14)) = 1;
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				if (_t119 + 8 != _t156) goto 0x87cd5660;
				_t177 =  *((intOrPtr*)(_t176 + 0x20));
				_t157 =  *((intOrPtr*)(_t176 + 0x18));
				if (_t157 == _t177) goto 0x87cd56ea;
				_t121 =  *_t157;
				if (_t121 == 0) goto 0x87cd56dd;
				asm("lock xadd [ebx+0x18], eax");
				if (0xffffffff != 1) goto 0x87cd56dd;
				if ( *((intOrPtr*)(_t121 + 8)) - 1 - 0xfffffffd > 0) goto 0x87cd56bc;
				CloseHandle(??);
				if ( *_t121 - 1 - 0xfffffffd > 0) goto 0x87cd56d0;
				CloseHandle(??);
				E00007FF87FF887CC56E4();
				if (_t157 + 8 != _t177) goto 0x87cd5690;
				 *((long long*)(_t176 + 0x20)) =  *((intOrPtr*)(_t176 + 0x18));
				_t95 =  *((intOrPtr*)(_t176 + 0x30)) - 1 - 0xfffffffd;
				if (_t95 > 0) goto 0x87cd5702;
				CloseHandle(??);
				 *((long long*)(_t176 + 0x30)) = _t175;
				asm("lock inc ecx");
				asm("bt eax, 0x1e");
				if (_t95 < 0) goto 0x87cd5737;
				if (0x80000000 - 0x80000000 <= 0) goto 0x87cd5737;
				asm("lock inc ecx");
				if (0x80000000 - 0x80000000 < 0) goto 0x87cd5737;
				E00007FF87FF887CBD940(_t176);
				SetEvent(??);
				if (_t162 + 0x10 != _t167) goto 0x87cd55e2;
				_t122 =  *((intOrPtr*)(_t174 + 0x50));
				_t160 =  *((intOrPtr*)(_t174 + 0x58));
				if (_t122 == _t160) goto 0x87cd57c6;
				_t138 =  *_t122 + 0x30;
				_v152 = _t138;
				_v144 = 0;
				if (_t138 == 0) goto 0x87cd588b;
				E00007FF87FF887CD6690(_t138,  *((intOrPtr*)(_t176 + 0x30)) - 1, _t122, _t138,  *_t122);
				_v144 = 1;
				E00007FF87FF887CD67A0();
				_t100 = _v144;
				if (_t100 == 0) goto 0x87cd57bd;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t100 < 0) goto 0x87cd57bd;
				if (0x80000000 - 0x80000000 <= 0) goto 0x87cd57bd;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x87cd57bd;
				E00007FF87FF887CBD940(_v152);
				SetEvent(??);
				if (_t122 + 0x10 != _t160) goto 0x87cd5753;
				if ( *((intOrPtr*)(_t174 + 0x68)) - 1 - 0xfffffffd > 0) goto 0x87cd57dc;
				CloseHandle(??);
				E00007FF87FF887CC93E0(_t174 + 0x50);
				_t144 =  *((intOrPtr*)(_t174 + 0x38));
				if (_t144 == 0) goto 0x87cd5832;
				if (( *((intOrPtr*)(_t174 + 0x48)) - _t144 & 0xfffffff0) - 0x1000 < 0) goto 0x87cd581d;
				if (_t144 -  *((intOrPtr*)(_t144 - 8)) - 8 - 0x1f > 0) goto 0x87cd5884;
				E00007FF87FF887CC56E4();
				 *((long long*)(_t174 + 0x38)) = _t175;
				 *((long long*)(_t174 + 0x40)) = _t175;
				 *((long long*)(_t174 + 0x48)) = _t175;
				E00007FF87FF887CD52C0(0x20, _t122 + 0x10, _t174 + 0x28);
				if ( *((intOrPtr*)(_t174 + 0x10)) - 1 - 0xfffffffd > 0) goto 0x87cd5853;
				return E00007FF87FF887CC5E20(CloseHandle(??), _t78, _v56 ^ _t169 - 0x00000090);
			}



























                                                                                                                0x7ff887cd5590
                                                                                                                0x7ff887cd5590
                                                                                                                0x7ff887cd5595
                                                                                                                0x7ff887cd559a
                                                                                                                0x7ff887cd55af
                                                                                                                0x7ff887cd55b9
                                                                                                                0x7ff887cd55c1
                                                                                                                0x7ff887cd55cb
                                                                                                                0x7ff887cd55ce
                                                                                                                0x7ff887cd55d2
                                                                                                                0x7ff887cd55d6
                                                                                                                0x7ff887cd55d9
                                                                                                                0x7ff887cd55dc
                                                                                                                0x7ff887cd55eb
                                                                                                                0x7ff887cd55ef
                                                                                                                0x7ff887cd55f3
                                                                                                                0x7ff887cd55fa
                                                                                                                0x7ff887cd55fc
                                                                                                                0x7ff887cd5601
                                                                                                                0x7ff887cd5603
                                                                                                                0x7ff887cd560b
                                                                                                                0x7ff887cd5611
                                                                                                                0x7ff887cd561a
                                                                                                                0x7ff887cd5623
                                                                                                                0x7ff887cd562e
                                                                                                                0x7ff887cd5630
                                                                                                                0x7ff887cd5635
                                                                                                                0x7ff887cd5639
                                                                                                                0x7ff887cd5640
                                                                                                                0x7ff887cd5646
                                                                                                                0x7ff887cd564a
                                                                                                                0x7ff887cd5651
                                                                                                                0x7ff887cd5657
                                                                                                                0x7ff887cd5666
                                                                                                                0x7ff887cd566a
                                                                                                                0x7ff887cd5670
                                                                                                                0x7ff887cd567d
                                                                                                                0x7ff887cd567f
                                                                                                                0x7ff887cd5683
                                                                                                                0x7ff887cd568a
                                                                                                                0x7ff887cd5690
                                                                                                                0x7ff887cd5696
                                                                                                                0x7ff887cd569d
                                                                                                                0x7ff887cd56a5
                                                                                                                0x7ff887cd56b3
                                                                                                                0x7ff887cd56b5
                                                                                                                0x7ff887cd56c7
                                                                                                                0x7ff887cd56c9
                                                                                                                0x7ff887cd56d8
                                                                                                                0x7ff887cd56e4
                                                                                                                0x7ff887cd56ea
                                                                                                                0x7ff887cd56f6
                                                                                                                0x7ff887cd56fa
                                                                                                                0x7ff887cd56fc
                                                                                                                0x7ff887cd5702
                                                                                                                0x7ff887cd570b
                                                                                                                0x7ff887cd5710
                                                                                                                0x7ff887cd5714
                                                                                                                0x7ff887cd571b
                                                                                                                0x7ff887cd571d
                                                                                                                0x7ff887cd5723
                                                                                                                0x7ff887cd5728
                                                                                                                0x7ff887cd5730
                                                                                                                0x7ff887cd573e
                                                                                                                0x7ff887cd5744
                                                                                                                0x7ff887cd5749
                                                                                                                0x7ff887cd5751
                                                                                                                0x7ff887cd5756
                                                                                                                0x7ff887cd575a
                                                                                                                0x7ff887cd575f
                                                                                                                0x7ff887cd5767
                                                                                                                0x7ff887cd576d
                                                                                                                0x7ff887cd5772
                                                                                                                0x7ff887cd577f
                                                                                                                0x7ff887cd5785
                                                                                                                0x7ff887cd578a
                                                                                                                0x7ff887cd5796
                                                                                                                0x7ff887cd579a
                                                                                                                0x7ff887cd579e
                                                                                                                0x7ff887cd57a5
                                                                                                                0x7ff887cd57a7
                                                                                                                0x7ff887cd57ac
                                                                                                                0x7ff887cd57ae
                                                                                                                0x7ff887cd57b6
                                                                                                                0x7ff887cd57c4
                                                                                                                0x7ff887cd57d3
                                                                                                                0x7ff887cd57d5
                                                                                                                0x7ff887cd57e1
                                                                                                                0x7ff887cd57e6
                                                                                                                0x7ff887cd57ee
                                                                                                                0x7ff887cd5803
                                                                                                                0x7ff887cd5818
                                                                                                                0x7ff887cd581d
                                                                                                                0x7ff887cd5823
                                                                                                                0x7ff887cd5828
                                                                                                                0x7ff887cd582d
                                                                                                                0x7ff887cd5837
                                                                                                                0x7ff887cd584a
                                                                                                                0x7ff887cd5883

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle$Event$ReleaseSemaphore$Create__std_exception_destroy_invalid_parameter_noinfo_noreturnstd::bad_exception::bad_exception
                                                                                                                • String ID: boost unique_lock has no mutex
                                                                                                                • API String ID: 1979981141-1332336223
                                                                                                                • Opcode ID: 99d43ab599dc6fdb592f883fd878a795e6f26811ccc1dd07ce6a8332fe436380
                                                                                                                • Instruction ID: aebbc6d0558e9a7d220bf4127ec70d68d8342c52d431b6a629f7289065b494ee
                                                                                                                • Opcode Fuzzy Hash: 99d43ab599dc6fdb592f883fd878a795e6f26811ccc1dd07ce6a8332fe436380
                                                                                                                • Instruction Fuzzy Hash: C9B1BE32A9AA4286EB20CB25E44867D3BB6FB44BE4F554231CA6D437D2DF3CE445C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA92D0 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 266COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E00007FF87FF887CA92D0(long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi) {
				void* _t20;
				void* _t21;
				intOrPtr _t38;
				long long _t55;
				long long _t62;
				unsigned long long _t63;
				void* _t66;
				void* _t70;
				void* _t71;

				_t34 = __rax;
				 *((long long*)(_t66 + 8)) = __rbx;
				 *((long long*)(_t66 + 0x10)) = _t62;
				 *((long long*)(_t66 + 0x18)) = __rsi;
				 *((long long*)(_t66 + 0x20)) = __rdi;
				_t63 =  *((intOrPtr*)(__rcx + 0x18));
				_t71 = __rcx;
				_t38 =  *((intOrPtr*)(__rcx + 8));
				_t55 =  >  ? __rdx : (_t63 >> 1) + _t63;
				if (_t55 - 0x1000 < 0) goto 0x87ca9337;
				if (_t55 + 0x27 - _t55 <= 0) goto 0x87ca93b9;
				_t21 = E00007FF87FF887CC56A8(_t20, __rax, _t55 + 0x27);
				if (__rax == 0) goto 0x87ca93b2;
				_t8 = _t34 + 0x27; // 0x27
				 *((long long*)((_t8 & 0xffffffe0) - 8)) = __rax;
				goto 0x87ca934b;
				if (_t55 == 0) goto 0x87ca9349;
				E00007FF87FF887CC56A8(_t21, __rax, _t55);
				goto 0x87ca934b;
				memmove(_t70, ??);
				 *((long long*)(_t71 + 8)) = __rax;
				 *((long long*)(_t71 + 0x18)) = _t55;
				if (_t38 == _t71 + 0x20) goto 0x87ca9397;
				if (_t63 - 0x1000 < 0) goto 0x87ca938c;
				if (_t38 -  *((intOrPtr*)(_t38 - 8)) - 8 - 0x1f > 0) goto 0x87ca93b2;
				return E00007FF87FF887CC56E4();
			}












                                                                                                                0x7ff887ca92d0
                                                                                                                0x7ff887ca92d0
                                                                                                                0x7ff887ca92d5
                                                                                                                0x7ff887ca92da
                                                                                                                0x7ff887ca92df
                                                                                                                0x7ff887ca92ea
                                                                                                                0x7ff887ca92ee
                                                                                                                0x7ff887ca92f1
                                                                                                                0x7ff887ca9301
                                                                                                                0x7ff887ca930c
                                                                                                                0x7ff887ca9315
                                                                                                                0x7ff887ca931b
                                                                                                                0x7ff887ca9323
                                                                                                                0x7ff887ca9329
                                                                                                                0x7ff887ca9331
                                                                                                                0x7ff887ca9335
                                                                                                                0x7ff887ca933a
                                                                                                                0x7ff887ca933f
                                                                                                                0x7ff887ca9347
                                                                                                                0x7ff887ca9355
                                                                                                                0x7ff887ca935e
                                                                                                                0x7ff887ca9362
                                                                                                                0x7ff887ca9369
                                                                                                                0x7ff887ca9372
                                                                                                                0x7ff887ca9387
                                                                                                                0x7ff887ca93b1

                                                                                                                APIs
                                                                                                                • memmove.VCRUNTIME140 ref: 00007FF887CA9355
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA93B2
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887CA93B9
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA94A6
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA9554
                                                                                                                  • Part of subcall function 00007FF887CC56A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887CA8F4E), ref: 00007FF887CC56C2
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA95B3
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA962E
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA968D
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA96E1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmallocmemmove
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_addport '{}', {:#x}, '{}'$system
                                                                                                                • API String ID: 2599383951-1193261317
                                                                                                                • Opcode ID: 4935a0c16d97e0630a2bf55e0609a616481e8775f26f51872745fbdf5378563e
                                                                                                                • Instruction ID: 002f0657ede3b88570a775c8cac2a350789525c5dfc56db74ff0338e4310b63e
                                                                                                                • Opcode Fuzzy Hash: 4935a0c16d97e0630a2bf55e0609a616481e8775f26f51872745fbdf5378563e
                                                                                                                • Instruction Fuzzy Hash: 2DB1D2A2A49A8181EB64DB65E54536EB373FB94BE1F104231DAAD07BDADF7CD081C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB07D0 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 168registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 23%
                                                                                                                			E00007FF87FF887CB07D0(long long __rbx, long long __rcx, long long __rdi, long long __rsi, long long _a16, long long _a24, long long _a32) {
				void* _v8;
				signed int _v16;
				signed long long _v24;
				intOrPtr _v32;
				char _v48;
				long long _v56;
				long long _v64;
				char _v80;
				char _v88;
				intOrPtr _v96;
				long long _v104;
				void* __rbp;
				long _t58;
				void* _t74;
				signed long long _t100;
				void* _t143;
				signed long long _t144;
				long long _t150;
				long long _t156;
				signed long long _t161;
				long long _t165;
				intOrPtr* _t166;
				long long _t168;
				void* _t171;

				_t168 = __rsi;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t100 =  *0x87ceec78; // 0x53a27ff7578c
				_v16 = _t100 ^ _t171 - 0x00000080;
				_t165 = __rcx;
				_v88 = __rsi;
				if ( *((long long*)(__rcx + 0x18)) - 0x10 < 0) goto 0x87cb080e;
				E00007FF87FF887CB3FF0(_t74, __rbx,  &_v48,  *((intOrPtr*)(__rcx)), __rsi, _t171);
				_t143 =  >=  ? _v48 :  &_v48;
				_v104 =  &_v88;
				r9d = 0x2001b;
				r8d = 0;
				_t58 = RegOpenKeyExW(??, ??, ??, ??, ??);
				_t144 = _v24;
				if (_t144 - 8 < 0) goto 0x87cb0889;
				if (2 + _t144 * 2 - 0x1000 < 0) goto 0x87cb0884;
				if (_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cb0884;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				if (_t58 == 0) goto 0x87cb08b5;
				_v104 = _t165;
				r8d = 0x229;
				E00007FF87FF887CA5600(4, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t open registry key \'HKLM\\{}\'");
				goto 0x87cb0a63;
				_t166 =  *((intOrPtr*)(_t165 + 0x60));
				_t117 =  *_t166;
				if ( *_t166 == _t166) goto 0x87cb0a59;
				E00007FF87FF887CAD4C0(_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8,  *_t166,  &_v80,  *((intOrPtr*)( *_t166 + 0x10)), _t168);
				_v104 =  &_v80;
				r8d = 0x22d;
				E00007FF87FF887CA5600(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "set \'name\' value to \'{}\'");
				_t150 = _v56;
				if (_t150 - 0x10 < 0) goto 0x87cb0936;
				if (_t150 + 1 - 0x1000 < 0) goto 0x87cb0931;
				if (_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87cb0a44;
				E00007FF87FF887CC56E4();
				E00007FF87FF887CAD4C0(_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8,  *_t166,  &_v80,  *((intOrPtr*)( *_t166 + 0x10)), _t168);
				_t155 =  >=  ? _v80 :  &_v80;
				E00007FF87FF887CB3FF0(_t58, _t117,  &_v48,  >=  ? _v80 :  &_v80, _t168, _t171);
				_t156 = _v56;
				if (_t156 - 0x10 < 0) goto 0x87cb0997;
				if (_t156 + 1 - 0x1000 < 0) goto 0x87cb0992;
				if (_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87cb0a4b;
				E00007FF87FF887CC56E4();
				_v64 = _t168;
				_v56 = 0xf;
				_v80 = 0;
				_t133 =  >=  ? _v48 :  &_v48;
				_v96 = _v32 + _v32;
				_v104 =  >=  ? _v48 :  &_v48;
				r9d = 1;
				r8d = 0;
				if (RegSetValueExW(??, ??, ??, ??, ??, ??) == 0) goto 0x87cb0a00;
				r8d = 0x232;
				E00007FF87FF887CA52D0(4, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t set \'name\' value for key");
				_t161 = _v24;
				if (_t161 - 8 < 0) goto 0x87cb0a3c;
				if (2 + _t161 * 2 - 0x1000 < 0) goto 0x87cb0a37;
				if (_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87cb0a52;
				E00007FF87FF887CC56E4();
				goto 0x87cb08bc;
				__imp___invalid_parameter_noinfo_noreturn();
				__imp___invalid_parameter_noinfo_noreturn();
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887CC5E20(RegCloseKey(??), 4, _v16 ^ _t171 - 0x00000080);
			}



























                                                                                                                0x7ff887cb07d0
                                                                                                                0x7ff887cb07d0
                                                                                                                0x7ff887cb07d5
                                                                                                                0x7ff887cb07da
                                                                                                                0x7ff887cb07ea
                                                                                                                0x7ff887cb07f4
                                                                                                                0x7ff887cb07f8
                                                                                                                0x7ff887cb07fd
                                                                                                                0x7ff887cb0809
                                                                                                                0x7ff887cb0812
                                                                                                                0x7ff887cb0820
                                                                                                                0x7ff887cb0829
                                                                                                                0x7ff887cb082e
                                                                                                                0x7ff887cb0834
                                                                                                                0x7ff887cb083e
                                                                                                                0x7ff887cb0846
                                                                                                                0x7ff887cb084e
                                                                                                                0x7ff887cb0866
                                                                                                                0x7ff887cb087b
                                                                                                                0x7ff887cb087d
                                                                                                                0x7ff887cb0883
                                                                                                                0x7ff887cb0884
                                                                                                                0x7ff887cb088b
                                                                                                                0x7ff887cb088d
                                                                                                                0x7ff887cb0899
                                                                                                                0x7ff887cb08ab
                                                                                                                0x7ff887cb08b0
                                                                                                                0x7ff887cb08b5
                                                                                                                0x7ff887cb08b9
                                                                                                                0x7ff887cb08bf
                                                                                                                0x7ff887cb08cd
                                                                                                                0x7ff887cb08d7
                                                                                                                0x7ff887cb08e3
                                                                                                                0x7ff887cb08f5
                                                                                                                0x7ff887cb08fb
                                                                                                                0x7ff887cb0903
                                                                                                                0x7ff887cb0916
                                                                                                                0x7ff887cb092b
                                                                                                                0x7ff887cb0931
                                                                                                                0x7ff887cb093e
                                                                                                                0x7ff887cb094d
                                                                                                                0x7ff887cb0956
                                                                                                                0x7ff887cb095c
                                                                                                                0x7ff887cb0964
                                                                                                                0x7ff887cb0977
                                                                                                                0x7ff887cb098c
                                                                                                                0x7ff887cb0992
                                                                                                                0x7ff887cb0997
                                                                                                                0x7ff887cb099b
                                                                                                                0x7ff887cb09a3
                                                                                                                0x7ff887cb09b5
                                                                                                                0x7ff887cb09ba
                                                                                                                0x7ff887cb09be
                                                                                                                0x7ff887cb09c3
                                                                                                                0x7ff887cb09c9
                                                                                                                0x7ff887cb09df
                                                                                                                0x7ff887cb09e8
                                                                                                                0x7ff887cb09fa
                                                                                                                0x7ff887cb0a00
                                                                                                                0x7ff887cb0a08
                                                                                                                0x7ff887cb0a20
                                                                                                                0x7ff887cb0a35
                                                                                                                0x7ff887cb0a37
                                                                                                                0x7ff887cb0a3f
                                                                                                                0x7ff887cb0a44
                                                                                                                0x7ff887cb0a4b
                                                                                                                0x7ff887cb0a52
                                                                                                                0x7ff887cb0a58
                                                                                                                0x7ff887cb0a87

                                                                                                                APIs
                                                                                                                • RegOpenKeyExW.ADVAPI32 ref: 00007FF887CB083E
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CB087D
                                                                                                                • RegCloseKey.ADVAPI32 ref: 00007FF887CB0A5D
                                                                                                                  • Part of subcall function 00007FF887CA5600: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA574B
                                                                                                                  • Part of subcall function 00007FF887CA5600: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA5792
                                                                                                                • RegSetValueExW.ADVAPI32 ref: 00007FF887CB09D7
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CB0A44
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CB0A4B
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CB0A52
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CloseOpenValue
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't open registry key 'HKLM\{}'$couldn't set 'name' value for key$name$set 'name' value to '{}'
                                                                                                                • API String ID: 31251203-1549987888
                                                                                                                • Opcode ID: f213333980d3473a6b08d39c654d3b2c1dc675a5dbd0e615af430c2f992845d7
                                                                                                                • Instruction ID: aa8177b3a7e7c6904e8b1f33e4c8fd921b0d64e1750417b63aa73c4bacd9eb46
                                                                                                                • Opcode Fuzzy Hash: f213333980d3473a6b08d39c654d3b2c1dc675a5dbd0e615af430c2f992845d7
                                                                                                                • Instruction Fuzzy Hash: DF717C72B54A4288FB10DBA5E4447AC2772FB447E8F545636EA2D53BD9DF78E281C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CAF6B0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 277COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 31%
                                                                                                                			E00007FF87FF887CAF6B0(void* __edi, void* __esi, long long __rbx, signed int __rcx, long long __rdx, intOrPtr* __r8) {
				void* __rsi;
				void* __rbp;
				void* __r14;
				void* _t89;
				signed char _t110;
				void* _t115;
				signed long long _t146;
				intOrPtr _t149;
				long long _t163;
				intOrPtr _t183;
				intOrPtr _t217;
				intOrPtr _t220;
				void* _t229;
				void* _t233;
				int _t236;
				long long _t238;
				int _t240;
				void* _t241;
				void* _t243;
				signed long long _t244;
				intOrPtr _t249;
				void* _t251;
				void* _t257;
				void* _t258;
				char* _t259;
				int _t261;
				intOrPtr _t262;
				int _t265;
				void* _t267;
				intOrPtr _t268;
				long long _t269;

				 *((long long*)(_t243 + 8)) = __rbx;
				_t241 = _t243 - 0xb0;
				_t244 = _t243 - 0x1b0;
				_t146 =  *0x87ceec78; // 0x53a27ff7578c
				 *(_t241 + 0xa0) = _t146 ^ _t244;
				_t179 = __r8;
				_t259 = __rdx;
				 *((long long*)(_t244 + 0x30)) = __rdx;
				r15d = 0;
				 *(_t244 + 0x20) = r15d;
				_t149 =  *((intOrPtr*)( *[gs:0x58] + __rcx * 8));
				_t115 =  *0x87cf1ac4 -  *((intOrPtr*)(__rdx + _t149)); // 0x0
				if (_t115 > 0) goto 0x87cafabc;
				if ( *((long long*)(__r8 + 0x18)) - 0x10 < 0) goto 0x87caf72b;
				if ( *((intOrPtr*)(__r8 + 0x10)) == 0) goto 0x87caf763;
				_t89 = memchr(_t267, _t265, _t261);
				if (_t149 == 0) goto 0x87caf763;
				_t150 = _t149 -  *__r8;
				if (_t149 -  *__r8 == 0xffffffff) goto 0x87caf763;
				E00007FF87FF887CB3170(_t89, __r8, _t241 + 0x80, __r8, _t236, _t258);
				r14d = 1;
				goto 0x87caf776;
				E00007FF87FF887CAD4C0(_t149 -  *__r8, __r8, _t241 + 0x40, __r8, _t236);
				r14d = 2;
				 *(_t244 + 0x20) = r14d;
				E00007FF87FF887CAD4C0(_t150, _t179, _t241 + 0x60, _t150, _t236);
				if ((r14b & 0x00000002) == 0) goto 0x87caf7e0;
				r14d = r14d & 0xfffffffd;
				_t217 =  *((intOrPtr*)(_t241 + 0x58));
				if (_t217 - 0x10 < 0) goto 0x87caf7d0;
				if (_t217 + 1 - 0x1000 < 0) goto 0x87caf7cb;
				if ( *((intOrPtr*)(_t241 + 0x40)) -  *((intOrPtr*)( *((intOrPtr*)(_t241 + 0x40)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caf7cb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				 *(_t241 + 0x50) = _t267;
				 *((long long*)(_t241 + 0x58)) = 0xf;
				 *((char*)(_t241 + 0x40)) = 0;
				if ((r14b & 0x00000001) == 0) goto 0x87caf847;
				r14d = r14d & 0xfffffffe;
				_t220 =  *((intOrPtr*)(_t241 + 0x98));
				if (_t220 - 0x10 < 0) goto 0x87caf82e;
				if (_t220 + 1 - 0x1000 < 0) goto 0x87caf829;
				if ( *((intOrPtr*)(_t241 + 0x80)) -  *((intOrPtr*)( *((intOrPtr*)(_t241 + 0x80)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caf829;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				 *(_t241 + 0x90) = _t267;
				 *((long long*)(_t241 + 0x98)) = 0xf;
				 *((char*)(_t241 + 0x80)) = 0;
				 *((long long*)(_t244 + 0x40)) = 0x87cdc490;
				 *((long long*)(_t244 + 0x50)) = 0x87cdc498;
				__imp__??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ();
				r14d = r14d | 0x00000008;
				 *(_t244 + 0x20) = r14d;
				r8d = 0;
				__imp__??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z();
				 *((long long*)(_t244 +  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) + 0x40)) = 0x87cdc488;
				 *((intOrPtr*)(_t244 +  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) + 0x3c)) =  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) - 0x98;
				__imp__??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ();
				 *((long long*)(_t244 + 0x58)) = 0x87cdc408;
				 *(_t241 - 0x40) = _t267;
				 *(_t241 - 0x38) = r15d;
				_t262 =  *((intOrPtr*)(_t241 + 0x60));
				_t233 =  >=  ? _t262 : _t241 + 0x60;
				_t200 =  >=  ? _t262 : _t241 + 0x60;
				_t238 =  *((intOrPtr*)(_t241 + 0x70)) + ( >=  ? _t262 : _t241 + 0x60);
				 *((long long*)(_t244 + 0x28)) = _t238;
				if (_t233 == _t238) goto 0x87caf980;
				_t268 =  *0x87cee010; // 0x9
				_t163 = _t238;
				if (sil - 0x20 < 0) goto 0x87caf96a;
				_t182 =  >=  ?  *0x87cee000 : 0x87cee000;
				if (_t268 == 0) goto 0x87caf950;
				memchr(_t229, _t236, _t240);
				if (_t163 == 0) goto 0x87caf950;
				if (_t163 - 0x87cee000 != 0xffffffff) goto 0x87caf965;
				E00007FF87FF887CAC670(sil & 0xffffffff,  >=  ?  *0x87cee000 : 0x87cee000, _t244 + 0x50);
				_t269 =  *0x87cee010; // 0x9
				if (_t233 + 1 !=  *((intOrPtr*)(_t244 + 0x28))) goto 0x87caf910;
				_t110 =  *(_t241 - 0x38);
				_t257 =  *(_t241 - 0x40);
				_t183 =  *((intOrPtr*)(_t241 + 0x78));
				r15d = 0;
				 *_t259 = _t269;
				 *((long long*)(_t259 + 0x10)) = _t269;
				 *((long long*)(_t259 + 0x18)) = 0xf;
				 *_t259 = 0;
				r14d = r14d | 0x00000020;
				 *(_t244 + 0x20) = r14d;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp+0x40], xmm0");
				if ((_t110 & 0x00000022) == 2) goto 0x87caf9cf;
				_t249 =  *((intOrPtr*)( *((intOrPtr*)(_t241 - 0x68))));
				if (_t249 == 0) goto 0x87caf9cf;
				_t250 =  <  ? _t257 : _t249;
				_t251 = ( <  ? _t257 : _t249) -  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x78))));
				goto 0x87caf9ff;
				if ((_t110 & 0x00000004) != 0) goto 0x87caf9f7;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t241 - 0x70)))) == 0) goto 0x87caf9f7;
				goto 0x87caf9ff;
				if ( *((intOrPtr*)(_t241 + 0x40)) == 0) goto 0x87cafa0d;
				E00007FF87FF887CA9100(_t183, _t259,  *((intOrPtr*)(_t241 + 0x40)),  *((intOrPtr*)(_t241 + 0x48)), _t265);
				 *((long long*)(_t244 +  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) + 0x40)) = 0x87cdc488;
				 *((intOrPtr*)(_t244 +  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) + 0x3c)) =  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) - 0x98;
				E00007FF87FF887CAD8F0();
				__imp__??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ();
				__imp__??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ();
				if (_t183 - 0x10 < 0) goto 0x87cafa8f;
				if (_t183 + 1 - 0x1000 < 0) goto 0x87cafa87;
				if (_t262 -  *((intOrPtr*)(_t262 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cafa87;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887CC5E20(E00007FF87FF887CC56E4(), _t103,  *(_t241 + 0xa0) ^ _t244);
			}


































                                                                                                                0x7ff887caf6b0
                                                                                                                0x7ff887caf6c0
                                                                                                                0x7ff887caf6c8
                                                                                                                0x7ff887caf6cf
                                                                                                                0x7ff887caf6d9
                                                                                                                0x7ff887caf6e0
                                                                                                                0x7ff887caf6e3
                                                                                                                0x7ff887caf6e6
                                                                                                                0x7ff887caf6eb
                                                                                                                0x7ff887caf6ee
                                                                                                                0x7ff887caf707
                                                                                                                0x7ff887caf70e
                                                                                                                0x7ff887caf714
                                                                                                                0x7ff887caf726
                                                                                                                0x7ff887caf72e
                                                                                                                0x7ff887caf738
                                                                                                                0x7ff887caf740
                                                                                                                0x7ff887caf742
                                                                                                                0x7ff887caf749
                                                                                                                0x7ff887caf755
                                                                                                                0x7ff887caf75b
                                                                                                                0x7ff887caf761
                                                                                                                0x7ff887caf76a
                                                                                                                0x7ff887caf770
                                                                                                                0x7ff887caf776
                                                                                                                0x7ff887caf782
                                                                                                                0x7ff887caf78c
                                                                                                                0x7ff887caf78e
                                                                                                                0x7ff887caf792
                                                                                                                0x7ff887caf79a
                                                                                                                0x7ff887caf7ad
                                                                                                                0x7ff887caf7c2
                                                                                                                0x7ff887caf7c4
                                                                                                                0x7ff887caf7ca
                                                                                                                0x7ff887caf7cb
                                                                                                                0x7ff887caf7d0
                                                                                                                0x7ff887caf7d4
                                                                                                                0x7ff887caf7dc
                                                                                                                0x7ff887caf7e4
                                                                                                                0x7ff887caf7e6
                                                                                                                0x7ff887caf7ea
                                                                                                                0x7ff887caf7f5
                                                                                                                0x7ff887caf80b
                                                                                                                0x7ff887caf820
                                                                                                                0x7ff887caf822
                                                                                                                0x7ff887caf828
                                                                                                                0x7ff887caf829
                                                                                                                0x7ff887caf82e
                                                                                                                0x7ff887caf835
                                                                                                                0x7ff887caf840
                                                                                                                0x7ff887caf84e
                                                                                                                0x7ff887caf85a
                                                                                                                0x7ff887caf863
                                                                                                                0x7ff887caf86a
                                                                                                                0x7ff887caf86e
                                                                                                                0x7ff887caf873
                                                                                                                0x7ff887caf880
                                                                                                                0x7ff887caf897
                                                                                                                0x7ff887caf8ab
                                                                                                                0x7ff887caf8b4
                                                                                                                0x7ff887caf8c1
                                                                                                                0x7ff887caf8c9
                                                                                                                0x7ff887caf8d0
                                                                                                                0x7ff887caf8d7
                                                                                                                0x7ff887caf8e3
                                                                                                                0x7ff887caf8eb
                                                                                                                0x7ff887caf8f3
                                                                                                                0x7ff887caf8f6
                                                                                                                0x7ff887caf8fe
                                                                                                                0x7ff887caf904
                                                                                                                0x7ff887caf90b
                                                                                                                0x7ff887caf917
                                                                                                                0x7ff887caf928
                                                                                                                0x7ff887caf933
                                                                                                                0x7ff887caf93d
                                                                                                                0x7ff887caf945
                                                                                                                0x7ff887caf94e
                                                                                                                0x7ff887caf959
                                                                                                                0x7ff887caf95e
                                                                                                                0x7ff887caf970
                                                                                                                0x7ff887caf972
                                                                                                                0x7ff887caf975
                                                                                                                0x7ff887caf979
                                                                                                                0x7ff887caf97d
                                                                                                                0x7ff887caf980
                                                                                                                0x7ff887caf984
                                                                                                                0x7ff887caf989
                                                                                                                0x7ff887caf992
                                                                                                                0x7ff887caf997
                                                                                                                0x7ff887caf99b
                                                                                                                0x7ff887caf9a0
                                                                                                                0x7ff887caf9a3
                                                                                                                0x7ff887caf9ad
                                                                                                                0x7ff887caf9b3
                                                                                                                0x7ff887caf9b9
                                                                                                                0x7ff887caf9c6
                                                                                                                0x7ff887caf9ca
                                                                                                                0x7ff887caf9cd
                                                                                                                0x7ff887caf9d2
                                                                                                                0x7ff887caf9de
                                                                                                                0x7ff887caf9f5
                                                                                                                0x7ff887cafa02
                                                                                                                0x7ff887cafa07
                                                                                                                0x7ff887cafa1d
                                                                                                                0x7ff887cafa31
                                                                                                                0x7ff887cafa3a
                                                                                                                0x7ff887cafa44
                                                                                                                0x7ff887cafa4e
                                                                                                                0x7ff887cafa59
                                                                                                                0x7ff887cafa69
                                                                                                                0x7ff887cafa7e
                                                                                                                0x7ff887cafa80
                                                                                                                0x7ff887cafa86
                                                                                                                0x7ff887cafabb

                                                                                                                APIs
                                                                                                                • memchr.VCRUNTIME140 ref: 00007FF887CAF738
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAF7C4
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAF822
                                                                                                                • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF887CAF863
                                                                                                                • ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140 ref: 00007FF887CAF880
                                                                                                                • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF887CAF8B4
                                                                                                                • memchr.VCRUNTIME140 ref: 00007FF887CAF93D
                                                                                                                • ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF887CAFA44
                                                                                                                • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF887CAFA4E
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAFA80
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: U?$char_traits@$D@std@@@std@@$_invalid_parameter_noinfo_noreturn$memchr$??0?$basic_ios@??0?$basic_iostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_iostream@D@std@@@1@@V?$basic_streambuf@
                                                                                                                • String ID: monitor_closeport {:#x}
                                                                                                                • API String ID: 4289661960-2839211239
                                                                                                                • Opcode ID: c82c8cd502e6721fab7b8271672f7f60528b4d1c490a7fec126fe6135d168e8b
                                                                                                                • Instruction ID: cfdc24e04a3ffad46799195d4a424d8aa53df8dc3599fa8d4110b996da2b8982
                                                                                                                • Opcode Fuzzy Hash: c82c8cd502e6721fab7b8271672f7f60528b4d1c490a7fec126fe6135d168e8b
                                                                                                                • Instruction Fuzzy Hash: 1FC17EA2A48B8286EB10CF25E9443AD7772FB45BE9F144632DA5D077A9DF3CD485C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA3FD0 Relevance: 18.4, APIs: 5, Strings: 7, Instructions: 418COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 21%
                                                                                                                			E00007FF87FF887CA3FD0() {
				void* _t109;
				signed int _t119;
				void* _t120;
				signed int _t123;
				void* _t127;
				signed int _t129;
				signed int _t138;
				void* _t172;
				signed long long _t186;
				signed long long _t187;
				long long _t188;
				intOrPtr* _t189;
				long long _t190;
				long long _t192;
				intOrPtr* _t195;
				intOrPtr* _t196;
				long long _t200;
				intOrPtr* _t203;
				long long _t204;
				long long _t206;
				signed long long _t208;
				signed long long _t209;
				long long* _t211;
				signed long long _t212;
				signed char* _t216;
				signed char* _t217;
				void* _t218;
				long long* _t219;
				intOrPtr* _t221;
				void* _t235;
				intOrPtr _t239;
				void* _t252;
				long long _t254;
				long long _t275;
				char* _t277;
				void* _t280;
				signed char* _t281;
				signed char* _t282;
				signed char* _t283;
				int _t285;
				long long* _t286;
				void* _t287;
				void* _t289;
				signed long long _t290;
				void* _t300;
				void* _t303;
				long long _t304;
				long long _t306;
				long long _t307;
				intOrPtr _t309;
				long long _t310;
				signed long long _t312;
				int _t313;
				char* _t314;
				long long _t316;
				void* _t317;
				long long _t319;
				void* _t321;
				intOrPtr _t323;

				_t303 = _t289;
				_t290 = _t289 - 0x118;
				_t186 =  *0x87ceec78; // 0x53a27ff7578c
				_t187 = _t186 ^ _t290;
				 *(_t303 - 0x30) = _t187;
				_t314 =  *_t221;
				_t286 = _t254;
				_t319 =  *((intOrPtr*)(_t221 + 8)) + _t314;
				 *((long long*)(_t290 + 0x58)) = _t254;
				 *((long long*)(_t290 + 0x50)) = _t319;
				if (_t314 == _t319) goto 0x87ca4608;
				 *((long long*)(_t303 + 0x18)) = _t206;
				 *((long long*)(_t303 - 0x28)) = _t275;
				 *((long long*)(_t303 - 0x30)) = _t304;
				 *((long long*)(_t303 - 0x38)) = _t310;
				if ( *_t314 == 0x7b) goto 0x87ca405c;
				memchr(_t317, _t313, _t285);
				_t312 = _t187;
				if (_t187 == 0) goto 0x87ca45be;
				if (_t314 == _t312) goto 0x87ca4160;
				memchr(_t287, ??);
				if (_t187 == 0) goto 0x87ca4106;
				_t277 = _t187 + 1;
				if (_t277 == _t312) goto 0x87ca418b;
				if ( *_t277 != 0x7d) goto 0x87ca418b;
				_t208 =  *(_t286 + 0x18);
				_t321 = _t277 - _t314;
				_t188 =  *((intOrPtr*)(_t208 + 0x10));
				 *((long long*)(_t290 + 0x20)) = _t188;
				_t306 = _t188 + _t321;
				if (_t306 -  *((intOrPtr*)(_t208 + 0x18)) <= 0) goto 0x87ca40c1;
				_t189 =  *_t208;
				 *_t189();
				 *((long long*)(_t208 + 0x10)) = _t306;
				if (_t321 == 0) goto 0x87ca40de;
				memmove(??, ??, ??);
				_t20 = _t277 + 1; // 0x2
				 *(_t286 + 0x18) = _t208;
				memchr(??, ??, ??);
				if (_t189 != 0) goto 0x87ca4084;
				_t209 =  *(_t286 + 0x18);
				_t280 = _t312 - _t20;
				_t190 =  *((intOrPtr*)(_t209 + 0x10));
				 *((long long*)(_t290 + 0x20)) = _t190;
				_t307 = _t190 + _t280;
				if (_t307 -  *((intOrPtr*)(_t209 + 0x18)) <= 0) goto 0x87ca412e;
				 *((intOrPtr*)( *_t209))();
				 *((long long*)(_t209 + 0x10)) = _t307;
				if (_t280 == 0) goto 0x87ca414b;
				memmove(??, ??, ??);
				 *(_t286 + 0x18) = _t209;
				_t33 = _t312 + 1; // 0x1
				_t281 = _t33;
				if (_t281 ==  *((intOrPtr*)(_t290 + 0x50))) goto 0x87ca45d9;
				_t138 =  *_t281 & 0x000000ff;
				if (_t138 != 0x7d) goto 0x87ca422a;
				r8d =  *((intOrPtr*)(_t286 + 0x10));
				if (r8d < 0) goto 0x87ca41a1;
				 *((intOrPtr*)(_t286 + 0x10)) = _t280 + 1;
				goto 0x87ca41b3;
				E00007FF87FF887CC50C0(0x43ffffff, "unmatched \'}\' in format string");
				_t323 =  *((intOrPtr*)(_t290 + 0x50));
				goto 0x87ca414f;
				_t109 = E00007FF87FF887CC50C0(0x43ffffff, "cannot switch from manual to automatic argument indexing");
				r8d = 0;
				_t211 = _t286 + 0x18;
				E00007FF87FF887CA2960(_t109, _t290 + 0x28, _t211, _t280);
				asm("movups xmm0, [eax]");
				asm("inc ecx");
				asm("movsd xmm1, [eax+0x10]");
				asm("repne inc ecx");
				_t192 =  *_t286;
				_t235 = _t281 - _t192;
				 *((long long*)(_t290 + 0x38)) = 0;
				 *((long long*)(_t290 + 0x40)) = _t211;
				 *_t286 = _t192 + _t235;
				 *((intOrPtr*)(_t286 + 8)) =  *((intOrPtr*)(_t286 + 8)) - _t235;
				 *((long long*)(_t290 + 0x28)) =  *_t211;
				_t195 =  *((intOrPtr*)(_t211 + 0x28));
				 *((long long*)(_t290 + 0x30)) = _t195;
				 *((long long*)(_t290 + 0x48)) = _t286;
				E00007FF87FF887CA4AF0();
				 *_t211 =  *_t195;
				goto 0x87ca45b0;
				if (_t138 != 0x7b) goto 0x87ca4265;
				_t212 =  *(_t286 + 0x18);
				_t309 =  *((intOrPtr*)(_t212 + 0x10));
				_t316 = _t309 + 1;
				if (_t316 -  *((intOrPtr*)(_t212 + 0x18)) <= 0) goto 0x87ca424d;
				_t196 =  *_t212;
				 *_t196();
				_t239 =  *((intOrPtr*)(_t212 + 8));
				 *((long long*)(_t212 + 0x10)) = _t316;
				 *((char*)(_t309 + _t239)) =  *_t281 & 0x000000ff;
				 *(_t286 + 0x18) = _t212;
				goto 0x87ca45b0;
				if (_t138 == 0x3a) goto 0x87ca43e0;
				if (_t239 - 0x30 - 9 > 0) goto 0x87ca4342;
				if (_t138 == 0x30) goto 0x87ca42d4;
				if (0 - 0xccccccc > 0) goto 0x87ca42be;
				_t282 =  &(_t281[1]);
				if (_t282 == _t323) goto 0x87ca42a5;
				if (( *_t282 & 0x000000ff) - 0x30 - 9 <= 0) goto 0x87ca4280;
				if (_t196 + _t212 * 2 - 0x7fffffff <= 0) goto 0x87ca42d7;
				E00007FF87FF887CC50C0(_t212, "number is too big");
				goto 0x87ca42d7;
				E00007FF87FF887CC50C0(_t212, "number is too big");
				goto 0x87ca42d7;
				_t283 =  &(_t282[1]);
				if (_t283 == _t323) goto 0x87ca432e;
				_t119 =  *_t283 & 0x000000ff;
				if (_t119 == 0x7d) goto 0x87ca42e7;
				if (_t119 != 0x3a) goto 0x87ca432e;
				if ( *((intOrPtr*)(_t286 + 0x10)) <= 0) goto 0x87ca42fe;
				_t120 = E00007FF87FF887CC50C0(_t212, "cannot switch from automatic to manual argument indexing");
				goto 0x87ca4305;
				 *((intOrPtr*)(_t286 + 0x10)) = 0xffffffff;
				r8d = 0x80000000;
				E00007FF87FF887CA2960(_t120, _t303 - 0xffffffffffffffe8, _t286 + 0x18, _t286 + 0x48);
				asm("movups xmm0, [eax]");
				asm("movups [esi+0x48], xmm0");
				asm("movsd xmm1, [eax+0x10]");
				asm("movsd [esi+0x58], xmm1");
				goto 0x87ca43bb;
				E00007FF87FF887CC50C0(_t283, "invalid format string");
				goto 0x87ca43bb;
				_t172 = _t138 - 0x41 - 0x39;
				if (_t172 > 0) goto 0x87ca43cf;
				asm("dec eax");
				if (_t172 >= 0) goto 0x87ca43cf;
				_t216 =  &(_t283[1]);
				if (_t216 == _t323) goto 0x87ca4387;
				_t123 =  *_t216 & 0x000000ff;
				if (_t123 - 0x61 < 0) goto 0x87ca4373;
				if (_t123 - 0x7a <= 0) goto 0x87ca4360;
				if (_t123 - 0x41 < 0) goto 0x87ca437b;
				if (_t123 - 0x5a <= 0) goto 0x87ca4360;
				if (_t123 == 0x5f) goto 0x87ca4360;
				if (_t123 - 0x30 < 0) goto 0x87ca4387;
				if (_t123 - 0x39 <= 0) goto 0x87ca4360;
				 *(_t290 + 0x60) = _t283;
				_t300 = _t290 + 0x60;
				 *((long long*)(_t290 + 0x68)) = _t216 - _t283;
				E00007FF87FF887CA8EE0(_t216, _t286 + 0x18, _t290 + 0x28, _t303 - 0x38, _t300);
				asm("movups xmm0, [eax]");
				asm("movups [esi+0x48], xmm0");
				asm("movsd xmm1, [eax+0x10]");
				asm("movsd [esi+0x58], xmm1");
				if (_t216 != _t323) goto 0x87ca4425;
				goto 0x87ca45e0;
				E00007FF87FF887CC50C0(_t216, "invalid format string");
				goto 0x87ca4422;
				r8d =  *((intOrPtr*)(_t286 + 0x10));
				if (r8d < 0) goto 0x87ca43f2;
				 *((intOrPtr*)(_t286 + 0x10)) = _t300 + 1;
				goto 0x87ca4404;
				_t127 = E00007FF87FF887CC50C0(_t216, "cannot switch from manual to automatic argument indexing");
				r8d = 0;
				E00007FF87FF887CA2960(_t127, _t303, _t286 + 0x18, _t300);
				asm("movups xmm0, [eax]");
				asm("movups [esi+0x48], xmm0");
				asm("movsd xmm1, [eax+0x10]");
				asm("movsd [esi+0x58], xmm1");
				_t217 = _t216;
				_t129 =  *_t217 & 0x000000ff;
				if (_t129 != 0x7d) goto 0x87ca4482;
				_t200 =  *_t286;
				_t218 = _t217 - _t200;
				 *((long long*)(_t290 + 0x38)) = 0;
				 *((long long*)(_t290 + 0x48)) = _t286;
				 *_t286 = _t200 + _t218;
				 *((intOrPtr*)(_t286 + 8)) =  *((intOrPtr*)(_t286 + 8)) - _t218;
				_t219 = _t286 + 0x18;
				 *((long long*)(_t290 + 0x28)) =  *(_t286 + 0x18);
				_t203 =  *((intOrPtr*)(_t219 + 0x28));
				 *((long long*)(_t290 + 0x30)) = _t203;
				 *((long long*)(_t290 + 0x40)) = _t219;
				E00007FF87FF887CA4AF0();
				 *_t219 =  *_t203;
				goto 0x87ca45b0;
				if (_t129 != 0x3a) goto 0x87ca43c3;
				_t204 =  *_t286;
				_t252 = _t219 + 1 - _t204;
				 *_t286 = _t204 + _t252;
				 *((intOrPtr*)(_t286 + 8)) =  *((intOrPtr*)(_t286 + 8)) - _t252;
				if ( *((intOrPtr*)(_t286 + 0x58)) + 0xfffffffe - 0xe > 0) goto 0x87ca44e2;
				goto __rcx;
			}






























































                                                                                                                0x7ff887ca3fd0
                                                                                                                0x7ff887ca3fdd
                                                                                                                0x7ff887ca3fe4
                                                                                                                0x7ff887ca3feb
                                                                                                                0x7ff887ca3fee
                                                                                                                0x7ff887ca3ff2
                                                                                                                0x7ff887ca3ff5
                                                                                                                0x7ff887ca3ffc
                                                                                                                0x7ff887ca3fff
                                                                                                                0x7ff887ca4004
                                                                                                                0x7ff887ca400c
                                                                                                                0x7ff887ca4012
                                                                                                                0x7ff887ca4016
                                                                                                                0x7ff887ca401a
                                                                                                                0x7ff887ca401e
                                                                                                                0x7ff887ca403a
                                                                                                                0x7ff887ca404b
                                                                                                                0x7ff887ca4050
                                                                                                                0x7ff887ca4056
                                                                                                                0x7ff887ca405f
                                                                                                                0x7ff887ca4073
                                                                                                                0x7ff887ca407e
                                                                                                                0x7ff887ca4084
                                                                                                                0x7ff887ca408a
                                                                                                                0x7ff887ca4093
                                                                                                                0x7ff887ca4099
                                                                                                                0x7ff887ca40a0
                                                                                                                0x7ff887ca40a3
                                                                                                                0x7ff887ca40a7
                                                                                                                0x7ff887ca40ac
                                                                                                                0x7ff887ca40b4
                                                                                                                0x7ff887ca40b6
                                                                                                                0x7ff887ca40bf
                                                                                                                0x7ff887ca40ca
                                                                                                                0x7ff887ca40d1
                                                                                                                0x7ff887ca40d9
                                                                                                                0x7ff887ca40de
                                                                                                                0x7ff887ca40e2
                                                                                                                0x7ff887ca40f4
                                                                                                                0x7ff887ca40ff
                                                                                                                0x7ff887ca4106
                                                                                                                0x7ff887ca410d
                                                                                                                0x7ff887ca4110
                                                                                                                0x7ff887ca4114
                                                                                                                0x7ff887ca4119
                                                                                                                0x7ff887ca4121
                                                                                                                0x7ff887ca412c
                                                                                                                0x7ff887ca4137
                                                                                                                0x7ff887ca413e
                                                                                                                0x7ff887ca4146
                                                                                                                0x7ff887ca414b
                                                                                                                0x7ff887ca4160
                                                                                                                0x7ff887ca4160
                                                                                                                0x7ff887ca4167
                                                                                                                0x7ff887ca416d
                                                                                                                0x7ff887ca4173
                                                                                                                0x7ff887ca4179
                                                                                                                0x7ff887ca4180
                                                                                                                0x7ff887ca4186
                                                                                                                0x7ff887ca4189
                                                                                                                0x7ff887ca4195
                                                                                                                0x7ff887ca419a
                                                                                                                0x7ff887ca419f
                                                                                                                0x7ff887ca41ab
                                                                                                                0x7ff887ca41b0
                                                                                                                0x7ff887ca41b3
                                                                                                                0x7ff887ca41bf
                                                                                                                0x7ff887ca41d0
                                                                                                                0x7ff887ca41d3
                                                                                                                0x7ff887ca41d7
                                                                                                                0x7ff887ca41dc
                                                                                                                0x7ff887ca41e2
                                                                                                                0x7ff887ca41e5
                                                                                                                0x7ff887ca41e8
                                                                                                                0x7ff887ca41f4
                                                                                                                0x7ff887ca41f9
                                                                                                                0x7ff887ca41fc
                                                                                                                0x7ff887ca4207
                                                                                                                0x7ff887ca420c
                                                                                                                0x7ff887ca4210
                                                                                                                0x7ff887ca4215
                                                                                                                0x7ff887ca421a
                                                                                                                0x7ff887ca4222
                                                                                                                0x7ff887ca4225
                                                                                                                0x7ff887ca422d
                                                                                                                0x7ff887ca422f
                                                                                                                0x7ff887ca4233
                                                                                                                0x7ff887ca4237
                                                                                                                0x7ff887ca4240
                                                                                                                0x7ff887ca4242
                                                                                                                0x7ff887ca424b
                                                                                                                0x7ff887ca424d
                                                                                                                0x7ff887ca4251
                                                                                                                0x7ff887ca4258
                                                                                                                0x7ff887ca425c
                                                                                                                0x7ff887ca4260
                                                                                                                0x7ff887ca4268
                                                                                                                0x7ff887ca4273
                                                                                                                0x7ff887ca427e
                                                                                                                0x7ff887ca4286
                                                                                                                0x7ff887ca428e
                                                                                                                0x7ff887ca429a
                                                                                                                0x7ff887ca42a3
                                                                                                                0x7ff887ca42ab
                                                                                                                0x7ff887ca42b7
                                                                                                                0x7ff887ca42bc
                                                                                                                0x7ff887ca42cd
                                                                                                                0x7ff887ca42d2
                                                                                                                0x7ff887ca42d4
                                                                                                                0x7ff887ca42da
                                                                                                                0x7ff887ca42dc
                                                                                                                0x7ff887ca42e1
                                                                                                                0x7ff887ca42e5
                                                                                                                0x7ff887ca42eb
                                                                                                                0x7ff887ca42f7
                                                                                                                0x7ff887ca42fc
                                                                                                                0x7ff887ca42fe
                                                                                                                0x7ff887ca4309
                                                                                                                0x7ff887ca4310
                                                                                                                0x7ff887ca4318
                                                                                                                0x7ff887ca431b
                                                                                                                0x7ff887ca431f
                                                                                                                0x7ff887ca4324
                                                                                                                0x7ff887ca4329
                                                                                                                0x7ff887ca4338
                                                                                                                0x7ff887ca4340
                                                                                                                0x7ff887ca4345
                                                                                                                0x7ff887ca4348
                                                                                                                0x7ff887ca4352
                                                                                                                0x7ff887ca4356
                                                                                                                0x7ff887ca4360
                                                                                                                0x7ff887ca4366
                                                                                                                0x7ff887ca4368
                                                                                                                0x7ff887ca436d
                                                                                                                0x7ff887ca4371
                                                                                                                0x7ff887ca4375
                                                                                                                0x7ff887ca4379
                                                                                                                0x7ff887ca437d
                                                                                                                0x7ff887ca4381
                                                                                                                0x7ff887ca4385
                                                                                                                0x7ff887ca438a
                                                                                                                0x7ff887ca4396
                                                                                                                0x7ff887ca439b
                                                                                                                0x7ff887ca43a5
                                                                                                                0x7ff887ca43aa
                                                                                                                0x7ff887ca43ad
                                                                                                                0x7ff887ca43b1
                                                                                                                0x7ff887ca43b6
                                                                                                                0x7ff887ca43c1
                                                                                                                0x7ff887ca43ca
                                                                                                                0x7ff887ca43d9
                                                                                                                0x7ff887ca43de
                                                                                                                0x7ff887ca43e0
                                                                                                                0x7ff887ca43e7
                                                                                                                0x7ff887ca43ed
                                                                                                                0x7ff887ca43f0
                                                                                                                0x7ff887ca43fc
                                                                                                                0x7ff887ca4401
                                                                                                                0x7ff887ca440c
                                                                                                                0x7ff887ca4411
                                                                                                                0x7ff887ca4414
                                                                                                                0x7ff887ca4418
                                                                                                                0x7ff887ca441d
                                                                                                                0x7ff887ca4422
                                                                                                                0x7ff887ca4425
                                                                                                                0x7ff887ca442a
                                                                                                                0x7ff887ca442c
                                                                                                                0x7ff887ca4433
                                                                                                                0x7ff887ca4436
                                                                                                                0x7ff887ca4442
                                                                                                                0x7ff887ca4447
                                                                                                                0x7ff887ca444f
                                                                                                                0x7ff887ca445b
                                                                                                                0x7ff887ca445f
                                                                                                                0x7ff887ca4464
                                                                                                                0x7ff887ca4468
                                                                                                                0x7ff887ca446d
                                                                                                                0x7ff887ca4472
                                                                                                                0x7ff887ca447a
                                                                                                                0x7ff887ca447d
                                                                                                                0x7ff887ca4484
                                                                                                                0x7ff887ca448a
                                                                                                                0x7ff887ca4498
                                                                                                                0x7ff887ca449e
                                                                                                                0x7ff887ca44a1
                                                                                                                0x7ff887ca44ae
                                                                                                                0x7ff887ca44bd

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memchr$memmove$ExceptionThrow
                                                                                                                • String ID: cannot switch from automatic to manual argument indexing$cannot switch from manual to automatic argument indexing$invalid format string$missing '}' in format string$number is too big$unknown format specifier$unmatched '}' in format string
                                                                                                                • API String ID: 2627924257-2192562433
                                                                                                                • Opcode ID: b96c33d5ff3ea411e7be1b182a251db825c6e0ec77769b07ecf12c77f270e386
                                                                                                                • Instruction ID: 78e77393dd0375d84eef980a1ac98a5c0effc8c9f5406681300e7b21423442c3
                                                                                                                • Opcode Fuzzy Hash: b96c33d5ff3ea411e7be1b182a251db825c6e0ec77769b07ecf12c77f270e386
                                                                                                                • Instruction Fuzzy Hash: B3127BB2A48B4686EB20CB29E5402ADB7B2FB45BD5F544136DB8D47B95DF3CE285C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CC77F0 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 311COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 31%
                                                                                                                			E00007FF87FF887CC77F0(void* __esi, void* __eflags, intOrPtr* __rax, void* __rbx, signed char* __rcx, void* __rdx, void* __r8, void* __r9) {
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t102;
				void* _t106;
				void* _t111;
				void* _t112;
				signed int _t118;
				signed int _t119;
				signed int _t123;
				void* _t128;
				void* _t129;
				void* _t134;
				signed int _t136;
				void* _t137;
				intOrPtr* _t163;
				signed long long _t164;
				intOrPtr* _t166;
				signed char* _t167;
				signed char* _t169;
				intOrPtr* _t171;
				signed char* _t172;
				signed long long _t179;
				signed char* _t191;
				long long _t192;
				long long _t194;
				long long* _t214;
				signed long long _t224;
				signed int _t237;
				intOrPtr _t239;
				signed long long _t243;
				void* _t245;
				signed long long _t248;
				void* _t250;
				signed int* _t251;
				void* _t253;
				void* _t254;
				void* _t256;
				void* _t258;
				signed long long _t259;
				intOrPtr _t264;
				long long _t268;
				intOrPtr* _t276;
				intOrPtr _t283;
				void* _t284;
				void* _t287;
				signed int* _t288;
				void* _t290;
				signed char* _t291;
				signed int _t292;
				long long _t294;

				_t163 = __rax;
				_t128 = __eflags;
				_push(__rbx);
				_t191 = __rcx;
				_t102 = E00007FF87FF887CC75D0(__rcx, __rdx, __r8, __r9);
				_t258 = _t256 - 0x20 + 0x20;
				_pop(_t192);
				goto 0x87cc7810;
				asm("int3");
				asm("int3");
				 *((long long*)(_t258 + 0x18)) = _t192;
				_t254 = _t258 - 0x27;
				_t259 = _t258 - 0xe0;
				_t164 =  *0x87ceec78; // 0x53a27ff7578c
				 *(_t254 + 0x17) = _t164 ^ _t259;
				_t291 = _t191;
				_t288 =  *_t163;
				__imp__AcquireSRWLockShared(_t250, _t253);
				_t251 =  &(_t288[0xc]);
				_t263 =  *_t251 & 0xfffffffe;
				if (_t128 == 0) goto 0x87cc78ed;
				asm("o16 nop [eax+eax]");
				_t5 = _t263 + 0x20; // 0x20
				_t166 = _t5;
				_t129 =  *((long long*)(_t166 + 0x18)) - 0x10;
				if (_t129 < 0) goto 0x87cc786e;
				_t167 =  *_t166;
				_t118 = _t167[_t291 - _t167] & 0x000000ff;
				if (_t129 != 0) goto 0x87cc7887;
				if (_t118 != 0) goto 0x87cc7874;
				if (( *_t167 & 0x000000ff) - _t118 >= 0) goto 0x87cc7891;
				_t264 =  *((intOrPtr*)(( *_t251 & 0xfffffffe) + 0x10));
				goto 0x87cc7898;
				_t283 = _t264;
				if ( *((intOrPtr*)(_t264 + 8)) != 0) goto 0x87cc7860;
				if (_t283 == _t251) goto 0x87cc78ed;
				_t10 = _t283 + 0x20; // 0x20
				_t276 = _t10;
				_t134 =  *((long long*)(_t276 + 0x18)) - 0x10;
				if (_t134 < 0) goto 0x87cc78b0;
				_t169 = _t291;
				asm("o16 nop [eax+eax]");
				r8d =  *_t169 & 0x000000ff;
				_t123 = _t169[ *_t276 - _t291] & 0x000000ff;
				r8d = r8d - _t123;
				if (_t134 != 0) goto 0x87cc78d5;
				if (_t123 != 0) goto 0x87cc78c0;
				_t136 = r8d;
				if (_t136 < 0) goto 0x87cc78ed;
				__imp__ReleaseSRWLockShared();
				goto 0x87cc7bd5;
				__imp__ReleaseSRWLockShared();
				 *(_t254 - 0x79) = _t288;
				__imp__AcquireSRWLockExclusive();
				_t267 =  *_t251 & 0xfffffffe;
				if (_t136 == 0) goto 0x87cc7959;
				_t15 = _t267 + 0x20; // 0x20
				_t171 = _t15;
				_t137 =  *((long long*)(_t171 + 0x18)) - 0x10;
				if (_t137 < 0) goto 0x87cc791f;
				_t172 =  *_t171;
				asm("o16 nop [eax+eax]");
				_t119 = _t172[_t291 - _t172] & 0x000000ff;
				if (_t137 != 0) goto 0x87cc7943;
				if (_t119 != 0) goto 0x87cc7930;
				if (( *_t172 & 0x000000ff) - _t119 >= 0) goto 0x87cc794d;
				_t268 =  *((intOrPtr*)(( *_t251 & 0xfffffffe) + 0x10));
				goto 0x87cc7954;
				_t194 = _t268;
				if ( *((intOrPtr*)(_t268 + 8)) != 0) goto 0x87cc7911;
				if (_t194 == _t251) goto 0x87cc79a2;
				if (_t291[0xffffffffffffffff] != 0) goto 0x87cc7970;
				if ( *((long long*)(_t194 + 0x38)) - 0x10 < 0) goto 0x87cc7989;
				if ( *((intOrPtr*)(_t194 + 0x30)) != 0xffffffff) goto 0x87cc79a2;
				0x87cd7101();
				if (_t102 == 0) goto 0x87cc7bc8;
				if (_t288[0xa] >= 0) goto 0x87cc7bfe;
				r15d = 0;
				 *((long long*)(_t254 - 0x39)) = _t294;
				 *((long long*)(_t254 - 0x31)) = 0xf;
				 *((intOrPtr*)(_t254 - 0x49)) = r15b;
				if (_t291[0xffffffffffffffff] != r15b) goto 0x87cc79c7;
				E00007FF87FF887CA9100(_t194, _t254 - 0x49, _t291, 0xffffffff, _t291);
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp-0x29], xmm0");
				 *((long long*)(_t254 - 0x19)) = _t294;
				 *((intOrPtr*)(_t254 - 0x11)) = r12d;
				E00007FF87FF887CAD4C0(0, _t194, _t254 - 9, _t254 - 0x49, _t251);
				if (_t288[6] - _t288[0xa] + 1 > 0) goto 0x87cc7a25;
				_t106 = E00007FF87FF887CC72E0(_t288[0xa] + 1, _t194,  &(_t288[2]), _t288[6], 0, _t251, _t254, _t294, _t290);
				_t237 = _t288[6];
				_t288[8] = _t288[8] & _t237 - 0x00000001;
				_t179 = _t237 - 0x00000001 & _t288[0xa] + _t288[8];
				_t292 = _t179 * 8;
				if ( *((long long*)(_t288[4] + _t292)) != 0) goto 0x87cc7a61;
				E00007FF87FF887CC56A8(_t106, _t179, _t288[4]);
				 *(_t292 + _t288[4]) = _t179;
				_t214 =  *((intOrPtr*)(_t288[4] + _t292));
				 *_t214 = _t294;
				 *((long long*)(_t214 + 8)) = _t294;
				 *((long long*)(_t214 + 0x10)) = _t294;
				 *((intOrPtr*)(_t214 + 0x18)) =  *((intOrPtr*)(_t254 - 0x11));
				E00007FF87FF887CAD4C0(_t179, _t194, _t214 + 0x20, _t254 - 9, _t251);
				_t288[0xa] = _t288[0xa] + 1;
				E00007FF87FF887CA8A60(_t254 - 9);
				_t239 =  *((intOrPtr*)(_t254 - 0x31));
				if (_t239 - 0x10 < 0) goto 0x87cc7ad0;
				if (_t239 + 1 - 0x1000 < 0) goto 0x87cc7aca;
				if ( *((intOrPtr*)(_t254 - 0x49)) -  *((intOrPtr*)( *((intOrPtr*)(_t254 - 0x49)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cc7aca;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t111 = E00007FF87FF887CC56E4();
				_t248 =  *((intOrPtr*)(_t288[4] + (_t288[6] - 0x00000001 & _t288[0xa] - 0x00000001 + _t288[8]) * 8));
				 *(_t254 - 0x61) = 0;
				 *((long long*)(_t254 - 0x59)) = _t294;
				 *((long long*)(_t254 - 0x69)) = _t194;
				 *(_t254 - 0x79) = _t251;
				 *(_t254 - 0x71) = _t251;
				 *((long long*)(_t259 + 0x30)) = _t294;
				 *((long long*)(_t259 + 0x28)) = _t254 - 0x61;
				 *((long long*)(_t259 + 0x20)) = _t254 - 0x71;
				_t112 = E00007FF87FF887CC6B00(_t111, _t194, _t254 - 0x49, _t254 - 0x79, _t248, _t251, _t254, _t254 - 0x69, _t248, _t287, _t284, _t245);
				if ( *((char*)(_t254 - 0x41)) == 0) goto 0x87cc7bc4;
				_t243 =  *((intOrPtr*)(_t254 - 0x59));
				r8d =  *(_t254 - 0x61) & 0x000000ff;
				if (r8b != 0) goto 0x87cc7b70;
				if ( *(_t243 + 0x10) != 0) goto 0x87cc7b70;
				_t224 =  *_t243 & 0xfffffffe;
				if (_t243 !=  *((intOrPtr*)(_t224 + 0x10))) goto 0x87cc7b70;
				if (_t224 ==  *((intOrPtr*)(( *_t224 & 0xfffffffe) + 0x10))) goto 0x87cc7b60;
				if (_t243 != _t251) goto 0x87cc7b82;
				 *_t251 =  *_t251 & 0x00000001;
				 *_t251 =  *_t251 | _t248;
				_t251[2] = _t248;
				goto 0x87cc7ba1;
				if (r8b == 0) goto 0x87cc7b97;
				 *(_t243 + 8) = _t248;
				if (_t243 != _t251[2]) goto 0x87cc7ba5;
				_t251[2] = _t248;
				goto 0x87cc7ba5;
				 *(_t243 + 0x10) = _t248;
				if (_t243 != _t251[4]) goto 0x87cc7ba5;
				_t251[4] = _t248;
				 *_t248 =  *_t248 & 0x00000001;
				 *_t248 =  *_t248 | _t243;
				 *((long long*)(_t248 + 0x10)) = _t294;
				 *((long long*)(_t248 + 8)) = _t294;
				E00007FF87FF887CC7CF0(_t112, 0x40, _t251, _t248);
				goto 0x87cc7bc8;
				__imp__ReleaseSRWLockExclusive();
				return E00007FF87FF887CC5E20( *((intOrPtr*)( *((intOrPtr*)(_t254 - 0x49)) + 0x18)), 0x40,  *(_t254 + 0x17) ^ _t259);
			}






















































                                                                                                                0x7ff887cc77f0
                                                                                                                0x7ff887cc77f0
                                                                                                                0x7ff887cc77f0
                                                                                                                0x7ff887cc77f6
                                                                                                                0x7ff887cc77f9
                                                                                                                0x7ff887cc7804
                                                                                                                0x7ff887cc7808
                                                                                                                0x7ff887cc7809
                                                                                                                0x7ff887cc780e
                                                                                                                0x7ff887cc780f
                                                                                                                0x7ff887cc7810
                                                                                                                0x7ff887cc7820
                                                                                                                0x7ff887cc7825
                                                                                                                0x7ff887cc782c
                                                                                                                0x7ff887cc7836
                                                                                                                0x7ff887cc783a
                                                                                                                0x7ff887cc783d
                                                                                                                0x7ff887cc7840
                                                                                                                0x7ff887cc7846
                                                                                                                0x7ff887cc7850
                                                                                                                0x7ff887cc7854
                                                                                                                0x7ff887cc785a
                                                                                                                0x7ff887cc7860
                                                                                                                0x7ff887cc7860
                                                                                                                0x7ff887cc7864
                                                                                                                0x7ff887cc7869
                                                                                                                0x7ff887cc786b
                                                                                                                0x7ff887cc7877
                                                                                                                0x7ff887cc787e
                                                                                                                0x7ff887cc7885
                                                                                                                0x7ff887cc7889
                                                                                                                0x7ff887cc788b
                                                                                                                0x7ff887cc788f
                                                                                                                0x7ff887cc7891
                                                                                                                0x7ff887cc789b
                                                                                                                0x7ff887cc78a0
                                                                                                                0x7ff887cc78a2
                                                                                                                0x7ff887cc78a2
                                                                                                                0x7ff887cc78a6
                                                                                                                0x7ff887cc78ab
                                                                                                                0x7ff887cc78b0
                                                                                                                0x7ff887cc78b6
                                                                                                                0x7ff887cc78c0
                                                                                                                0x7ff887cc78c4
                                                                                                                0x7ff887cc78c9
                                                                                                                0x7ff887cc78cc
                                                                                                                0x7ff887cc78d3
                                                                                                                0x7ff887cc78d5
                                                                                                                0x7ff887cc78d8
                                                                                                                0x7ff887cc78e1
                                                                                                                0x7ff887cc78e8
                                                                                                                0x7ff887cc78f0
                                                                                                                0x7ff887cc78f7
                                                                                                                0x7ff887cc78fe
                                                                                                                0x7ff887cc790b
                                                                                                                0x7ff887cc790f
                                                                                                                0x7ff887cc7911
                                                                                                                0x7ff887cc7911
                                                                                                                0x7ff887cc7915
                                                                                                                0x7ff887cc791a
                                                                                                                0x7ff887cc791c
                                                                                                                0x7ff887cc7925
                                                                                                                0x7ff887cc7933
                                                                                                                0x7ff887cc793a
                                                                                                                0x7ff887cc7941
                                                                                                                0x7ff887cc7945
                                                                                                                0x7ff887cc7947
                                                                                                                0x7ff887cc794b
                                                                                                                0x7ff887cc794d
                                                                                                                0x7ff887cc7957
                                                                                                                0x7ff887cc7963
                                                                                                                0x7ff887cc7978
                                                                                                                0x7ff887cc7983
                                                                                                                0x7ff887cc7990
                                                                                                                0x7ff887cc7995
                                                                                                                0x7ff887cc799c
                                                                                                                0x7ff887cc79ae
                                                                                                                0x7ff887cc79b4
                                                                                                                0x7ff887cc79b7
                                                                                                                0x7ff887cc79bb
                                                                                                                0x7ff887cc79c3
                                                                                                                0x7ff887cc79ce
                                                                                                                0x7ff887cc79da
                                                                                                                0x7ff887cc79e0
                                                                                                                0x7ff887cc79e3
                                                                                                                0x7ff887cc79e8
                                                                                                                0x7ff887cc79ec
                                                                                                                0x7ff887cc79f8
                                                                                                                0x7ff887cc7a0d
                                                                                                                0x7ff887cc7a18
                                                                                                                0x7ff887cc7a1d
                                                                                                                0x7ff887cc7a29
                                                                                                                0x7ff887cc7a35
                                                                                                                0x7ff887cc7a38
                                                                                                                0x7ff887cc7a49
                                                                                                                0x7ff887cc7a50
                                                                                                                0x7ff887cc7a59
                                                                                                                0x7ff887cc7a61
                                                                                                                0x7ff887cc7a65
                                                                                                                0x7ff887cc7a68
                                                                                                                0x7ff887cc7a6c
                                                                                                                0x7ff887cc7a73
                                                                                                                0x7ff887cc7a7e
                                                                                                                0x7ff887cc7a83
                                                                                                                0x7ff887cc7a8b
                                                                                                                0x7ff887cc7a91
                                                                                                                0x7ff887cc7a99
                                                                                                                0x7ff887cc7aac
                                                                                                                0x7ff887cc7ac1
                                                                                                                0x7ff887cc7ac3
                                                                                                                0x7ff887cc7ac9
                                                                                                                0x7ff887cc7aca
                                                                                                                0x7ff887cc7ae9
                                                                                                                0x7ff887cc7aed
                                                                                                                0x7ff887cc7af1
                                                                                                                0x7ff887cc7af5
                                                                                                                0x7ff887cc7af9
                                                                                                                0x7ff887cc7afd
                                                                                                                0x7ff887cc7b01
                                                                                                                0x7ff887cc7b0a
                                                                                                                0x7ff887cc7b13
                                                                                                                0x7ff887cc7b27
                                                                                                                0x7ff887cc7b30
                                                                                                                0x7ff887cc7b36
                                                                                                                0x7ff887cc7b3a
                                                                                                                0x7ff887cc7b42
                                                                                                                0x7ff887cc7b49
                                                                                                                0x7ff887cc7b4e
                                                                                                                0x7ff887cc7b56
                                                                                                                0x7ff887cc7b6e
                                                                                                                0x7ff887cc7b73
                                                                                                                0x7ff887cc7b75
                                                                                                                0x7ff887cc7b79
                                                                                                                0x7ff887cc7b7c
                                                                                                                0x7ff887cc7b80
                                                                                                                0x7ff887cc7b85
                                                                                                                0x7ff887cc7b87
                                                                                                                0x7ff887cc7b8f
                                                                                                                0x7ff887cc7b91
                                                                                                                0x7ff887cc7b95
                                                                                                                0x7ff887cc7b97
                                                                                                                0x7ff887cc7b9f
                                                                                                                0x7ff887cc7ba1
                                                                                                                0x7ff887cc7ba5
                                                                                                                0x7ff887cc7ba9
                                                                                                                0x7ff887cc7bac
                                                                                                                0x7ff887cc7bb0
                                                                                                                0x7ff887cc7bba
                                                                                                                0x7ff887cc7bc2
                                                                                                                0x7ff887cc7bce
                                                                                                                0x7ff887cc7bfd

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Lock$ReleaseShared$AcquireExclusive$Initialize_invalid_parameter_noinfo_noreturnmemcmp
                                                                                                                • String ID: Too many log attribute names$libs\log\src\attribute_name.cpp$unsigned int __cdecl boost::log::v2s_mt_nt6::attribute_name::repository::get_id_from_string(const char *)
                                                                                                                • API String ID: 37642638-4205034697
                                                                                                                • Opcode ID: 4409fac2dc86b93200b1cc3ef6493bad87315fb1c076d34e5d12135cbb150173
                                                                                                                • Instruction ID: 56be22463e4ee6f62ca5083a99a7c288b64629ed6a3e06add4b506723db53f91
                                                                                                                • Opcode Fuzzy Hash: 4409fac2dc86b93200b1cc3ef6493bad87315fb1c076d34e5d12135cbb150173
                                                                                                                • Instruction Fuzzy Hash: C9D1EA22B48B8686EB208F61D4506AD27B6FB94BE8F184636DE6E137D5DF38D191C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CC72E0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 130COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,Severity,?,00007FF887CC7A1D), ref: 00007FF887CC7395
                                                                                                                • memmove.VCRUNTIME140(00000000,Severity,?,00007FF887CC7A1D), ref: 00007FF887CC73D3
                                                                                                                • memmove.VCRUNTIME140(00000000,Severity,?,00007FF887CC7A1D), ref: 00007FF887CC73EA
                                                                                                                • memset.VCRUNTIME140(00000000,Severity,?,00007FF887CC7A1D), ref: 00007FF887CC73FF
                                                                                                                • memmove.VCRUNTIME140(00000000,Severity,?,00007FF887CC7A1D), ref: 00007FF887CC7417
                                                                                                                • memmove.VCRUNTIME140(00000000,Severity,?,00007FF887CC7A1D), ref: 00007FF887CC7431
                                                                                                                • memset.VCRUNTIME140(00000000,Severity,?,00007FF887CC7A1D), ref: 00007FF887CC743F
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,Severity,?,00007FF887CC7A1D), ref: 00007FF887CC74A7
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887CC74AE
                                                                                                                  • Part of subcall function 00007FF887CC56A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887CA8F4E), ref: 00007FF887CC56C2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$_invalid_parameter_noinfo_noreturnmemset$Concurrency::cancel_current_taskmalloc
                                                                                                                • String ID: Severity
                                                                                                                • API String ID: 851562609-253145917
                                                                                                                • Opcode ID: 7b03311ce28347fc951801e34c8f2264ffcee07e6eb34c493ea4c24e23c17c92
                                                                                                                • Instruction ID: d4f3ebfbf73a7d3aaa813f072ce5ebb396df5311b6d72b390064db57c9d305b8
                                                                                                                • Opcode Fuzzy Hash: 7b03311ce28347fc951801e34c8f2264ffcee07e6eb34c493ea4c24e23c17c92
                                                                                                                • Instruction Fuzzy Hash: 2B41C262A49A8695EF14DB65D4442BC2B32FB84BE4F584A32EE2D1BBD6DE3CD141C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA4660 Relevance: 16.8, APIs: 10, Strings: 1, Instructions: 254COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00007FF887CA4709
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$memset
                                                                                                                • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
                                                                                                                • API String ID: 3790616698-2272463933
                                                                                                                • Opcode ID: f36bc143f15673d315ac6e1c9e8f7b0d8dcee6bff705679f7278a1f50bf911cb
                                                                                                                • Instruction ID: 2a9e28e8bd64c6309aaec2b363adc9d0810e9ce6a40d4cd73e5397e03a3ca89e
                                                                                                                • Opcode Fuzzy Hash: f36bc143f15673d315ac6e1c9e8f7b0d8dcee6bff705679f7278a1f50bf911cb
                                                                                                                • Instruction Fuzzy Hash: B4A1FBA27482C646DB358E2DD74477DFBA6FB15BC1F084135CB8E87A96CA2CE651C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB6680 Relevance: 16.7, APIs: 11, Instructions: 204COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 23%
                                                                                                                			E00007FF87FF887CB6680(void* __rcx, signed int __rdx, void* __r10) {
				signed int _t46;
				void* _t58;
				intOrPtr _t71;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr _t76;
				intOrPtr _t77;

				r9b = 0x20;
				_t71 =  *((intOrPtr*)(__rcx + 8));
				r8d = 2;
				goto 0x87cce730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x30;
				_t72 =  *((intOrPtr*)(_t71 + 8));
				r8d = 2;
				goto 0x87cce730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x20;
				_t73 =  *((intOrPtr*)(_t72 + 8));
				r8d = 2;
				r10d =  *((intOrPtr*)( *((intOrPtr*)(_t72 + 0x10)) + 0xc));
				r10d = r10d - (__rdx + __rdx * 2 << 2);
				goto 0x87cce730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x30;
				_t74 =  *((intOrPtr*)(_t73 + 8));
				r8d = 2;
				r10d =  *((intOrPtr*)( *((intOrPtr*)(_t73 + 0x10)) + 0xc));
				_t46 = __rdx + __rdx * 2 << 2;
				r10d = r10d - _t46;
				goto 0x87cce730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x20;
				_t75 =  *((intOrPtr*)(_t74 + 8));
				r8d = 2;
				goto 0x87cce730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x30;
				_t76 =  *((intOrPtr*)(_t75 + 8));
				r8d = 2;
				goto 0x87cce730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t77 =  *((intOrPtr*)(_t76 + 8));
				r8d = 0x2b;
				_t58 =  ==  ? r8d : 0x2d;
				if ( *((char*)( *((intOrPtr*)(_t77 + 0x10)) + 0x1c)) == 0) goto 0x87cb67b5;
				goto E00007FF87FF887CC03C0;
				return _t46;
			}












                                                                                                                0x7ff887cb6684
                                                                                                                0x7ff887cb6687
                                                                                                                0x7ff887cb668b
                                                                                                                0x7ff887cb6694
                                                                                                                0x7ff887cb6699
                                                                                                                0x7ff887cb669a
                                                                                                                0x7ff887cb669b
                                                                                                                0x7ff887cb669c
                                                                                                                0x7ff887cb669d
                                                                                                                0x7ff887cb669e
                                                                                                                0x7ff887cb669f
                                                                                                                0x7ff887cb66a4
                                                                                                                0x7ff887cb66a7
                                                                                                                0x7ff887cb66ab
                                                                                                                0x7ff887cb66b4
                                                                                                                0x7ff887cb66b9
                                                                                                                0x7ff887cb66ba
                                                                                                                0x7ff887cb66bb
                                                                                                                0x7ff887cb66bc
                                                                                                                0x7ff887cb66bd
                                                                                                                0x7ff887cb66be
                                                                                                                0x7ff887cb66bf
                                                                                                                0x7ff887cb66c4
                                                                                                                0x7ff887cb66c7
                                                                                                                0x7ff887cb66cb
                                                                                                                0x7ff887cb66d1
                                                                                                                0x7ff887cb66e6
                                                                                                                0x7ff887cb66ed
                                                                                                                0x7ff887cb66f2
                                                                                                                0x7ff887cb66f3
                                                                                                                0x7ff887cb66f4
                                                                                                                0x7ff887cb66f5
                                                                                                                0x7ff887cb66f6
                                                                                                                0x7ff887cb66f7
                                                                                                                0x7ff887cb66f8
                                                                                                                0x7ff887cb66f9
                                                                                                                0x7ff887cb66fa
                                                                                                                0x7ff887cb66fb
                                                                                                                0x7ff887cb66fc
                                                                                                                0x7ff887cb66fd
                                                                                                                0x7ff887cb66fe
                                                                                                                0x7ff887cb66ff
                                                                                                                0x7ff887cb6704
                                                                                                                0x7ff887cb6707
                                                                                                                0x7ff887cb670b
                                                                                                                0x7ff887cb6711
                                                                                                                0x7ff887cb6723
                                                                                                                0x7ff887cb6726
                                                                                                                0x7ff887cb672d
                                                                                                                0x7ff887cb6732
                                                                                                                0x7ff887cb6733
                                                                                                                0x7ff887cb6734
                                                                                                                0x7ff887cb6735
                                                                                                                0x7ff887cb6736
                                                                                                                0x7ff887cb6737
                                                                                                                0x7ff887cb6738
                                                                                                                0x7ff887cb6739
                                                                                                                0x7ff887cb673a
                                                                                                                0x7ff887cb673b
                                                                                                                0x7ff887cb673c
                                                                                                                0x7ff887cb673d
                                                                                                                0x7ff887cb673e
                                                                                                                0x7ff887cb673f
                                                                                                                0x7ff887cb6744
                                                                                                                0x7ff887cb6747
                                                                                                                0x7ff887cb674b
                                                                                                                0x7ff887cb6754
                                                                                                                0x7ff887cb6759
                                                                                                                0x7ff887cb675a
                                                                                                                0x7ff887cb675b
                                                                                                                0x7ff887cb675c
                                                                                                                0x7ff887cb675d
                                                                                                                0x7ff887cb675e
                                                                                                                0x7ff887cb675f
                                                                                                                0x7ff887cb6764
                                                                                                                0x7ff887cb6767
                                                                                                                0x7ff887cb676b
                                                                                                                0x7ff887cb6774
                                                                                                                0x7ff887cb6779
                                                                                                                0x7ff887cb677a
                                                                                                                0x7ff887cb677b
                                                                                                                0x7ff887cb677c
                                                                                                                0x7ff887cb677d
                                                                                                                0x7ff887cb677e
                                                                                                                0x7ff887cb677f
                                                                                                                0x7ff887cb6789
                                                                                                                0x7ff887cb678d
                                                                                                                0x7ff887cb6797
                                                                                                                0x7ff887cb67a8
                                                                                                                0x7ff887cb67b0
                                                                                                                0x7ff887cb67b5

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Lockit@std@@Mbstatet@@@std@@memmove$??0_??1_?getloc@?$basic_streambuf@?length@?$codecvt@_Bid@locale@std@@Concurrency::cancel_current_taskD@std@@@std@@Facet_Getcat@?$codecvt@_Getgloballocale@locale@std@@Locimp@12@Mbstatet@@RegisterU?$char_traits@V42@@Vfacet@locale@2@Vlocale@2@memsetstd::_
                                                                                                                • String ID:
                                                                                                                • API String ID: 3249132129-0
                                                                                                                • Opcode ID: a689512fd0de5063ab9b5e905ad6ac7c447a73a5c18569776a42001a620bdc49
                                                                                                                • Instruction ID: a1eaaf3aae8cdc6d970325e820de39ac17abf8b15142154604220e23994fc57e
                                                                                                                • Opcode Fuzzy Hash: a689512fd0de5063ab9b5e905ad6ac7c447a73a5c18569776a42001a620bdc49
                                                                                                                • Instruction Fuzzy Hash: 6881AD62B58A8186EB20DF69E5402EC67B2FB89BD8B444532DF5E07BA9DF38D145C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA68C0 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 243COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 31%
                                                                                                                			E00007FF87FF887CA68C0(signed int __eax, void* __rcx, intOrPtr* __r8) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				signed int _t53;
				intOrPtr _t57;
				void* _t64;
				signed int _t66;
				signed int _t68;
				signed int _t69;
				signed int _t77;
				void* _t79;
				signed long long _t97;
				char* _t100;
				void* _t108;
				intOrPtr _t117;
				intOrPtr* _t126;
				signed int _t127;
				void* _t129;
				void* _t130;
				signed long long _t131;
				void* _t139;
				void* _t141;
				void* _t142;

				_t129 = _t130 - 0x1d0;
				_t131 = _t130 - 0x2d0;
				asm("movaps [esp+0x2c0], xmm6");
				_t97 =  *0x87ceec78; // 0x53a27ff7578c
				 *(_t129 + 0x1b0) = _t97 ^ _t131;
				_t126 = __r8;
				asm("movaps xmm6, xmm1");
				_t141 = __rcx;
				 *((char*)(_t131 + 0x30)) = 0;
				E00007FF87FF887CA3B30();
				asm("movups xmm0, [eax]");
				asm("movaps [esp+0x40], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				_t66 = ( *(__r8 + 0xc) << 0x00000019 >> 0x0000001d ^ __eax) & 0x000000ff ^ __eax;
				 *(_t131 + 0x48) = _t66;
				asm("movaps xmm0, xmm6");
				__imp___dsign();
				if (__eax == 0) goto 0x87ca6957;
				_t68 = _t66 & 0xffffff01 | 0x00000001;
				asm("xorps xmm6, [0x35a5b]");
				goto 0x87ca6962;
				if (_t68 != 1) goto 0x87ca6966;
				_t69 = _t68 & 0xffffff00;
				 *(_t131 + 0x48) = _t69;
				asm("movaps xmm0, xmm6");
				0x87cd7131();
				if (__eax <= 0) goto 0x87ca69c3;
				if (__eax != 1) goto 0x87ca6989;
				goto 0x87ca6997;
				_t100 = "NAN";
				_t113 =  !=  ? _t100 : "nan";
				 *((intOrPtr*)(_t131 + 0x40)) =  *(_t131 + 0x48);
				 *(_t131 + 0x48) =  !=  ? _t100 : "nan";
				_t122 = __r8;
				E00007FF87FF887CA71A0(_t79, _t100, _t108, __rcx, __r8, _t131 + 0x40, _t142);
				goto 0x87ca6aee;
				_t53 =  *(_t126 + 0xc);
				_t77 = _t53 << 0x1c >> 0x1c;
				if (_t77 != 0) goto 0x87ca69e4;
				 *(_t126 + 0xc) = _t53 & 0xfffffff2 | 0x00000002;
				goto 0x87ca6a22;
				if (_t77 != 4) goto 0x87ca6a22;
				_t127 =  *(_t131 + 0x48);
				if (sil == 0) goto 0x87ca6a1a;
				E00007FF87FF887CABAB0(_t108, _t141, _t122, _t127);
				 *_t100 =  *(_t127 + 0x87cde0f4) & 0x000000ff;
				 *(_t131 + 0x48) = _t69 & 0xffffff00;
				_t57 =  *_t126;
				if (_t57 == 0) goto 0x87ca6a1a;
				 *_t126 = _t57 - 1;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) & 0xfffffff2;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) | 0x00000002;
				 *((long long*)(_t129 - 0x60)) = 0;
				 *((long long*)(_t129 - 0x70)) = 0x87cdbaa8;
				 *((long long*)(_t129 - 0x68)) = _t129 - 0x50;
				 *((long long*)(_t129 - 0x58)) = 0x1f4;
				if (( *(_t131 + 0x44) & 0x000000ff) != 3) goto 0x87ca6b17;
				if (sil == 0) goto 0x87ca6a6d;
				 *((char*)(_t129 - 0x50)) =  *( *(_t131 + 0x48) + 0x87cde0f4) & 0x000000ff;
				 *((long long*)(_t129 - 0x60)) = 1;
				asm("movaps xmm1, [esp+0x40]");
				asm("movdqa [esp+0x50], xmm1");
				asm("movaps xmm0, xmm6");
				E00007FF87FF887CC4200( *(_t127 + 0x87cde0f4) & 0x000000ff,  *((intOrPtr*)(_t126 + 4)), _t108, _t131 + 0x50, _t129 - 0x70, _t139);
				 *((long long*)(_t131 + 0x40)) =  *((intOrPtr*)(_t129 - 0x68));
				 *(_t131 + 0x48) =  *((intOrPtr*)(_t129 - 0x60));
				E00007FF87FF887CA8330(_t108, _t141, _t126, _t126, _t131 + 0x40, _t129 - 0x70, _t139, 0x87cde0f4);
				 *((long long*)(_t129 - 0x70)) = 0x87cdbaa8;
				_t117 =  *((intOrPtr*)(_t129 - 0x68));
				if (_t117 == _t129 - 0x50) goto 0x87ca6aee;
				if ( *((intOrPtr*)(_t129 - 0x58)) - 0x1000 < 0) goto 0x87ca6ae9;
				if (_t117 -  *((intOrPtr*)(_t117 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87ca6c50;
				_t64 = E00007FF87FF887CC5E20(E00007FF87FF887CC56E4(),  *(_t127 + 0x87cde0f4) & 0x000000ff,  *(_t129 + 0x1b0) ^ _t131);
				asm("movaps xmm6, [esp+0x2c0]");
				return _t64;
			}




























                                                                                                                0x7ff887ca68cb
                                                                                                                0x7ff887ca68d3
                                                                                                                0x7ff887ca68da
                                                                                                                0x7ff887ca68e2
                                                                                                                0x7ff887ca68ec
                                                                                                                0x7ff887ca68f3
                                                                                                                0x7ff887ca68f6
                                                                                                                0x7ff887ca68f9
                                                                                                                0x7ff887ca68fc
                                                                                                                0x7ff887ca690e
                                                                                                                0x7ff887ca6913
                                                                                                                0x7ff887ca6916
                                                                                                                0x7ff887ca6924
                                                                                                                0x7ff887ca6929
                                                                                                                0x7ff887ca6932
                                                                                                                0x7ff887ca6934
                                                                                                                0x7ff887ca6938
                                                                                                                0x7ff887ca693b
                                                                                                                0x7ff887ca6943
                                                                                                                0x7ff887ca694b
                                                                                                                0x7ff887ca694e
                                                                                                                0x7ff887ca6955
                                                                                                                0x7ff887ca695a
                                                                                                                0x7ff887ca695c
                                                                                                                0x7ff887ca6962
                                                                                                                0x7ff887ca6966
                                                                                                                0x7ff887ca6969
                                                                                                                0x7ff887ca6971
                                                                                                                0x7ff887ca6977
                                                                                                                0x7ff887ca6987
                                                                                                                0x7ff887ca6989
                                                                                                                0x7ff887ca699c
                                                                                                                0x7ff887ca69a5
                                                                                                                0x7ff887ca69a9
                                                                                                                0x7ff887ca69b3
                                                                                                                0x7ff887ca69b9
                                                                                                                0x7ff887ca69be
                                                                                                                0x7ff887ca69c3
                                                                                                                0x7ff887ca69cb
                                                                                                                0x7ff887ca69d7
                                                                                                                0x7ff887ca69df
                                                                                                                0x7ff887ca69e2
                                                                                                                0x7ff887ca69e7
                                                                                                                0x7ff887ca69e9
                                                                                                                0x7ff887ca69f2
                                                                                                                0x7ff887ca69fa
                                                                                                                0x7ff887ca6a04
                                                                                                                0x7ff887ca6a0c
                                                                                                                0x7ff887ca6a10
                                                                                                                0x7ff887ca6a14
                                                                                                                0x7ff887ca6a18
                                                                                                                0x7ff887ca6a1a
                                                                                                                0x7ff887ca6a1e
                                                                                                                0x7ff887ca6a22
                                                                                                                0x7ff887ca6a31
                                                                                                                0x7ff887ca6a39
                                                                                                                0x7ff887ca6a3d
                                                                                                                0x7ff887ca6a4c
                                                                                                                0x7ff887ca6a5b
                                                                                                                0x7ff887ca6a62
                                                                                                                0x7ff887ca6a65
                                                                                                                0x7ff887ca6a6d
                                                                                                                0x7ff887ca6a72
                                                                                                                0x7ff887ca6a84
                                                                                                                0x7ff887ca6a87
                                                                                                                0x7ff887ca6a90
                                                                                                                0x7ff887ca6a99
                                                                                                                0x7ff887ca6aa9
                                                                                                                0x7ff887ca6aaf
                                                                                                                0x7ff887ca6ab7
                                                                                                                0x7ff887ca6abe
                                                                                                                0x7ff887ca6ace
                                                                                                                0x7ff887ca6ae3
                                                                                                                0x7ff887ca6af8
                                                                                                                0x7ff887ca6afd
                                                                                                                0x7ff887ca6b16

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy_dclass_dsign_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: INF$NAN$inf$nan$number is too big
                                                                                                                • API String ID: 3571884167-1812383209
                                                                                                                • Opcode ID: d2ffcc1f7acc66e5680cc698eb662bdc870e0a07f394ea14812c9b714894dfa7
                                                                                                                • Instruction ID: 14443e808259616a1b7151180cf38f2411bbb480cc78ab25969832fbeb69c99d
                                                                                                                • Opcode Fuzzy Hash: d2ffcc1f7acc66e5680cc698eb662bdc870e0a07f394ea14812c9b714894dfa7
                                                                                                                • Instruction Fuzzy Hash: E3B1D462A4878189EB118B65E5403FDBBB2FB563E5F504236EA9C23A95DF7CE484C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA6C60 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 243COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 31%
                                                                                                                			E00007FF87FF887CA6C60(signed int __eax, void* __rcx, intOrPtr* __r8) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				signed int _t53;
				intOrPtr _t57;
				void* _t64;
				signed int _t66;
				signed int _t68;
				signed int _t69;
				signed int _t77;
				void* _t79;
				signed long long _t97;
				char* _t100;
				void* _t108;
				intOrPtr _t117;
				intOrPtr* _t126;
				signed int _t127;
				void* _t129;
				void* _t130;
				signed long long _t131;
				void* _t139;
				void* _t141;
				void* _t142;

				_t129 = _t130 - 0x1d0;
				_t131 = _t130 - 0x2d0;
				asm("movaps [esp+0x2c0], xmm6");
				_t97 =  *0x87ceec78; // 0x53a27ff7578c
				 *(_t129 + 0x1b0) = _t97 ^ _t131;
				_t126 = __r8;
				asm("movaps xmm6, xmm1");
				_t141 = __rcx;
				 *((char*)(_t131 + 0x30)) = 0;
				E00007FF87FF887CA3B30();
				asm("movups xmm0, [eax]");
				asm("movaps [esp+0x40], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				_t66 = ( *(__r8 + 0xc) << 0x00000019 >> 0x0000001d ^ __eax) & 0x000000ff ^ __eax;
				 *(_t131 + 0x48) = _t66;
				asm("movaps xmm0, xmm6");
				__imp___ldsign();
				if (__eax == 0) goto 0x87ca6cf7;
				_t68 = _t66 & 0xffffff01 | 0x00000001;
				asm("xorps xmm6, [0x356bb]");
				goto 0x87ca6d02;
				if (_t68 != 1) goto 0x87ca6d06;
				_t69 = _t68 & 0xffffff00;
				 *(_t131 + 0x48) = _t69;
				asm("movaps xmm0, xmm6");
				0x87cd713d();
				if (__eax <= 0) goto 0x87ca6d63;
				if (__eax != 1) goto 0x87ca6d29;
				goto 0x87ca6d37;
				_t100 = "NAN";
				_t113 =  !=  ? _t100 : "nan";
				 *((intOrPtr*)(_t131 + 0x40)) =  *(_t131 + 0x48);
				 *(_t131 + 0x48) =  !=  ? _t100 : "nan";
				_t122 = __r8;
				E00007FF87FF887CA71A0(_t79, _t100, _t108, __rcx, __r8, _t131 + 0x40, _t142);
				goto 0x87ca6e8e;
				_t53 =  *(_t126 + 0xc);
				_t77 = _t53 << 0x1c >> 0x1c;
				if (_t77 != 0) goto 0x87ca6d84;
				 *(_t126 + 0xc) = _t53 & 0xfffffff2 | 0x00000002;
				goto 0x87ca6dc2;
				if (_t77 != 4) goto 0x87ca6dc2;
				_t127 =  *(_t131 + 0x48);
				if (sil == 0) goto 0x87ca6dba;
				E00007FF87FF887CABAB0(_t108, _t141, _t122, _t127);
				 *_t100 =  *(_t127 + 0x87cde0f4) & 0x000000ff;
				 *(_t131 + 0x48) = _t69 & 0xffffff00;
				_t57 =  *_t126;
				if (_t57 == 0) goto 0x87ca6dba;
				 *_t126 = _t57 - 1;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) & 0xfffffff2;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) | 0x00000002;
				 *((long long*)(_t129 - 0x60)) = 0;
				 *((long long*)(_t129 - 0x70)) = 0x87cdbaa8;
				 *((long long*)(_t129 - 0x68)) = _t129 - 0x50;
				 *((long long*)(_t129 - 0x58)) = 0x1f4;
				if (( *(_t131 + 0x44) & 0x000000ff) != 3) goto 0x87ca6eb7;
				if (sil == 0) goto 0x87ca6e0d;
				 *((char*)(_t129 - 0x50)) =  *( *(_t131 + 0x48) + 0x87cde0f4) & 0x000000ff;
				 *((long long*)(_t129 - 0x60)) = 1;
				asm("movaps xmm1, [esp+0x40]");
				asm("movdqa [esp+0x50], xmm1");
				asm("movaps xmm0, xmm6");
				E00007FF87FF887CC4470( *((intOrPtr*)(_t126 + 4)), _t108, _t131 + 0x50, _t129 - 0x70, _t139);
				 *((long long*)(_t131 + 0x40)) =  *((intOrPtr*)(_t129 - 0x68));
				 *(_t131 + 0x48) =  *((intOrPtr*)(_t129 - 0x60));
				E00007FF87FF887CA8330(_t108, _t141, _t126, _t126, _t131 + 0x40, _t129 - 0x70, _t139, 0x87cde0f4);
				 *((long long*)(_t129 - 0x70)) = 0x87cdbaa8;
				_t117 =  *((intOrPtr*)(_t129 - 0x68));
				if (_t117 == _t129 - 0x50) goto 0x87ca6e8e;
				if ( *((intOrPtr*)(_t129 - 0x58)) - 0x1000 < 0) goto 0x87ca6e89;
				if (_t117 -  *((intOrPtr*)(_t117 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87ca6ff0;
				_t64 = E00007FF87FF887CC5E20(E00007FF87FF887CC56E4(),  *(_t127 + 0x87cde0f4) & 0x000000ff,  *(_t129 + 0x1b0) ^ _t131);
				asm("movaps xmm6, [esp+0x2c0]");
				return _t64;
			}




























                                                                                                                0x7ff887ca6c6b
                                                                                                                0x7ff887ca6c73
                                                                                                                0x7ff887ca6c7a
                                                                                                                0x7ff887ca6c82
                                                                                                                0x7ff887ca6c8c
                                                                                                                0x7ff887ca6c93
                                                                                                                0x7ff887ca6c96
                                                                                                                0x7ff887ca6c99
                                                                                                                0x7ff887ca6c9c
                                                                                                                0x7ff887ca6cae
                                                                                                                0x7ff887ca6cb3
                                                                                                                0x7ff887ca6cb6
                                                                                                                0x7ff887ca6cc4
                                                                                                                0x7ff887ca6cc9
                                                                                                                0x7ff887ca6cd2
                                                                                                                0x7ff887ca6cd4
                                                                                                                0x7ff887ca6cd8
                                                                                                                0x7ff887ca6cdb
                                                                                                                0x7ff887ca6ce3
                                                                                                                0x7ff887ca6ceb
                                                                                                                0x7ff887ca6cee
                                                                                                                0x7ff887ca6cf5
                                                                                                                0x7ff887ca6cfa
                                                                                                                0x7ff887ca6cfc
                                                                                                                0x7ff887ca6d02
                                                                                                                0x7ff887ca6d06
                                                                                                                0x7ff887ca6d09
                                                                                                                0x7ff887ca6d11
                                                                                                                0x7ff887ca6d17
                                                                                                                0x7ff887ca6d27
                                                                                                                0x7ff887ca6d29
                                                                                                                0x7ff887ca6d3c
                                                                                                                0x7ff887ca6d45
                                                                                                                0x7ff887ca6d49
                                                                                                                0x7ff887ca6d53
                                                                                                                0x7ff887ca6d59
                                                                                                                0x7ff887ca6d5e
                                                                                                                0x7ff887ca6d63
                                                                                                                0x7ff887ca6d6b
                                                                                                                0x7ff887ca6d77
                                                                                                                0x7ff887ca6d7f
                                                                                                                0x7ff887ca6d82
                                                                                                                0x7ff887ca6d87
                                                                                                                0x7ff887ca6d89
                                                                                                                0x7ff887ca6d92
                                                                                                                0x7ff887ca6d9a
                                                                                                                0x7ff887ca6da4
                                                                                                                0x7ff887ca6dac
                                                                                                                0x7ff887ca6db0
                                                                                                                0x7ff887ca6db4
                                                                                                                0x7ff887ca6db8
                                                                                                                0x7ff887ca6dba
                                                                                                                0x7ff887ca6dbe
                                                                                                                0x7ff887ca6dc2
                                                                                                                0x7ff887ca6dd1
                                                                                                                0x7ff887ca6dd9
                                                                                                                0x7ff887ca6ddd
                                                                                                                0x7ff887ca6dec
                                                                                                                0x7ff887ca6dfb
                                                                                                                0x7ff887ca6e02
                                                                                                                0x7ff887ca6e05
                                                                                                                0x7ff887ca6e0d
                                                                                                                0x7ff887ca6e12
                                                                                                                0x7ff887ca6e24
                                                                                                                0x7ff887ca6e27
                                                                                                                0x7ff887ca6e30
                                                                                                                0x7ff887ca6e39
                                                                                                                0x7ff887ca6e49
                                                                                                                0x7ff887ca6e4f
                                                                                                                0x7ff887ca6e57
                                                                                                                0x7ff887ca6e5e
                                                                                                                0x7ff887ca6e6e
                                                                                                                0x7ff887ca6e83
                                                                                                                0x7ff887ca6e98
                                                                                                                0x7ff887ca6e9d
                                                                                                                0x7ff887ca6eb6

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy_dclass_dsign_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: INF$NAN$inf$nan$number is too big
                                                                                                                • API String ID: 3571884167-1812383209
                                                                                                                • Opcode ID: f2f2c58afb716792f9d554f9ea32b44e44f801315a51af01c5a7918ef27e5954
                                                                                                                • Instruction ID: 83db61243eef160a4787e0cfce2b87880fa4d8fece80fb3e12edf61e61cabe95
                                                                                                                • Opcode Fuzzy Hash: f2f2c58afb716792f9d554f9ea32b44e44f801315a51af01c5a7918ef27e5954
                                                                                                                • Instruction Fuzzy Hash: CFB1D462A4878189EB118B64E5403EDBBB2FB563D5F544236EA9C23B99DF7CE484C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA6520 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 237COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 30%
                                                                                                                			E00007FF87FF887CA6520(signed int __eax, void* __rcx, intOrPtr* __r8) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				signed int _t53;
				intOrPtr _t57;
				void* _t64;
				signed int _t66;
				signed int _t68;
				signed int _t69;
				signed int _t77;
				void* _t79;
				signed long long _t97;
				char* _t100;
				void* _t108;
				intOrPtr _t117;
				intOrPtr* _t126;
				signed int _t127;
				void* _t129;
				void* _t130;
				signed long long _t131;
				void* _t139;
				void* _t141;
				void* _t142;

				_t129 = _t130 - 0x1d0;
				_t131 = _t130 - 0x2d0;
				asm("movaps [esp+0x2c0], xmm6");
				_t97 =  *0x87ceec78; // 0x53a27ff7578c
				 *(_t129 + 0x1b0) = _t97 ^ _t131;
				_t126 = __r8;
				asm("movaps xmm6, xmm1");
				_t141 = __rcx;
				 *((char*)(_t131 + 0x30)) = 0;
				E00007FF87FF887CA3B30();
				asm("movups xmm0, [eax]");
				asm("movaps [esp+0x40], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				_t66 = ( *(__r8 + 0xc) << 0x00000019 >> 0x0000001d ^ __eax) & 0x000000ff ^ __eax;
				 *(_t131 + 0x48) = _t66;
				asm("movaps xmm0, xmm6");
				__imp___fdsign();
				if (__eax == 0) goto 0x87ca65b7;
				_t68 = _t66 & 0xffffff01 | 0x00000001;
				asm("xorps xmm6, [0x35e0b]");
				goto 0x87ca65c2;
				if (_t68 != 1) goto 0x87ca65c6;
				_t69 = _t68 & 0xffffff00;
				 *(_t131 + 0x48) = _t69;
				asm("movaps xmm0, xmm6");
				0x87cd7137();
				if (__eax <= 0) goto 0x87ca6623;
				if (__eax != 1) goto 0x87ca65e9;
				goto 0x87ca65f7;
				_t100 = "NAN";
				_t113 =  !=  ? _t100 : "nan";
				 *((intOrPtr*)(_t131 + 0x40)) =  *(_t131 + 0x48);
				 *(_t131 + 0x48) =  !=  ? _t100 : "nan";
				_t122 = __r8;
				E00007FF87FF887CA71A0(_t79, _t100, _t108, __rcx, __r8, _t131 + 0x40, _t142);
				goto 0x87ca6752;
				_t53 =  *(_t126 + 0xc);
				_t77 = _t53 << 0x1c >> 0x1c;
				if (_t77 != 0) goto 0x87ca6644;
				 *(_t126 + 0xc) = _t53 & 0xfffffff2 | 0x00000002;
				goto 0x87ca6682;
				if (_t77 != 4) goto 0x87ca6682;
				_t127 =  *(_t131 + 0x48);
				if (sil == 0) goto 0x87ca667a;
				E00007FF87FF887CABAB0(_t108, _t141, _t122, _t127);
				 *_t100 =  *(_t127 + 0x87cde0f4) & 0x000000ff;
				 *(_t131 + 0x48) = _t69 & 0xffffff00;
				_t57 =  *_t126;
				if (_t57 == 0) goto 0x87ca667a;
				 *_t126 = _t57 - 1;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) & 0xfffffff2;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) | 0x00000002;
				 *((long long*)(_t129 - 0x60)) = 0;
				 *((long long*)(_t129 - 0x70)) = 0x87cdbaa8;
				 *((long long*)(_t129 - 0x68)) = _t129 - 0x50;
				 *((long long*)(_t129 - 0x58)) = 0x1f4;
				if (( *(_t131 + 0x44) & 0x000000ff) != 3) goto 0x87ca677b;
				if (sil == 0) goto 0x87ca66cd;
				 *((char*)(_t129 - 0x50)) =  *( *(_t131 + 0x48) + 0x87cde0f4) & 0x000000ff;
				 *((long long*)(_t129 - 0x60)) = 1;
				asm("xorps xmm0, xmm0");
				asm("cvtss2sd xmm0, xmm6");
				asm("movaps xmm1, [esp+0x40]");
				asm("movdqa [esp+0x50], xmm1");
				E00007FF87FF887CC4200( *(_t127 + 0x87cde0f4) & 0x000000ff,  *((intOrPtr*)(_t126 + 4)), _t108, _t131 + 0x50, _t129 - 0x70, _t139);
				 *((long long*)(_t131 + 0x40)) =  *((intOrPtr*)(_t129 - 0x68));
				 *(_t131 + 0x48) =  *((intOrPtr*)(_t129 - 0x60));
				E00007FF87FF887CA8330(_t108, _t141, _t126, _t126, _t131 + 0x40, _t129 - 0x70, _t139, 0x87cde0f4);
				 *((long long*)(_t129 - 0x70)) = 0x87cdbaa8;
				_t117 =  *((intOrPtr*)(_t129 - 0x68));
				if (_t117 == _t129 - 0x50) goto 0x87ca6752;
				if ( *((intOrPtr*)(_t129 - 0x58)) - 0x1000 < 0) goto 0x87ca674d;
				if (_t117 -  *((intOrPtr*)(_t117 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87ca68b8;
				_t64 = E00007FF87FF887CC5E20(E00007FF87FF887CC56E4(),  *(_t127 + 0x87cde0f4) & 0x000000ff,  *(_t129 + 0x1b0) ^ _t131);
				asm("movaps xmm6, [esp+0x2c0]");
				return _t64;
			}




























                                                                                                                0x7ff887ca652b
                                                                                                                0x7ff887ca6533
                                                                                                                0x7ff887ca653a
                                                                                                                0x7ff887ca6542
                                                                                                                0x7ff887ca654c
                                                                                                                0x7ff887ca6553
                                                                                                                0x7ff887ca6556
                                                                                                                0x7ff887ca6559
                                                                                                                0x7ff887ca655c
                                                                                                                0x7ff887ca656e
                                                                                                                0x7ff887ca6573
                                                                                                                0x7ff887ca6576
                                                                                                                0x7ff887ca6584
                                                                                                                0x7ff887ca6589
                                                                                                                0x7ff887ca6592
                                                                                                                0x7ff887ca6594
                                                                                                                0x7ff887ca6598
                                                                                                                0x7ff887ca659b
                                                                                                                0x7ff887ca65a3
                                                                                                                0x7ff887ca65ab
                                                                                                                0x7ff887ca65ae
                                                                                                                0x7ff887ca65b5
                                                                                                                0x7ff887ca65ba
                                                                                                                0x7ff887ca65bc
                                                                                                                0x7ff887ca65c2
                                                                                                                0x7ff887ca65c6
                                                                                                                0x7ff887ca65c9
                                                                                                                0x7ff887ca65d1
                                                                                                                0x7ff887ca65d7
                                                                                                                0x7ff887ca65e7
                                                                                                                0x7ff887ca65e9
                                                                                                                0x7ff887ca65fc
                                                                                                                0x7ff887ca6605
                                                                                                                0x7ff887ca6609
                                                                                                                0x7ff887ca6613
                                                                                                                0x7ff887ca6619
                                                                                                                0x7ff887ca661e
                                                                                                                0x7ff887ca6623
                                                                                                                0x7ff887ca662b
                                                                                                                0x7ff887ca6637
                                                                                                                0x7ff887ca663f
                                                                                                                0x7ff887ca6642
                                                                                                                0x7ff887ca6647
                                                                                                                0x7ff887ca6649
                                                                                                                0x7ff887ca6652
                                                                                                                0x7ff887ca665a
                                                                                                                0x7ff887ca6664
                                                                                                                0x7ff887ca666c
                                                                                                                0x7ff887ca6670
                                                                                                                0x7ff887ca6674
                                                                                                                0x7ff887ca6678
                                                                                                                0x7ff887ca667a
                                                                                                                0x7ff887ca667e
                                                                                                                0x7ff887ca6682
                                                                                                                0x7ff887ca6691
                                                                                                                0x7ff887ca6699
                                                                                                                0x7ff887ca669d
                                                                                                                0x7ff887ca66ac
                                                                                                                0x7ff887ca66bb
                                                                                                                0x7ff887ca66c2
                                                                                                                0x7ff887ca66c5
                                                                                                                0x7ff887ca66cd
                                                                                                                0x7ff887ca66d0
                                                                                                                0x7ff887ca66d4
                                                                                                                0x7ff887ca66d9
                                                                                                                0x7ff887ca66eb
                                                                                                                0x7ff887ca66f4
                                                                                                                0x7ff887ca66fd
                                                                                                                0x7ff887ca670d
                                                                                                                0x7ff887ca6713
                                                                                                                0x7ff887ca671b
                                                                                                                0x7ff887ca6722
                                                                                                                0x7ff887ca6732
                                                                                                                0x7ff887ca6747
                                                                                                                0x7ff887ca675c
                                                                                                                0x7ff887ca6761
                                                                                                                0x7ff887ca677a

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy_fdclass_fdsign_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: INF$NAN$inf$nan$number is too big
                                                                                                                • API String ID: 3310147705-1812383209
                                                                                                                • Opcode ID: 73660f08df6deb0b9dcce34680602e4ee8f44f6ef112e4e5a8bdfcda8c94b42d
                                                                                                                • Instruction ID: ffc9ba6df4cbb3546d00144c456f8dcc49d10e4b4357a163564451b286380974
                                                                                                                • Opcode Fuzzy Hash: 73660f08df6deb0b9dcce34680602e4ee8f44f6ef112e4e5a8bdfcda8c94b42d
                                                                                                                • Instruction Fuzzy Hash: D5B1F562A58B8189EB11CB65E5403ADFBB2FB563D5F504236EA9C63A95DF3CE480C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA9C50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 200COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 28%
                                                                                                                			E00007FF87FF887CA9C50(void* __rcx, long long __rdx, void* __rbp, void* __r8) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				intOrPtr _v96;
				char _v120;
				long long _v128;
				long long _v136;
				char _v152;
				long long _v160;
				long long _v168;
				intOrPtr _v178;
				short _v180;
				char _v184;
				char _v200;
				long long _v216;
				long long _v224;
				long long _v232;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				char _t58;
				void* _t71;
				void* _t83;
				void* _t84;
				void* _t85;
				signed long long _t110;
				signed long long _t111;
				long long _t115;
				void* _t121;
				void* _t134;
				long long _t135;
				char _t158;
				long long _t167;
				long long _t173;
				intOrPtr _t176;
				long long _t182;
				intOrPtr _t185;
				intOrPtr _t188;
				intOrPtr _t191;
				long long _t194;
				void* _t196;
				void* _t197;
				void* _t198;
				intOrPtr _t202;
				void* _t205;
				void* _t206;
				long long _t207;

				_t197 = __rbp;
				_t205 = _t198;
				_t199 = _t198 - 0xe0;
				_t110 =  *0x87ceec78; // 0x53a27ff7578c
				_t111 = _t110 ^ _t198 - 0x000000e0;
				_v56 = _t111;
				_t196 = __r8;
				_t194 = __rdx;
				_t206 = __rcx;
				r15d = 0;
				_v184 = _t207;
				_v160 = 0xf;
				_v168 = 6;
				_t58 = "system"; // 0x74737973
				_v184 = _t58;
				_v180 =  *0x87cdba84 & 0x0000ffff;
				_v178 = r15b;
				 *((long long*)(_t205 - 0x78)) = _t207;
				asm("movdqa xmm0, [0x326e3]");
				asm("repe inc ecx");
				 *((intOrPtr*)(_t205 - 0x78)) = r15b;
				E00007FF87FF887CBD640(_t134, __rcx, __r8);
				if ( &_v120 == _t111) goto 0x87ca9cf7;
				_t202 =  *((intOrPtr*)(_t111 + 0x10));
				if ( *((long long*)(_t111 + 0x18)) - 0x10 < 0) goto 0x87ca9ce7;
				E00007FF87FF887CA9100(_t134,  &_v120,  *_t111, _t202, _t206);
				E00007FF87FF887CC06F0( *((long long*)(_t111 + 0x18)) - 0x10,  *_t111,  &_v184, _t202);
				_t167 = _v160;
				if (_t167 - 0x10 < 0) goto 0x87ca9d42;
				if (_t167 + 1 - 0x1000 < 0) goto 0x87ca9d3d;
				_t115 = _v184 -  *((intOrPtr*)(_v184 - 8)) + 0xfffffff8;
				if (_t115 - 0x1f <= 0) goto 0x87ca9d3d;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v168 = _t207;
				_v160 = 0xf;
				_v184 = 0;
				E00007FF87FF887CB4280(_t84, _t134,  &_v88, _t196, _t196, _t197);
				_t135 = _t115;
				_v200 = _t194;
				E00007FF87FF887CB4280(_t84, _t135,  &_v152, _t206, _t196, _t197);
				_v216 = _t135;
				_v224 =  &_v200;
				_v232 = _t115;
				r8d = 0x5f;
				_t82 = _t202 - 0x5e;
				E00007FF87FF887CA5BB0(_t202 - 0x5e, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_deleteport \'{}\', {:#x}, \'{}\'");
				_t173 = _v128;
				if (_t173 - 0x10 < 0) goto 0x87ca9df0;
				if (_t173 + 1 - 0x1000 < 0) goto 0x87ca9deb;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca9deb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v136 = _t207;
				_v128 = 0xf;
				_v152 = 0;
				_t176 = _v64;
				if (_t176 - 0x10 < 0) goto 0x87ca9e4f;
				if (_t176 + 1 - 0x1000 < 0) goto 0x87ca9e4a;
				_t121 = _v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8;
				if (_t121 - 0x1f <= 0) goto 0x87ca9e4a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CAE0D0( *((intOrPtr*)(_v88 - 8)), _t176 + 0x28);
				E00007FF87FF887CB4280(_t84, _t121,  &_v88, _t196, _t196, _t197);
				_t71 = E00007FF87FF887CB4280(_t84, _t121,  &_v152, _t206, _t196, _t197);
				_t203 = _t121;
				E00007FF87FF887CAE6C0(_t71, _t83, _t84, _t85, _t121, _t121, _t121, _t121, _t196, _t197, _t121);
				_t182 = _v128;
				if (_t182 - 0x10 < 0) goto 0x87ca9eca;
				if (_t182 + 1 - 0x1000 < 0) goto 0x87ca9ec5;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca9ec5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v136 = _t207;
				_v128 = 0xf;
				_v152 = 0;
				_t185 = _v64;
				if (_t185 - 0x10 < 0) goto 0x87ca9f2a;
				if (_t185 + 1 - 0x1000 < 0) goto 0x87ca9f24;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca9f24;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CC06F0(_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f, _v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8,  &_v120, _t121);
				_t188 = _v96;
				if (_t188 - 0x10 < 0) goto 0x87ca9f7e;
				_t158 = _v120;
				if (_t188 + 1 - 0x1000 < 0) goto 0x87ca9f78;
				_t130 = _t158 -  *((intOrPtr*)(_t158 - 8)) + 0xfffffff8;
				_t105 = _t158 -  *((intOrPtr*)(_t158 - 8)) + 0xfffffff8 - 0x1f;
				if (_t158 -  *((intOrPtr*)(_t158 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca9f78;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CC06F0(_t105, _t130,  &_v120, _t203);
				_t191 = _v96;
				if (_t191 - 0x10 < 0) goto 0x87ca9fd9;
				if (_t191 + 1 - 0x1000 < 0) goto 0x87ca9fd3;
				if (_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca9fd3;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				return E00007FF87FF887CC5E20(0, _t82, _v56 ^ _t199);
			}



















































                                                                                                                0x7ff887ca9c50
                                                                                                                0x7ff887ca9c50
                                                                                                                0x7ff887ca9c5a
                                                                                                                0x7ff887ca9c61
                                                                                                                0x7ff887ca9c68
                                                                                                                0x7ff887ca9c6b
                                                                                                                0x7ff887ca9c73
                                                                                                                0x7ff887ca9c76
                                                                                                                0x7ff887ca9c79
                                                                                                                0x7ff887ca9c7c
                                                                                                                0x7ff887ca9c7f
                                                                                                                0x7ff887ca9c84
                                                                                                                0x7ff887ca9c8d
                                                                                                                0x7ff887ca9c96
                                                                                                                0x7ff887ca9c9c
                                                                                                                0x7ff887ca9ca7
                                                                                                                0x7ff887ca9cac
                                                                                                                0x7ff887ca9cb1
                                                                                                                0x7ff887ca9cb5
                                                                                                                0x7ff887ca9cbd
                                                                                                                0x7ff887ca9cc3
                                                                                                                0x7ff887ca9cc7
                                                                                                                0x7ff887ca9cd7
                                                                                                                0x7ff887ca9cd9
                                                                                                                0x7ff887ca9ce2
                                                                                                                0x7ff887ca9cf2
                                                                                                                0x7ff887ca9cfc
                                                                                                                0x7ff887ca9d02
                                                                                                                0x7ff887ca9d0b
                                                                                                                0x7ff887ca9d1f
                                                                                                                0x7ff887ca9d2c
                                                                                                                0x7ff887ca9d34
                                                                                                                0x7ff887ca9d36
                                                                                                                0x7ff887ca9d3c
                                                                                                                0x7ff887ca9d3d
                                                                                                                0x7ff887ca9d42
                                                                                                                0x7ff887ca9d47
                                                                                                                0x7ff887ca9d50
                                                                                                                0x7ff887ca9d60
                                                                                                                0x7ff887ca9d65
                                                                                                                0x7ff887ca9d68
                                                                                                                0x7ff887ca9d75
                                                                                                                0x7ff887ca9d7b
                                                                                                                0x7ff887ca9d85
                                                                                                                0x7ff887ca9d8a
                                                                                                                0x7ff887ca9d96
                                                                                                                0x7ff887ca9da3
                                                                                                                0x7ff887ca9da7
                                                                                                                0x7ff887ca9dad
                                                                                                                0x7ff887ca9db9
                                                                                                                0x7ff887ca9dcd
                                                                                                                0x7ff887ca9de2
                                                                                                                0x7ff887ca9de4
                                                                                                                0x7ff887ca9dea
                                                                                                                0x7ff887ca9deb
                                                                                                                0x7ff887ca9df0
                                                                                                                0x7ff887ca9df8
                                                                                                                0x7ff887ca9e04
                                                                                                                0x7ff887ca9e09
                                                                                                                0x7ff887ca9e15
                                                                                                                0x7ff887ca9e2c
                                                                                                                0x7ff887ca9e39
                                                                                                                0x7ff887ca9e41
                                                                                                                0x7ff887ca9e43
                                                                                                                0x7ff887ca9e49
                                                                                                                0x7ff887ca9e4a
                                                                                                                0x7ff887ca9e4f
                                                                                                                0x7ff887ca9e62
                                                                                                                0x7ff887ca9e72
                                                                                                                0x7ff887ca9e78
                                                                                                                0x7ff887ca9e81
                                                                                                                0x7ff887ca9e87
                                                                                                                0x7ff887ca9e93
                                                                                                                0x7ff887ca9ea7
                                                                                                                0x7ff887ca9ebc
                                                                                                                0x7ff887ca9ebe
                                                                                                                0x7ff887ca9ec4
                                                                                                                0x7ff887ca9ec5
                                                                                                                0x7ff887ca9eca
                                                                                                                0x7ff887ca9ed2
                                                                                                                0x7ff887ca9ede
                                                                                                                0x7ff887ca9ee3
                                                                                                                0x7ff887ca9eef
                                                                                                                0x7ff887ca9f06
                                                                                                                0x7ff887ca9f1b
                                                                                                                0x7ff887ca9f1d
                                                                                                                0x7ff887ca9f23
                                                                                                                0x7ff887ca9f24
                                                                                                                0x7ff887ca9f32
                                                                                                                0x7ff887ca9f37
                                                                                                                0x7ff887ca9f43
                                                                                                                0x7ff887ca9f48
                                                                                                                0x7ff887ca9f5a
                                                                                                                0x7ff887ca9f67
                                                                                                                0x7ff887ca9f6b
                                                                                                                0x7ff887ca9f6f
                                                                                                                0x7ff887ca9f71
                                                                                                                0x7ff887ca9f77
                                                                                                                0x7ff887ca9f78
                                                                                                                0x7ff887ca9f8d
                                                                                                                0x7ff887ca9f92
                                                                                                                0x7ff887ca9f9e
                                                                                                                0x7ff887ca9fb5
                                                                                                                0x7ff887ca9fca
                                                                                                                0x7ff887ca9fcc
                                                                                                                0x7ff887ca9fd2
                                                                                                                0x7ff887ca9fd3
                                                                                                                0x7ff887ca9ff9

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CBD640: __tlregdtor.LIBCMT ref: 00007FF887CBD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA9D36
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA9DE4
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA9E43
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA9EBE
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA9F1D
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA9F71
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_deleteport '{}', {:#x}, '{}'$system
                                                                                                                • API String ID: 333172304-3252672930
                                                                                                                • Opcode ID: 226080c0ce44445658238c64672bb0263095b08184b26bd6105cc1f14d8ca101
                                                                                                                • Instruction ID: 5d2b13950d36e5e1b1922be18da92362810f9cc9adedb8696c44521b757377bc
                                                                                                                • Opcode Fuzzy Hash: 226080c0ce44445658238c64672bb0263095b08184b26bd6105cc1f14d8ca101
                                                                                                                • Instruction Fuzzy Hash: CC81B2A2A5CAC241EB50DB69E44536EA363FB907E1F104631EAAD47BDADF7CD081C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD7570 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 185COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 30%
                                                                                                                			E00007FF87FF887CD7570(void* __edi, long long __rax, void* __rcx, long long __rdx, void* __rsi, void* __r13, void* __r14, void* __r15) {
				void* __rbx;
				void* __rdi;
				void* __rbp;
				void* _t71;
				signed int _t84;
				signed int _t86;
				intOrPtr _t90;
				intOrPtr _t116;
				int _t126;
				intOrPtr _t139;
				intOrPtr _t143;
				intOrPtr _t147;
				intOrPtr _t169;
				intOrPtr _t172;
				void* _t175;
				void* _t182;
				long long _t183;
				void* _t185;
				void* _t186;
				intOrPtr _t190;

				_t204 = __r15;
				_t202 = __r13;
				 *((long long*)(_t185 + 0x10)) = __rdx;
				_t186 = _t185 - 0x30;
				_t183 = __rdx;
				 *((long long*)(__rdx + 0x60)) = 0;
				 *((long long*)(__rdx + 0x70)) = 0;
				 *((long long*)(__rdx + 0x78)) = 0xf;
				 *((char*)(__rdx + 0x60)) = 0;
				E00007FF87FF887CC56A8(_t71, __rax, __rcx);
				 *((long long*)(__rdx + 0x70)) = 0x25;
				 *((long long*)(__rdx + 0x78)) = 0x2f;
				asm("movups xmm0, [0x4a8c]");
				asm("movups [eax], xmm0");
				asm("movups xmm1, [0x4a92]");
				asm("movups [eax+0x10], xmm1");
				_t90 =  *0x87cdc068; // 0x3a6e6f69
				 *((intOrPtr*)(__rax + 0x20)) = _t90;
				 *((char*)(__rax + 0x24)) =  *0x87cdc06c & 0x000000ff;
				 *((char*)(__rax + 0x25)) = 0;
				 *((long long*)(__rdx + 0x60)) = __rax;
				_t116 =  *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x50))));
				 *((intOrPtr*)(_t116 + 8))();
				if ( *((char*)(_t116 + 0xffffffff)) != 0) goto 0x87cd7600;
				_t139 =  *((intOrPtr*)(__rdx + 0x70));
				if (0xffffffff -  *((intOrPtr*)(__rdx + 0x78)) - _t139 > 0) goto 0x87cd764f;
				 *((long long*)(__rdx + 0x70)) = _t139 + 0xffffffff;
				_t128 =  !=  ?  *((void*)(__rdx + 0x60)) : __rdx + 0x60;
				_t129 = ( !=  ?  *((void*)(__rdx + 0x60)) : __rdx + 0x60) + _t139;
				memmove(_t175, _t182, _t126);
				 *((char*)(( !=  ?  *((void*)(__rdx + 0x60)) : __rdx + 0x60) + _t139 + 0xffffffff)) = 0;
				goto 0x87cd7663;
				 *((long long*)(_t186 + 0x20)) = 0xffffffff;
				r8d = 0;
				E00007FF87FF887CA2190(__rdx + 0x60, 0xffffffff, 0, __rdx, _t116, __r13, __r15);
				_t143 =  *((intOrPtr*)(_t183 + 0x70));
				_t190 = _t143;
				if ( *((intOrPtr*)(_t183 + 0x78)) - _t143 - 0xa < 0) goto 0x87cd76b2;
				 *((long long*)(_t183 + 0x70)) = _t143 + 0xa;
				_t131 =  !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60;
				_t132 = ( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t190;
				r8d = 0xa;
				memmove(??, ??, ??);
				 *((char*)(( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t190 + 0xa)) = 0;
				goto 0x87cd76d2;
				 *((long long*)(_t186 + 0x20)) = 0xa;
				r8d = 0;
				_t34 = _t190 + 0xa; // 0xa
				E00007FF87FF887CA2190(_t183 + 0x60, ", format: ", 0, _t183, ", format: ", _t202, _t204);
				if ( *((char*)( *((intOrPtr*)(_t183 + 0x40)) + 0xffffffff)) != 0) goto 0x87cd76e0;
				_t147 =  *((intOrPtr*)(_t183 + 0x70));
				if (0xffffffff -  *((intOrPtr*)(_t183 + 0x78)) - _t147 > 0) goto 0x87cd7730;
				 *((long long*)(_t183 + 0x70)) = _t147 + 0xffffffff;
				_t134 =  !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60;
				_t135 = ( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t147;
				memmove(??, ??, ??);
				 *((char*)(( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t147 + 0xffffffff)) = 0;
				goto 0x87cd7744;
				 *((long long*)(_t186 + 0x20)) = 0xffffffff;
				r8d = 0;
				E00007FF87FF887CA2190(_t183 + 0x60, 0xffffffff, 0, _t183,  *((intOrPtr*)(_t183 + 0x40)), _t202, _t204);
				 *((long long*)(_t183 + 0x80)) = 0;
				 *((long long*)(_t183 + 0x90)) = 0;
				 *((long long*)(_t183 + 0x98)) = 0xf;
				 *((char*)(_t183 + 0x80)) = 0;
				asm("o16 nop [eax+eax]");
				if ( *((char*)( *((intOrPtr*)(_t183 + 0x48)) + 0xffffffff)) != 0) goto 0x87cd7780;
				E00007FF87FF887CA9100(( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t147, _t183 + 0x80,  *((intOrPtr*)(_t183 + 0x48)), 0, __r14);
				_t84 = E00007FF87FF887CBE5B0( *((intOrPtr*)(_t183 + 0x38)), _t34,  *((intOrPtr*)(_t183 + 0x78)) - _t147, ( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t147, _t183 + 0x80, _t183 + 0x80, __rsi, _t183,  *((intOrPtr*)(_t183 + 0x30)), _t183 + 0x60);
				_t169 =  *((intOrPtr*)(_t183 + 0x98));
				if ((_t84 & 0xffffff00 | _t169 - 0x00000010 >= 0x00000000) == 0) goto 0x87cd77fb;
				if (_t169 + 1 - 0x1000 < 0) goto 0x87cd77f5;
				_t64 =  *((intOrPtr*)(_t183 + 0x80)) -  *((intOrPtr*)( *((intOrPtr*)(_t183 + 0x80)) - 8)) - 8; // -8
				if (_t64 - 0x1f > 0) goto 0x87cd77ee;
				goto 0x87cd77f5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t86 = E00007FF87FF887CC56E4();
				_t172 =  *((intOrPtr*)(_t183 + 0x78));
				if ((_t86 & 0xffffff00 | _t172 - 0x00000010 >= 0x00000000) == 0) goto 0x87cd7841;
				if (_t172 + 1 - 0x1000 < 0) goto 0x87cd783b;
				_t70 =  *((intOrPtr*)(_t183 + 0x60)) -  *((intOrPtr*)( *((intOrPtr*)(_t183 + 0x60)) - 8)) - 8; // -8
				if (_t70 - 0x1f > 0) goto 0x87cd7834;
				goto 0x87cd783b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887CC56E4();
			}























                                                                                                                0x7ff887cd7570
                                                                                                                0x7ff887cd7570
                                                                                                                0x7ff887cd7570
                                                                                                                0x7ff887cd7578
                                                                                                                0x7ff887cd757c
                                                                                                                0x7ff887cd757f
                                                                                                                0x7ff887cd7587
                                                                                                                0x7ff887cd758f
                                                                                                                0x7ff887cd7597
                                                                                                                0x7ff887cd75a0
                                                                                                                0x7ff887cd75a5
                                                                                                                0x7ff887cd75ad
                                                                                                                0x7ff887cd75b5
                                                                                                                0x7ff887cd75bc
                                                                                                                0x7ff887cd75bf
                                                                                                                0x7ff887cd75c6
                                                                                                                0x7ff887cd75ca
                                                                                                                0x7ff887cd75d0
                                                                                                                0x7ff887cd75da
                                                                                                                0x7ff887cd75dd
                                                                                                                0x7ff887cd75e1
                                                                                                                0x7ff887cd75e9
                                                                                                                0x7ff887cd75ec
                                                                                                                0x7ff887cd7607
                                                                                                                0x7ff887cd7609
                                                                                                                0x7ff887cd761d
                                                                                                                0x7ff887cd7622
                                                                                                                0x7ff887cd7633
                                                                                                                0x7ff887cd7638
                                                                                                                0x7ff887cd7644
                                                                                                                0x7ff887cd7649
                                                                                                                0x7ff887cd764d
                                                                                                                0x7ff887cd764f
                                                                                                                0x7ff887cd7654
                                                                                                                0x7ff887cd765e
                                                                                                                0x7ff887cd7663
                                                                                                                0x7ff887cd7667
                                                                                                                0x7ff887cd7678
                                                                                                                0x7ff887cd767e
                                                                                                                0x7ff887cd768f
                                                                                                                0x7ff887cd7694
                                                                                                                0x7ff887cd7697
                                                                                                                0x7ff887cd76a7
                                                                                                                0x7ff887cd76ac
                                                                                                                0x7ff887cd76b0
                                                                                                                0x7ff887cd76b2
                                                                                                                0x7ff887cd76c2
                                                                                                                0x7ff887cd76c5
                                                                                                                0x7ff887cd76cd
                                                                                                                0x7ff887cd76e8
                                                                                                                0x7ff887cd76ea
                                                                                                                0x7ff887cd76fe
                                                                                                                0x7ff887cd7703
                                                                                                                0x7ff887cd7714
                                                                                                                0x7ff887cd7719
                                                                                                                0x7ff887cd7725
                                                                                                                0x7ff887cd772a
                                                                                                                0x7ff887cd772e
                                                                                                                0x7ff887cd7730
                                                                                                                0x7ff887cd7735
                                                                                                                0x7ff887cd773f
                                                                                                                0x7ff887cd7744
                                                                                                                0x7ff887cd774f
                                                                                                                0x7ff887cd775a
                                                                                                                0x7ff887cd7765
                                                                                                                0x7ff887cd7777
                                                                                                                0x7ff887cd7788
                                                                                                                0x7ff887cd7791
                                                                                                                0x7ff887cd77a9
                                                                                                                0x7ff887cd77af
                                                                                                                0x7ff887cd77bf
                                                                                                                0x7ff887cd77d2
                                                                                                                0x7ff887cd77df
                                                                                                                0x7ff887cd77e7
                                                                                                                0x7ff887cd77ec
                                                                                                                0x7ff887cd77ee
                                                                                                                0x7ff887cd77f4
                                                                                                                0x7ff887cd77f5
                                                                                                                0x7ff887cd77fb
                                                                                                                0x7ff887cd7808
                                                                                                                0x7ff887cd7818
                                                                                                                0x7ff887cd7825
                                                                                                                0x7ff887cd782d
                                                                                                                0x7ff887cd7832
                                                                                                                0x7ff887cd7834
                                                                                                                0x7ff887cd783a
                                                                                                                0x7ff887cd7852

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CC56A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887CA8F4E), ref: 00007FF887CC56C2
                                                                                                                • memmove.VCRUNTIME140 ref: 00007FF887CD7644
                                                                                                                • memmove.VCRUNTIME140 ref: 00007FF887CD76A7
                                                                                                                • memmove.VCRUNTIME140 ref: 00007FF887CD7725
                                                                                                                  • Part of subcall function 00007FF887CA2190: memmove.VCRUNTIME140 ref: 00007FF887CA227D
                                                                                                                  • Part of subcall function 00007FF887CA2190: memmove.VCRUNTIME140 ref: 00007FF887CA228B
                                                                                                                  • Part of subcall function 00007FF887CA2190: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA22C4
                                                                                                                  • Part of subcall function 00007FF887CA2190: memmove.VCRUNTIME140 ref: 00007FF887CA22CE
                                                                                                                  • Part of subcall function 00007FF887CA2190: memmove.VCRUNTIME140 ref: 00007FF887CA22DC
                                                                                                                  • Part of subcall function 00007FF887CA2190: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887CA2311
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CD77EE
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CD7834
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$_invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmalloc
                                                                                                                • String ID: %$, format: $/$ion:
                                                                                                                • API String ID: 1572157692-3554288949
                                                                                                                • Opcode ID: faff6170a70bc7182dc5a3738a3de080a9f083ead64c6a0946783119d2ec3fa3
                                                                                                                • Instruction ID: 805e6728605a681d21db84a8747f9ca1c7b1dcc0883b77415cf6058cfd0e0482
                                                                                                                • Opcode Fuzzy Hash: faff6170a70bc7182dc5a3738a3de080a9f083ead64c6a0946783119d2ec3fa3
                                                                                                                • Instruction Fuzzy Hash: 2F817E62A447858AEB208F78D9443EC3BA2FB41BD8F584231EA5D07BDADF38D484C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD7250 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 182COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 31%
                                                                                                                			E00007FF87FF887CD7250(void* __edi, long long __rax, void* __rcx, long long __rdx, void* __rsi, void* __r13, void* __r14, void* __r15) {
				void* __rbx;
				void* __rdi;
				void* __rbp;
				void* _t71;
				signed int _t84;
				signed int _t86;
				intOrPtr _t90;
				intOrPtr _t116;
				int _t126;
				intOrPtr _t139;
				intOrPtr _t143;
				intOrPtr _t147;
				intOrPtr _t169;
				intOrPtr _t172;
				void* _t175;
				void* _t182;
				long long _t183;
				void* _t185;
				void* _t186;
				intOrPtr _t190;

				_t204 = __r15;
				_t202 = __r13;
				 *((long long*)(_t185 + 0x10)) = __rdx;
				_t186 = _t185 - 0x30;
				_t183 = __rdx;
				 *((long long*)(__rdx + 0x70)) = 0;
				 *((long long*)(__rdx + 0x80)) = 0;
				 *((long long*)(__rdx + 0x88)) = 0xf;
				 *((char*)(__rdx + 0x70)) = 0;
				E00007FF87FF887CC56A8(_t71, __rax, __rcx);
				 *((long long*)(__rdx + 0x80)) = 0x25;
				 *((long long*)(__rdx + 0x88)) = 0x2f;
				asm("movups xmm0, [0x4da0]");
				asm("movups [eax], xmm0");
				asm("movups xmm1, [0x4da6]");
				asm("movups [eax+0x10], xmm1");
				_t90 =  *0x87cdc068; // 0x3a6e6f69
				 *((intOrPtr*)(__rax + 0x20)) = _t90;
				 *((char*)(__rax + 0x24)) =  *0x87cdc06c & 0x000000ff;
				 *((char*)(__rax + 0x25)) = 0;
				 *((long long*)(__rdx + 0x70)) = __rax;
				_t116 =  *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x60))));
				 *((intOrPtr*)(_t116 + 8))();
				if ( *((char*)(_t116 + 0xffffffff)) != 0) goto 0x87cd72e5;
				_t139 =  *((intOrPtr*)(__rdx + 0x80));
				if (0xffffffff -  *((intOrPtr*)(__rdx + 0x88)) - _t139 > 0) goto 0x87cd733d;
				 *((long long*)(__rdx + 0x80)) = _t139 + 0xffffffff;
				_t128 =  !=  ?  *((void*)(__rdx + 0x70)) : __rdx + 0x70;
				_t129 = ( !=  ?  *((void*)(__rdx + 0x70)) : __rdx + 0x70) + _t139;
				memmove(_t175, _t182, _t126);
				 *((char*)(( !=  ?  *((void*)(__rdx + 0x70)) : __rdx + 0x70) + _t139 + 0xffffffff)) = 0;
				goto 0x87cd7351;
				 *((long long*)(_t186 + 0x20)) = 0xffffffff;
				r8d = 0;
				E00007FF87FF887CA2190(__rdx + 0x70, 0xffffffff, 0, __rdx, _t116, __r13, __r15);
				_t143 =  *((intOrPtr*)(_t183 + 0x80));
				_t190 = _t143;
				if ( *((intOrPtr*)(_t183 + 0x88)) - _t143 - 0xa < 0) goto 0x87cd73a9;
				 *((long long*)(_t183 + 0x80)) = _t143 + 0xa;
				_t131 =  !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70;
				_t132 = ( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t190;
				r8d = 0xa;
				memmove(??, ??, ??);
				 *((char*)(( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t190 + 0xa)) = 0;
				goto 0x87cd73c9;
				 *((long long*)(_t186 + 0x20)) = 0xa;
				r8d = 0;
				_t34 = _t190 + 0xa; // 0xa
				E00007FF87FF887CA2190(_t183 + 0x70, ", format: ", 0, _t183, ", format: ", _t202, _t204);
				if ( *((char*)( *((intOrPtr*)(_t183 + 0x50)) + 0xffffffff)) != 0) goto 0x87cd73d4;
				_t147 =  *((intOrPtr*)(_t183 + 0x80));
				if (0xffffffff -  *((intOrPtr*)(_t183 + 0x88)) - _t147 > 0) goto 0x87cd742d;
				 *((long long*)(_t183 + 0x80)) = _t147 + 0xffffffff;
				_t134 =  !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70;
				_t135 = ( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t147;
				memmove(??, ??, ??);
				 *((char*)(( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t147 + 0xffffffff)) = 0;
				goto 0x87cd7441;
				 *((long long*)(_t186 + 0x20)) = 0xffffffff;
				r8d = 0;
				E00007FF87FF887CA2190(_t183 + 0x70, 0xffffffff, 0, _t183,  *((intOrPtr*)(_t183 + 0x50)), _t202, _t204);
				 *((long long*)(_t183 + 0x90)) = 0;
				 *((long long*)(_t183 + 0xa0)) = 0;
				 *((long long*)(_t183 + 0xa8)) = 0xf;
				 *((char*)(_t183 + 0x90)) = 0;
				if ( *((char*)( *((intOrPtr*)(_t183 + 0x58)) + 0xffffffff)) != 0) goto 0x87cd7474;
				E00007FF87FF887CA9100(( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t147, _t183 + 0x90,  *((intOrPtr*)(_t183 + 0x58)), 0, __r14);
				_t84 = E00007FF87FF887CBE5B0( *((intOrPtr*)(_t183 + 0x38)), _t34,  *((intOrPtr*)(_t183 + 0x88)) - _t147, ( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t147, _t183 + 0x90, _t183 + 0x90, __rsi, _t183,  *((intOrPtr*)(_t183 + 0x30)), _t183 + 0x70);
				_t169 =  *((intOrPtr*)(_t183 + 0xa8));
				if ((_t84 & 0xffffff00 | _t169 - 0x00000010 >= 0x00000000) == 0) goto 0x87cd74ef;
				if (_t169 + 1 - 0x1000 < 0) goto 0x87cd74e9;
				_t64 =  *((intOrPtr*)(_t183 + 0x90)) -  *((intOrPtr*)( *((intOrPtr*)(_t183 + 0x90)) - 8)) - 8; // -8
				if (_t64 - 0x1f > 0) goto 0x87cd74e2;
				goto 0x87cd74e9;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t86 = E00007FF87FF887CC56E4();
				_t172 =  *((intOrPtr*)(_t183 + 0x88));
				if ((_t86 & 0xffffff00 | _t172 - 0x00000010 >= 0x00000000) == 0) goto 0x87cd7538;
				if (_t172 + 1 - 0x1000 < 0) goto 0x87cd7532;
				_t70 =  *((intOrPtr*)(_t183 + 0x70)) -  *((intOrPtr*)( *((intOrPtr*)(_t183 + 0x70)) - 8)) - 8; // -8
				if (_t70 - 0x1f > 0) goto 0x87cd752b;
				goto 0x87cd7532;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887CC56E4();
			}























                                                                                                                0x7ff887cd7250
                                                                                                                0x7ff887cd7250
                                                                                                                0x7ff887cd7250
                                                                                                                0x7ff887cd7258
                                                                                                                0x7ff887cd725c
                                                                                                                0x7ff887cd725f
                                                                                                                0x7ff887cd7267
                                                                                                                0x7ff887cd7272
                                                                                                                0x7ff887cd727d
                                                                                                                0x7ff887cd7286
                                                                                                                0x7ff887cd728b
                                                                                                                0x7ff887cd7296
                                                                                                                0x7ff887cd72a1
                                                                                                                0x7ff887cd72a8
                                                                                                                0x7ff887cd72ab
                                                                                                                0x7ff887cd72b2
                                                                                                                0x7ff887cd72b6
                                                                                                                0x7ff887cd72bc
                                                                                                                0x7ff887cd72c6
                                                                                                                0x7ff887cd72c9
                                                                                                                0x7ff887cd72cd
                                                                                                                0x7ff887cd72d5
                                                                                                                0x7ff887cd72d8
                                                                                                                0x7ff887cd72ec
                                                                                                                0x7ff887cd72ee
                                                                                                                0x7ff887cd7308
                                                                                                                0x7ff887cd730d
                                                                                                                0x7ff887cd7321
                                                                                                                0x7ff887cd7326
                                                                                                                0x7ff887cd7332
                                                                                                                0x7ff887cd7337
                                                                                                                0x7ff887cd733b
                                                                                                                0x7ff887cd733d
                                                                                                                0x7ff887cd7342
                                                                                                                0x7ff887cd734c
                                                                                                                0x7ff887cd7351
                                                                                                                0x7ff887cd7358
                                                                                                                0x7ff887cd736c
                                                                                                                0x7ff887cd7372
                                                                                                                0x7ff887cd7386
                                                                                                                0x7ff887cd738b
                                                                                                                0x7ff887cd738e
                                                                                                                0x7ff887cd739e
                                                                                                                0x7ff887cd73a3
                                                                                                                0x7ff887cd73a7
                                                                                                                0x7ff887cd73a9
                                                                                                                0x7ff887cd73b9
                                                                                                                0x7ff887cd73bc
                                                                                                                0x7ff887cd73c4
                                                                                                                0x7ff887cd73dc
                                                                                                                0x7ff887cd73de
                                                                                                                0x7ff887cd73f8
                                                                                                                0x7ff887cd73fd
                                                                                                                0x7ff887cd7411
                                                                                                                0x7ff887cd7416
                                                                                                                0x7ff887cd7422
                                                                                                                0x7ff887cd7427
                                                                                                                0x7ff887cd742b
                                                                                                                0x7ff887cd742d
                                                                                                                0x7ff887cd7432
                                                                                                                0x7ff887cd743c
                                                                                                                0x7ff887cd7441
                                                                                                                0x7ff887cd744c
                                                                                                                0x7ff887cd7457
                                                                                                                0x7ff887cd7462
                                                                                                                0x7ff887cd747c
                                                                                                                0x7ff887cd7485
                                                                                                                0x7ff887cd749d
                                                                                                                0x7ff887cd74a3
                                                                                                                0x7ff887cd74b3
                                                                                                                0x7ff887cd74c6
                                                                                                                0x7ff887cd74d3
                                                                                                                0x7ff887cd74db
                                                                                                                0x7ff887cd74e0
                                                                                                                0x7ff887cd74e2
                                                                                                                0x7ff887cd74e8
                                                                                                                0x7ff887cd74e9
                                                                                                                0x7ff887cd74ef
                                                                                                                0x7ff887cd74ff
                                                                                                                0x7ff887cd750f
                                                                                                                0x7ff887cd751c
                                                                                                                0x7ff887cd7524
                                                                                                                0x7ff887cd7529
                                                                                                                0x7ff887cd752b
                                                                                                                0x7ff887cd7531
                                                                                                                0x7ff887cd7549

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CC56A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887CA8F4E), ref: 00007FF887CC56C2
                                                                                                                • memmove.VCRUNTIME140 ref: 00007FF887CD7332
                                                                                                                • memmove.VCRUNTIME140 ref: 00007FF887CD739E
                                                                                                                • memmove.VCRUNTIME140 ref: 00007FF887CD7422
                                                                                                                  • Part of subcall function 00007FF887CA2190: memmove.VCRUNTIME140 ref: 00007FF887CA227D
                                                                                                                  • Part of subcall function 00007FF887CA2190: memmove.VCRUNTIME140 ref: 00007FF887CA228B
                                                                                                                  • Part of subcall function 00007FF887CA2190: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA22C4
                                                                                                                  • Part of subcall function 00007FF887CA2190: memmove.VCRUNTIME140 ref: 00007FF887CA22CE
                                                                                                                  • Part of subcall function 00007FF887CA2190: memmove.VCRUNTIME140 ref: 00007FF887CA22DC
                                                                                                                  • Part of subcall function 00007FF887CA2190: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887CA2311
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CD74E2
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CD752B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$_invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmalloc
                                                                                                                • String ID: %$, format: $/$ion:
                                                                                                                • API String ID: 1572157692-3554288949
                                                                                                                • Opcode ID: d8fa846999dc6887ed0151b9e4cf413d19c92a27b04199a7d7cb26b344e886b1
                                                                                                                • Instruction ID: ae3ca54b0c5cb7440c10c5363598fd564f9b30c03a4cc9597ec64e3a8e35ec1f
                                                                                                                • Opcode Fuzzy Hash: d8fa846999dc6887ed0151b9e4cf413d19c92a27b04199a7d7cb26b344e886b1
                                                                                                                • Instruction Fuzzy Hash: DF817062A44BC589EB208F74D9443ED2BA2FB517D8F589231DA9D0BADADF7CD185C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD5FA0 Relevance: 15.1, APIs: 10, Instructions: 139COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Event$CloseHandle$Create$ObjectOpenResetSingleWait
                                                                                                                • String ID:
                                                                                                                • API String ID: 3951656645-0
                                                                                                                • Opcode ID: e70b6efb45fd57b730ffd615a8e7d69745b853a7db37e14f4ef59c49c9d22bbf
                                                                                                                • Instruction ID: 1f12752b5a7161b6a2c0940af7eb380141d1b1aea71c225406e3c45b57e63f67
                                                                                                                • Opcode Fuzzy Hash: e70b6efb45fd57b730ffd615a8e7d69745b853a7db37e14f4ef59c49c9d22bbf
                                                                                                                • Instruction Fuzzy Hash: F151723264C68186EB61CB14E54036EBBB2FB867E4F540235F69D57A9ADF2DE444CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CCAAD0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 218COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 29%
                                                                                                                			E00007FF87FF887CCAAD0(long long __rbx, long long* __rcx, void* __rdx, long long __rsi) {
				void* _t21;
				void* _t22;
				void* _t26;
				long long _t44;
				long long _t50;
				unsigned long long _t57;
				signed long long _t66;
				int _t71;
				long long* _t72;
				long long _t79;
				unsigned long long _t80;
				void* _t82;
				void* _t86;
				intOrPtr _t87;
				void* _t89;
				signed long long _t90;

				 *((long long*)(_t82 + 8)) = __rbx;
				 *((long long*)(_t82 + 0x10)) = _t79;
				 *((long long*)(_t82 + 0x18)) = __rsi;
				_t72 = __rcx;
				_t87 =  *((intOrPtr*)(__rcx + 0x10));
				if (0xffffffff - _t87 - __rdx < 0) goto 0x87ccac11;
				_t90 = _t87 + __rdx;
				_t80 =  *((intOrPtr*)(__rcx + 0x18));
				_t66 = _t90 | 0x0000000f;
				if (_t66 - 0xffffffff > 0) goto 0x87ccab56;
				_t57 = _t80 >> 1;
				if (_t80 - 0xffffffff - _t57 > 0) goto 0x87ccab56;
				_t50 =  <  ? _t57 + _t80 : _t66;
				_t44 = _t50 + 1;
				if (_t44 - 0x1000 < 0) goto 0x87ccab7f;
				if (_t44 + 0x27 - _t44 <= 0) goto 0x87ccac17;
				goto 0x87ccab60;
				_t22 = E00007FF87FF887CC56A8(_t21, _t44, 0x27);
				if (_t44 == 0) goto 0x87ccab78;
				_t10 = _t44 + 0x27; // 0x27
				 *((long long*)((_t10 & 0xffffffe0) - 8)) = _t44;
				goto 0x87ccab93;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				if (_t44 == 0) goto 0x87ccab91;
				E00007FF87FF887CC56A8(_t22, _t44, _t44);
				goto 0x87ccab93;
				 *(_t72 + 0x10) = _t90;
				 *((long long*)(_t72 + 0x18)) = _t50;
				if (_t80 - 0x10 < 0) goto 0x87ccabea;
				memmove(_t89, _t86, _t71);
				_t15 = _t80 + 1; // 0x7ff887ccaee2
				if (_t15 - 0x1000 < 0) goto 0x87ccabd8;
				_t17 =  *_t72 -  *((intOrPtr*)( *_t72 - 8)) - 8; // 0x7ffffffffffffff7
				if (_t17 - 0x1f > 0) goto 0x87ccabe3;
				E00007FF87FF887CC56E4();
				goto 0x87ccabf2;
				__imp___invalid_parameter_noinfo_noreturn();
				_t26 = memmove(??, ??, ??);
				 *_t72 = _t44;
				return _t26;
			}



















                                                                                                                0x7ff887ccaad0
                                                                                                                0x7ff887ccaad5
                                                                                                                0x7ff887ccaada
                                                                                                                0x7ff887ccaae8
                                                                                                                0x7ff887ccaaeb
                                                                                                                0x7ff887ccab02
                                                                                                                0x7ff887ccab08
                                                                                                                0x7ff887ccab0c
                                                                                                                0x7ff887ccab13
                                                                                                                0x7ff887ccab1a
                                                                                                                0x7ff887ccab1f
                                                                                                                0x7ff887ccab2b
                                                                                                                0x7ff887ccab37
                                                                                                                0x7ff887ccab3b
                                                                                                                0x7ff887ccab45
                                                                                                                0x7ff887ccab4e
                                                                                                                0x7ff887ccab54
                                                                                                                0x7ff887ccab60
                                                                                                                0x7ff887ccab68
                                                                                                                0x7ff887ccab6a
                                                                                                                0x7ff887ccab72
                                                                                                                0x7ff887ccab76
                                                                                                                0x7ff887ccab78
                                                                                                                0x7ff887ccab7e
                                                                                                                0x7ff887ccab82
                                                                                                                0x7ff887ccab87
                                                                                                                0x7ff887ccab8f
                                                                                                                0x7ff887ccab93
                                                                                                                0x7ff887ccab97
                                                                                                                0x7ff887ccaba6
                                                                                                                0x7ff887ccabae
                                                                                                                0x7ff887ccabb3
                                                                                                                0x7ff887ccabbe
                                                                                                                0x7ff887ccabcb
                                                                                                                0x7ff887ccabd3
                                                                                                                0x7ff887ccabdb
                                                                                                                0x7ff887ccabe1
                                                                                                                0x7ff887ccabe3
                                                                                                                0x7ff887ccabed
                                                                                                                0x7ff887ccabf2
                                                                                                                0x7ff887ccac10

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF887CCAD8C), ref: 00007FF887CCAB78
                                                                                                                • memmove.VCRUNTIME140(?,?,00007FF887CCAD8C), ref: 00007FF887CCABAE
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00007FF887CCAD8C), ref: 00007FF887CCABE3
                                                                                                                • memmove.VCRUNTIME140(?,?,00007FF887CCAD8C), ref: 00007FF887CCABED
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887CCAC17
                                                                                                                • ?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z.MSVCP140 ref: 00007FF887CCACCE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturnmemmove$?out@?$codecvt@_Concurrency::cancel_current_taskMbstatet@@Mbstatet@@@std@@
                                                                                                                • String ID: Could not convert character encoding$libs\log\src\code_conversion.cpp
                                                                                                                • API String ID: 3477520665-1764552477
                                                                                                                • Opcode ID: dabce8eda78ac50191612343bbfafed91b9ed066ca93bedf7af4c62e18004f06
                                                                                                                • Instruction ID: 8b909fc5775144c737cf50fbab7b7bfe64f059787a5a37e93548c67fe4912290
                                                                                                                • Opcode Fuzzy Hash: dabce8eda78ac50191612343bbfafed91b9ed066ca93bedf7af4c62e18004f06
                                                                                                                • Instruction Fuzzy Hash: 7281DE72B48B8585EB108B56E8442ADA376FB88BD4F980536EF4C07B89DF7CE181C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CAFB10 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 201COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 17%
                                                                                                                			E00007FF87FF887CAFB10(void* __eflags, long long __rcx, intOrPtr* __rdx) {
				void* __rbx;
				void* __rbp;
				void* _t80;
				void* _t83;
				signed long long _t114;
				long long _t134;
				signed long long _t163;
				signed long long _t166;
				signed long long _t169;
				intOrPtr _t172;
				signed long long _t178;
				intOrPtr _t181;
				void* _t184;
				void* _t185;
				void* _t186;

				_t185 = _t186 - 0x47;
				_t114 =  *0x87ceec78; // 0x53a27ff7578c
				 *(_t185 + 0x3f) = _t114 ^ _t186 - 0x000000b0;
				_t134 = __rcx;
				 *((intOrPtr*)(_t185 - 0x49)) = r8d;
				r8d = r8d - 1;
				if (__eflags == 0) goto 0x87cafced;
				if (r8d != 1) goto 0x87cafdc3;
				E00007FF87FF887CAD4C0(_t114 ^ _t186 - 0x000000b0, __rcx, _t185 - 0x21,  *__rdx, _t184);
				_t158 =  >=  ?  *((void*)(_t185 - 0x21)) : _t185 - 0x21;
				E00007FF87FF887CB3FF0(_t80, _t134, _t185 - 0x41,  >=  ?  *((void*)(_t185 - 0x21)) : _t185 - 0x21, _t184, _t185);
				if ( *((long long*)(_t134 + 0x38)) - 0x10 < 0) goto 0x87cafb7c;
				E00007FF87FF887CB3FF0(_t80, _t134, _t185 + 0x1f,  *((intOrPtr*)(_t134 + 0x20)), _t184, _t185);
				if ( *((long long*)(_t134 + 0x58)) - 0x10 < 0) goto 0x87cafb94;
				E00007FF87FF887CB3FF0(_t80, _t134, _t185 - 1,  *((intOrPtr*)(_t134 + 0x40)), _t184, _t185);
				_t163 =  *((intOrPtr*)(_t185 + 0x17));
				if (_t163 - 8 < 0) goto 0x87cafbf0;
				if (2 + _t163 * 2 - 0x1000 < 0) goto 0x87cafbeb;
				if ( *((intOrPtr*)(_t185 - 1)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 - 1)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cafbeb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				 *((long long*)(_t185 + 0xf)) = _t134;
				 *((long long*)(_t185 + 0x17)) = 7;
				 *((short*)(_t185 - 1)) = 0;
				_t166 =  *((intOrPtr*)(_t185 + 0x37));
				if (_t166 - 8 < 0) goto 0x87cafc45;
				if (2 + _t166 * 2 - 0x1000 < 0) goto 0x87cafc40;
				if ( *((intOrPtr*)(_t185 + 0x1f)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 + 0x1f)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cafc40;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				 *((long long*)(_t185 + 0x2f)) = _t134;
				 *((long long*)(_t185 + 0x37)) = 7;
				 *((short*)(_t185 + 0x1f)) = 0;
				_t169 =  *((intOrPtr*)(_t185 - 0x29));
				if (_t169 - 8 < 0) goto 0x87cafc98;
				if (2 + _t169 * 2 - 0x1000 < 0) goto 0x87cafc93;
				if ( *((intOrPtr*)(_t185 - 0x41)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 - 0x41)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cafc93;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				 *((long long*)(_t185 - 0x31)) = _t134;
				 *((long long*)(_t185 - 0x29)) = 7;
				 *((short*)(_t185 - 0x41)) = 0;
				_t172 =  *((intOrPtr*)(_t185 - 9));
				if (_t172 - 0x10 < 0) goto 0x87cafdaa;
				_t146 =  *((intOrPtr*)(_t185 - 0x21));
				if (_t172 + 1 - 0x1000 < 0) goto 0x87cafda5;
				if ( *((intOrPtr*)(_t185 - 0x21)) -  *((intOrPtr*)(_t146 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cafda5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CAD4C0( *((intOrPtr*)(_t185 - 0x21)) -  *((intOrPtr*)(_t146 - 8)) + 0xfffffff8, _t134,  *((intOrPtr*)(_t146 - 8)),  *((intOrPtr*)(_t172 + 0x28)), _t184);
				_t177 =  >=  ?  *((void*)(_t185 - 0x21)) : _t185 - 0x21;
				E00007FF87FF887CB3FF0(0, _t134, _t185 - 0x41,  >=  ?  *((void*)(_t185 - 0x21)) : _t185 - 0x21, _t184, _t185);
				_t178 =  *((intOrPtr*)(_t185 - 0x29));
				if (_t178 - 8 < 0) goto 0x87cafd5a;
				if (2 + _t178 * 2 - 0x1000 < 0) goto 0x87cafd55;
				if ( *((intOrPtr*)(_t185 - 0x41)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 - 0x41)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cafd55;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				 *((long long*)(_t185 - 0x31)) = _t134;
				 *((long long*)(_t185 - 0x29)) = 7;
				 *((short*)(_t185 - 0x41)) = 0;
				_t181 =  *((intOrPtr*)(_t185 - 9));
				if (_t181 - 0x10 < 0) goto 0x87cafdaa;
				if (_t181 + 1 - 0x1000 < 0) goto 0x87cafda5;
				if ( *((intOrPtr*)(_t185 - 0x21)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 - 0x21)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cafda5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				return E00007FF87FF887CC5E20(0xa + ( *((intOrPtr*)(_t185 - 0x21)) -  *((intOrPtr*)(_t146 - 8)) + 0xfffffff8) * 2, _t83,  *(_t185 + 0x3f) ^ _t186 - 0x000000b0);
			}


















                                                                                                                0x7ff887cafb14
                                                                                                                0x7ff887cafb20
                                                                                                                0x7ff887cafb2a
                                                                                                                0x7ff887cafb2e
                                                                                                                0x7ff887cafb31
                                                                                                                0x7ff887cafb35
                                                                                                                0x7ff887cafb3d
                                                                                                                0x7ff887cafb47
                                                                                                                0x7ff887cafb50
                                                                                                                0x7ff887cafb5f
                                                                                                                0x7ff887cafb68
                                                                                                                0x7ff887cafb77
                                                                                                                0x7ff887cafb80
                                                                                                                0x7ff887cafb8f
                                                                                                                0x7ff887cafb98
                                                                                                                0x7ff887cafbad
                                                                                                                0x7ff887cafbb5
                                                                                                                0x7ff887cafbcd
                                                                                                                0x7ff887cafbe2
                                                                                                                0x7ff887cafbe4
                                                                                                                0x7ff887cafbea
                                                                                                                0x7ff887cafbeb
                                                                                                                0x7ff887cafbf2
                                                                                                                0x7ff887cafbf6
                                                                                                                0x7ff887cafbfe
                                                                                                                0x7ff887cafc02
                                                                                                                0x7ff887cafc0a
                                                                                                                0x7ff887cafc22
                                                                                                                0x7ff887cafc37
                                                                                                                0x7ff887cafc39
                                                                                                                0x7ff887cafc3f
                                                                                                                0x7ff887cafc40
                                                                                                                0x7ff887cafc45
                                                                                                                0x7ff887cafc49
                                                                                                                0x7ff887cafc51
                                                                                                                0x7ff887cafc55
                                                                                                                0x7ff887cafc5d
                                                                                                                0x7ff887cafc75
                                                                                                                0x7ff887cafc8a
                                                                                                                0x7ff887cafc8c
                                                                                                                0x7ff887cafc92
                                                                                                                0x7ff887cafc93
                                                                                                                0x7ff887cafc98
                                                                                                                0x7ff887cafc9c
                                                                                                                0x7ff887cafca4
                                                                                                                0x7ff887cafca8
                                                                                                                0x7ff887cafcb0
                                                                                                                0x7ff887cafcb9
                                                                                                                0x7ff887cafcc7
                                                                                                                0x7ff887cafce0
                                                                                                                0x7ff887cafce6
                                                                                                                0x7ff887cafcec
                                                                                                                0x7ff887cafcf0
                                                                                                                0x7ff887cafcff
                                                                                                                0x7ff887cafd08
                                                                                                                0x7ff887cafd17
                                                                                                                0x7ff887cafd1f
                                                                                                                0x7ff887cafd37
                                                                                                                0x7ff887cafd4c
                                                                                                                0x7ff887cafd4e
                                                                                                                0x7ff887cafd54
                                                                                                                0x7ff887cafd55
                                                                                                                0x7ff887cafd5c
                                                                                                                0x7ff887cafd60
                                                                                                                0x7ff887cafd68
                                                                                                                0x7ff887cafd6c
                                                                                                                0x7ff887cafd74
                                                                                                                0x7ff887cafd87
                                                                                                                0x7ff887cafd9c
                                                                                                                0x7ff887cafd9e
                                                                                                                0x7ff887cafda4
                                                                                                                0x7ff887cafda5
                                                                                                                0x7ff887cafdc2

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAFBE4
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAFC39
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAFC8C
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAFCE6
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAFD4E
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAFD9E
                                                                                                                • _CxxThrowException.VCRUNTIME140 ref: 00007FF887CAFDEB
                                                                                                                  • Part of subcall function 00007FF887CB3FF0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FF887CB3B6C), ref: 00007FF887CB404F
                                                                                                                  • Part of subcall function 00007FF887CB3FF0: memset.VCRUNTIME140(?,?,?,?,00000000,?,?,?,00000000,00007FF887CB3B6C), ref: 00007FF887CB40AC
                                                                                                                  • Part of subcall function 00007FF887CB3FF0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FF887CB3B6C), ref: 00007FF887CB40EA
                                                                                                                  • Part of subcall function 00007FF887CB3FF0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FF887CB3B6C), ref: 00007FF887CB4117
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ByteCharMultiWide$ExceptionThrowmemset
                                                                                                                • String ID: port level {} is invalid
                                                                                                                • API String ID: 2707084545-1214850675
                                                                                                                • Opcode ID: 619c08593106b327eb2595e6a48e8dd13a6d924617f3e977b70527240bc78195
                                                                                                                • Instruction ID: 29a5f35f571a57f97b8d233deba763f01d661eb4921610213534811b76ae60c6
                                                                                                                • Opcode Fuzzy Hash: 619c08593106b327eb2595e6a48e8dd13a6d924617f3e977b70527240bc78195
                                                                                                                • Instruction Fuzzy Hash: 9D818EA2F59A4299FF00DFA8E4843AC2333BB447E9F405635DA2D47AD9DE78E485C304
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB4690 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 134COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(-00000068,?,?,[uninitialized],?,00007FF887CC6ADE), ref: 00007FF887CB472B
                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(-00000068,?,?,[uninitialized],?,00007FF887CC6ADE), ref: 00007FF887CB4786
                                                                                                                • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140(-00000068,?,?,[uninitialized],?,00007FF887CC6ADE), ref: 00007FF887CB47A8
                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF887CB47C9
                                                                                                                • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(-00000068,?,?,[uninitialized],?,00007FF887CC6ADE), ref: 00007FF887CB4811
                                                                                                                • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF887CB4818
                                                                                                                • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF887CB4824
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                                                                                                                • String ID: [uninitialized]
                                                                                                                • API String ID: 1492985063-2099769388
                                                                                                                • Opcode ID: 289b43a0fd393f7efa8b98694c0fc63bfc4486ac80d57e856cfae009353a8c5f
                                                                                                                • Instruction ID: d18e096660ba4c3cf7666f70a3b5ca173eadac2b95fd59a19416fb2357f39e5a
                                                                                                                • Opcode Fuzzy Hash: 289b43a0fd393f7efa8b98694c0fc63bfc4486ac80d57e856cfae009353a8c5f
                                                                                                                • Instruction Fuzzy Hash: 5F518066648A4182EB208F1AE59423DABB2FF85FD5F158235DF5E477A1CF39D642C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CCB790 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 88COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF887CCB7DF
                                                                                                                • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF887CCB7FE
                                                                                                                • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF887CCB832
                                                                                                                  • Part of subcall function 00007FF887CC6A70: AcquireSRWLockShared.KERNEL32 ref: 00007FF887CC6A94
                                                                                                                  • Part of subcall function 00007FF887CC6A70: ReleaseSRWLockShared.KERNEL32 ref: 00007FF887CC6AB9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: U?$char_traits@$D@std@@@std@@$LockShared$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@AcquireD@std@@@1@_ReleaseV?$basic_streambuf@
                                                                                                                • String ID: $libs\log\src\thread_specific.cpp
                                                                                                                • API String ID: 804302166-328183245
                                                                                                                • Opcode ID: 05b077278ba9fbdf1c35c9293cc9b565f7c57c0c50682e50e734c736bbfc4936
                                                                                                                • Instruction ID: d1e7c1a635cb9c31177b60336650da25fc2e076cd7eb1fc0d2a8e0250648ca8a
                                                                                                                • Opcode Fuzzy Hash: 05b077278ba9fbdf1c35c9293cc9b565f7c57c0c50682e50e734c736bbfc4936
                                                                                                                • Instruction Fuzzy Hash: C2417232608B858AE750CF24E8803AE7B71FB81798F505135E78D47AA9DF7DD549CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CCCD30 Relevance: 13.9, APIs: 9, Instructions: 430COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 51%
                                                                                                                			E00007FF87FF887CCCD30(void* __eflags, long long __rax, void* __rcx, long long __rdx, void* __r9, void* __r11) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* _t80;
				void* _t93;
				void* _t102;
				intOrPtr* _t133;
				long long* _t135;
				long long _t138;
				intOrPtr _t146;
				intOrPtr* _t147;
				intOrPtr* _t148;
				void* _t151;
				intOrPtr _t153;
				intOrPtr* _t161;
				void* _t189;
				intOrPtr* _t190;
				intOrPtr* _t191;
				long long _t193;
				intOrPtr* _t195;
				void* _t197;
				void* _t198;
				intOrPtr* _t199;
				void* _t201;
				void* _t202;
				void* _t204;
				void* _t211;
				intOrPtr* _t212;
				long long _t214;
				long long _t216;
				long long _t218;
				void* _t220;
				long long _t222;
				intOrPtr* _t223;
				long long _t225;
				void* _t227;
				long long _t228;
				long long _t229;

				_t133 = __rax;
				 *((long long*)(_t204 + 0x10)) = __rdx;
				_t202 = _t204 - 0x1f;
				_t198 = __rcx;
				r13d = 0;
				 *((intOrPtr*)(_t202 - 0x59)) = r13d;
				 *((long long*)(__rdx)) = _t216;
				 *((intOrPtr*)(_t202 - 0x59)) = 1;
				E00007FF87FF887CC56A8(_t80, __rax, __rcx);
				 *((long long*)(_t202 + 0x67)) = __rax;
				E00007FF87FF887CCC0C0(__rdx, __rax, _t198, _t227, _t220);
				_t190 = _t133;
				_t161 =  *((intOrPtr*)(__rdx));
				if (_t161 == 0) goto 0x87cccd91;
				if ( *((intOrPtr*)( *_t161 + 0x20))(_t151, _t201) == 0) goto 0x87cccd91;
				 *((long long*)(__rdx)) = _t216;
				 *((long long*)(__rdx)) = _t190;
				if (_t190 == 0) goto 0x87cccda2;
				 *((intOrPtr*)( *_t190 + 0x18))();
				_t199 =  *((intOrPtr*)(_t198 + 8));
				_t153 =  *_t199;
				if (_t153 == _t199) goto 0x87ccd039;
				_t10 = _t190 + 8; // 0x8
				_t212 = _t10;
				 *((long long*)(_t202 + 0x7f)) = _t212;
				asm("o16 nop [eax+eax]");
				_t135 =  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x28))));
				 *((intOrPtr*)(_t135 + 8))();
				 *((long long*)(_t202 - 0x51)) = _t135;
				 *((long long*)(_t202 - 0x49)) = _t216;
				E00007FF87FF887CCAF60(_t135, _t153, _t202 + 0x77, _t135, _t216);
				 *((long long*)(_t202 - 0x49)) =  *_t135;
				 *_t135 =  *((intOrPtr*)(_t202 - 0x49));
				_t191 =  *((intOrPtr*)(_t202 + 0x77));
				if (_t191 == 0) goto 0x87ccce28;
				asm("lock xadd [edi+0x8], eax");
				if (0xffffffff != 1) goto 0x87ccce28;
				 *((intOrPtr*)( *_t191 + 8))();
				asm("lock xadd [edi+0xc], eax");
				if (0xffffffff != 1) goto 0x87ccce28;
				E00007FF87FF887CC0730( *((intOrPtr*)( *_t191 + 0x10))(), _t202 - 0x51, _t135, _t135, __r9, _t211, _t189);
				 *((long long*)(_t202 - 0x19)) =  *((intOrPtr*)(_t153 + 0x20));
				_t138 =  *((intOrPtr*)(_t202 - 0x51));
				 *((long long*)(_t202 + 0x67)) = _t138;
				 *((long long*)(_t202 - 0x11)) = _t138;
				_t228 =  *((intOrPtr*)(_t202 - 0x49));
				 *((long long*)(_t202 - 9)) = _t228;
				if (_t228 == 0) goto 0x87ccce77;
				asm("lock inc ecx");
				_t229 =  *((intOrPtr*)(_t202 - 9));
				 *((long long*)(_t202 + 0x67)) =  *((intOrPtr*)(_t202 - 0x11));
				_t193 =  *((intOrPtr*)(_t202 - 0x19));
				_t222 =  *((intOrPtr*)( *_t212 + 8));
				 *((long long*)(_t202 - 1)) = _t222;
				 *((intOrPtr*)(_t202 + 7)) = 0;
				if ( *((char*)(_t222 + 0x19)) != 0) goto 0x87cccedd;
				asm("o16 nop [eax+eax]");
				 *((long long*)(_t202 - 1)) = _t222;
				0x87cd7119();
				if (1 >= 0) goto 0x87cccec5;
				 *((intOrPtr*)(_t202 + 7)) = 0;
				_t223 =  *((intOrPtr*)(_t222 + 0x10));
				goto 0x87ccced2;
				 *((intOrPtr*)(_t202 + 7)) = 1;
				_t218 = _t223;
				if ( *((char*)( *_t223 + 0x19)) == 0) goto 0x87cccea0;
				_t214 =  *((intOrPtr*)(_t202 + 0x7f));
				if ( *((char*)(_t218 + 0x19)) != 0) goto 0x87cccef9;
				0x87cd7119();
				if (1 >= 0) goto 0x87cccf6e;
				if ( *((intOrPtr*)(_t214 + 8)) == 0x92492492) goto 0x87ccd051;
				_t225 =  *_t214;
				 *((long long*)(_t202 - 0x41)) = _t214;
				r13d = 0;
				 *((long long*)(_t202 - 0x39)) = _t218;
				_t93 = E00007FF87FF887CC56A8(1, 0x92492492, _t193 + 8);
				 *0x4924924924924B2 = _t193;
				 *0x4924924924924BA =  *((intOrPtr*)(_t202 + 0x67));
				r15d = r13d;
				 *((long long*)(_t202 - 9)) = _t218;
				 *0x4924924924924C2 = _t229;
				 *0x92492492 = _t225;
				 *0x49249249249249A = _t225;
				 *0x4924924924924A2 = _t225;
				 *0x4924924924924AA = r13w;
				 *((long long*)(_t202 - 0x39)) = _t218;
				asm("movups xmm0, [ebp-0x1]");
				asm("movaps [ebp-0x29], xmm0");
				E00007FF87FF887CCC920(_t93, _t153, _t214, _t202 - 0x29, _t193, 0x92492492, _t197);
				goto 0x87cccf71;
				r13d = 0;
				if (_t229 == 0) goto 0x87cccfad;
				asm("lock inc ecx");
				if (0xffffffff != 1) goto 0x87cccfad;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t202 - 9)))) + 8))();
				asm("lock xadd [edi+0xc], eax");
				if (0xffffffff != 1) goto 0x87cccfad;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t202 - 9)))) + 0x10))();
				_t195 =  *((intOrPtr*)(_t202 - 0x49));
				if (_t195 == 0) goto 0x87cccfe6;
				asm("lock xadd [edi+0x8], eax");
				if (0xffffffff != 1) goto 0x87cccfe6;
				 *((intOrPtr*)( *_t195 + 8))();
				asm("lock xadd [edi+0xc], eax");
				if (0xffffffff != 1) goto 0x87cccfe6;
				_t102 =  *((intOrPtr*)( *_t195 + 0x10))();
				if ( *((char*)( *((intOrPtr*)(_t153 + 0x10)) + 0x19)) == 0) goto 0x87ccd018;
				_t146 =  *((intOrPtr*)(_t153 + 8));
				if ( *((char*)(_t146 + 0x19)) != 0) goto 0x87ccd013;
				asm("o16 nop [eax+eax]");
				if (_t153 !=  *((intOrPtr*)(_t146 + 0x10))) goto 0x87ccd013;
				_t147 =  *((intOrPtr*)(_t146 + 8));
				if ( *((char*)(_t147 + 0x19)) == 0) goto 0x87ccd000;
				goto 0x87ccd030;
				_t148 =  *_t147;
				if ( *((char*)(_t148 + 0x19)) != 0) goto 0x87ccd030;
				if ( *((char*)( *_t148 + 0x19)) == 0) goto 0x87ccd024;
				if (_t148 != _t199) goto 0x87cccdc0;
				return _t102;
			}









































                                                                                                                0x7ff887cccd30
                                                                                                                0x7ff887cccd30
                                                                                                                0x7ff887cccd41
                                                                                                                0x7ff887cccd50
                                                                                                                0x7ff887cccd53
                                                                                                                0x7ff887cccd56
                                                                                                                0x7ff887cccd5a
                                                                                                                0x7ff887cccd5d
                                                                                                                0x7ff887cccd68
                                                                                                                0x7ff887cccd6d
                                                                                                                0x7ff887cccd74
                                                                                                                0x7ff887cccd79
                                                                                                                0x7ff887cccd7c
                                                                                                                0x7ff887cccd82
                                                                                                                0x7ff887cccd8c
                                                                                                                0x7ff887cccd8e
                                                                                                                0x7ff887cccd91
                                                                                                                0x7ff887cccd97
                                                                                                                0x7ff887cccd9f
                                                                                                                0x7ff887cccda2
                                                                                                                0x7ff887cccda6
                                                                                                                0x7ff887cccdac
                                                                                                                0x7ff887cccdb2
                                                                                                                0x7ff887cccdb2
                                                                                                                0x7ff887cccdb6
                                                                                                                0x7ff887cccdba
                                                                                                                0x7ff887cccdc4
                                                                                                                0x7ff887cccdc7
                                                                                                                0x7ff887cccdcd
                                                                                                                0x7ff887cccdd1
                                                                                                                0x7ff887cccddc
                                                                                                                0x7ff887cccde8
                                                                                                                0x7ff887cccdec
                                                                                                                0x7ff887cccdef
                                                                                                                0x7ff887cccdf6
                                                                                                                0x7ff887cccdfd
                                                                                                                0x7ff887ccce05
                                                                                                                0x7ff887ccce0d
                                                                                                                0x7ff887ccce15
                                                                                                                0x7ff887ccce1d
                                                                                                                0x7ff887ccce32
                                                                                                                0x7ff887ccce3f
                                                                                                                0x7ff887ccce43
                                                                                                                0x7ff887ccce47
                                                                                                                0x7ff887ccce4b
                                                                                                                0x7ff887ccce4f
                                                                                                                0x7ff887ccce53
                                                                                                                0x7ff887ccce5a
                                                                                                                0x7ff887ccce61
                                                                                                                0x7ff887ccce67
                                                                                                                0x7ff887ccce6f
                                                                                                                0x7ff887ccce73
                                                                                                                0x7ff887ccce7b
                                                                                                                0x7ff887ccce7f
                                                                                                                0x7ff887ccce83
                                                                                                                0x7ff887ccce8f
                                                                                                                0x7ff887ccce95
                                                                                                                0x7ff887cccea0
                                                                                                                0x7ff887ccceaf
                                                                                                                0x7ff887ccceb6
                                                                                                                0x7ff887ccceb8
                                                                                                                0x7ff887cccebf
                                                                                                                0x7ff887cccec3
                                                                                                                0x7ff887cccec5
                                                                                                                0x7ff887cccecc
                                                                                                                0x7ff887ccced7
                                                                                                                0x7ff887ccced9
                                                                                                                0x7ff887cccee2
                                                                                                                0x7ff887cccef0
                                                                                                                0x7ff887cccef7
                                                                                                                0x7ff887cccf08
                                                                                                                0x7ff887cccf0e
                                                                                                                0x7ff887cccf12
                                                                                                                0x7ff887cccf16
                                                                                                                0x7ff887cccf19
                                                                                                                0x7ff887cccf21
                                                                                                                0x7ff887cccf27
                                                                                                                0x7ff887cccf2f
                                                                                                                0x7ff887cccf36
                                                                                                                0x7ff887cccf39
                                                                                                                0x7ff887cccf3d
                                                                                                                0x7ff887cccf41
                                                                                                                0x7ff887cccf44
                                                                                                                0x7ff887cccf48
                                                                                                                0x7ff887cccf4c
                                                                                                                0x7ff887cccf51
                                                                                                                0x7ff887cccf55
                                                                                                                0x7ff887cccf59
                                                                                                                0x7ff887cccf67
                                                                                                                0x7ff887cccf6c
                                                                                                                0x7ff887cccf6e
                                                                                                                0x7ff887cccf74
                                                                                                                0x7ff887cccf7b
                                                                                                                0x7ff887cccf84
                                                                                                                0x7ff887cccf90
                                                                                                                0x7ff887cccf98
                                                                                                                0x7ff887cccfa0
                                                                                                                0x7ff887cccfa9
                                                                                                                0x7ff887cccfad
                                                                                                                0x7ff887cccfb4
                                                                                                                0x7ff887cccfbb
                                                                                                                0x7ff887cccfc3
                                                                                                                0x7ff887cccfcb
                                                                                                                0x7ff887cccfd3
                                                                                                                0x7ff887cccfdb
                                                                                                                0x7ff887cccfe3
                                                                                                                0x7ff887cccfee
                                                                                                                0x7ff887cccff0
                                                                                                                0x7ff887cccff8
                                                                                                                0x7ff887cccffa
                                                                                                                0x7ff887ccd004
                                                                                                                0x7ff887ccd009
                                                                                                                0x7ff887ccd011
                                                                                                                0x7ff887ccd016
                                                                                                                0x7ff887ccd01b
                                                                                                                0x7ff887ccd022
                                                                                                                0x7ff887ccd02e
                                                                                                                0x7ff887ccd033
                                                                                                                0x7ff887ccd050

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CC56A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887CA8F4E), ref: 00007FF887CC56C2
                                                                                                                • __std_type_info_compare.VCRUNTIME140 ref: 00007FF887CCCEAF
                                                                                                                • __std_type_info_compare.VCRUNTIME140 ref: 00007FF887CCCEF0
                                                                                                                • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF887CCD0AF
                                                                                                                • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF887CCD0CE
                                                                                                                • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF887CCD104
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CCD204
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CCD2D7
                                                                                                                • ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF887CCD314
                                                                                                                • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF887CCD31E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: U?$char_traits@$D@std@@@std@@$__std_type_info_compare_invalid_parameter_noinfo_noreturn$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_ostream@D@std@@@1@_V?$basic_streambuf@malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 3231916079-0
                                                                                                                • Opcode ID: 90efc6144e13e61edb1c384f842bb433d829c4d09555e71cee0fc2954fa18276
                                                                                                                • Instruction ID: de9139c87019b093ee301bfab82a06bb63cbaf2ae4d979f6a3ea09875fb63cc1
                                                                                                                • Opcode Fuzzy Hash: 90efc6144e13e61edb1c384f842bb433d829c4d09555e71cee0fc2954fa18276
                                                                                                                • Instruction Fuzzy Hash: 2E126632A48B858AEB20CF25D4443AD7BB2FB89BE8F048125DE5D53BA5DF38D495C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB03F0 Relevance: 13.8, APIs: 9, Instructions: 256COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 35%
                                                                                                                			E00007FF87FF887CB03F0(void* __eax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, long long* __r8, long long _a8, long long _a32) {
				void* _v40;
				signed int _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				char _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				long long _v120;
				char _v136;
				void* __rsi;
				void* _t37;
				void* _t39;
				void* _t41;
				signed long long _t57;
				intOrPtr* _t71;
				intOrPtr _t72;
				void* _t74;
				void* _t79;
				void* _t90;
				long long _t93;
				void* _t97;
				char _t98;
				void* _t102;
				long long* _t108;
				intOrPtr _t109;
				void* _t110;
				intOrPtr* _t111;

				_t74 = __rcx;
				_a8 = __rbx;
				_a32 = __rbp;
				_t57 =  *0x87ceec78; // 0x53a27ff7578c
				_v56 = _t57 ^ _t102 - 0x00000080;
				_t108 = __r8;
				_t110 = __rcx;
				 *__r8 = 0;
				_t4 = _t74 + 0x70; // 0x70
				_v96 = _t4;
				0x87cc5430();
				if (__eax != 0) goto 0x87cb05a3;
				E00007FF87FF887CAD4C0(_t57 ^ _t102 - 0x00000080, __rdx,  &_v136, __rdx, _t97);
				_v104 =  &_v136;
				_t111 =  *((intOrPtr*)(_t110 + 0x60));
				_t71 =  *_t111;
				if (_t71 == _t111) goto 0x87cb0508;
				_t37 = E00007FF87FF887CAD4C0( &_v136, _t71,  &_v88,  *((intOrPtr*)(_t71 + 0x10)), _t97);
				_t90 =  >=  ? _v136 :  &_v136;
				_t98 = _v88;
				_t109 = _v64;
				_t79 =  >=  ? _t98 :  &_v88;
				if (_v72 != _v120) goto 0x87cb04b8;
				0x87cd7101();
				if (_t37 != 0) goto 0x87cb04b8;
				bpl = 1;
				goto 0x87cb04bb;
				bpl = 0;
				if (_t109 - 0x10 < 0) goto 0x87cb04ee;
				if (_t109 + 1 - 0x1000 < 0) goto 0x87cb04e6;
				if (_t98 -  *((intOrPtr*)(_t98 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87cb0501;
				E00007FF87FF887CC56E4();
				if (bpl != 0) goto 0x87cb0508;
				_t72 =  *_t71;
				goto 0x87cb0462;
				__imp___invalid_parameter_noinfo_noreturn();
				_t93 = _v112;
				if (_t93 - 0x10 < 0) goto 0x87cb0548;
				if (_t93 + 1 - 0x1000 < 0) goto 0x87cb0543;
				if (_v136 -  *((intOrPtr*)(_v136 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cb0543;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t39 = E00007FF87FF887CC56E4();
				_v120 = 0;
				_v112 = 0xf;
				_v136 = 0;
				 *((char*)( *((intOrPtr*)(_t72 + 0x10)) + 0xa0)) = 1;
				 *_t108 =  *((intOrPtr*)(_t72 + 0x10));
				0x87cc5436();
				return E00007FF87FF887CC5E20(_t39, _t41, _v56 ^ _t102 - 0x00000080);
			}































                                                                                                                0x7ff887cb03f0
                                                                                                                0x7ff887cb03f0
                                                                                                                0x7ff887cb03f5
                                                                                                                0x7ff887cb0409
                                                                                                                0x7ff887cb0413
                                                                                                                0x7ff887cb0418
                                                                                                                0x7ff887cb041e
                                                                                                                0x7ff887cb0421
                                                                                                                0x7ff887cb0428
                                                                                                                0x7ff887cb042c
                                                                                                                0x7ff887cb0434
                                                                                                                0x7ff887cb043b
                                                                                                                0x7ff887cb0449
                                                                                                                0x7ff887cb0453
                                                                                                                0x7ff887cb0458
                                                                                                                0x7ff887cb045c
                                                                                                                0x7ff887cb0462
                                                                                                                0x7ff887cb0471
                                                                                                                0x7ff887cb0481
                                                                                                                0x7ff887cb048c
                                                                                                                0x7ff887cb0491
                                                                                                                0x7ff887cb049a
                                                                                                                0x7ff887cb04a8
                                                                                                                0x7ff887cb04aa
                                                                                                                0x7ff887cb04b1
                                                                                                                0x7ff887cb04b3
                                                                                                                0x7ff887cb04b6
                                                                                                                0x7ff887cb04b8
                                                                                                                0x7ff887cb04bf
                                                                                                                0x7ff887cb04cf
                                                                                                                0x7ff887cb04e4
                                                                                                                0x7ff887cb04e9
                                                                                                                0x7ff887cb04f1
                                                                                                                0x7ff887cb04f6
                                                                                                                0x7ff887cb04fc
                                                                                                                0x7ff887cb0501
                                                                                                                0x7ff887cb0508
                                                                                                                0x7ff887cb0511
                                                                                                                0x7ff887cb0525
                                                                                                                0x7ff887cb053a
                                                                                                                0x7ff887cb053c
                                                                                                                0x7ff887cb0542
                                                                                                                0x7ff887cb0543
                                                                                                                0x7ff887cb0548
                                                                                                                0x7ff887cb0551
                                                                                                                0x7ff887cb055a
                                                                                                                0x7ff887cb0563
                                                                                                                0x7ff887cb056e
                                                                                                                0x7ff887cb0575
                                                                                                                0x7ff887cb05a2

                                                                                                                APIs
                                                                                                                • _Mtx_lock.MSVCP140 ref: 00007FF887CB0434
                                                                                                                • memcmp.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FF887CAA7CC), ref: 00007FF887CB04AA
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF887CAA7CC), ref: 00007FF887CB0501
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF887CAA7CC), ref: 00007FF887CB053C
                                                                                                                • _Mtx_unlock.MSVCP140(?,?,?,?,?,?,?,?,?,?,00007FF887CAA7CC), ref: 00007FF887CB0575
                                                                                                                  • Part of subcall function 00007FF887CAD4C0: memmove.VCRUNTIME140(?,?,?,00007FF887CAE21C,?,?,?,00007FF887CBD6C2), ref: 00007FF887CAD572
                                                                                                                  • Part of subcall function 00007FF887CAD4C0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887CAD597
                                                                                                                  • Part of subcall function 00007FF887CAD4C0: __std_exception_copy.VCRUNTIME140(?,?,?,?,?,?,?,00007FF887CAE21C,?,?,?,00007FF887CBD6C2), ref: 00007FF887CAD5C4
                                                                                                                • ?_Throw_C_error@std@@YAXH@Z.MSVCP140 ref: 00007FF887CB05A5
                                                                                                                • ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ.MSVCP140 ref: 00007FF887CB0602
                                                                                                                • memmove.VCRUNTIME140 ref: 00007FF887CB0685
                                                                                                                • ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ.MSVCP140 ref: 00007FF887CB071E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: D@std@@@std@@Pninc@?$basic_streambuf@U?$char_traits@_invalid_parameter_noinfo_noreturnmemmove$C_error@std@@Concurrency::cancel_current_taskMtx_lockMtx_unlockThrow___std_exception_copymemcmp
                                                                                                                • String ID:
                                                                                                                • API String ID: 746284128-0
                                                                                                                • Opcode ID: 2d97d0e12ee4a3a8b2d37e1ec409398ce534de5f8946287022801530ad55abf0
                                                                                                                • Instruction ID: 3b25bcb4171a9e4074b028d181a7bc4f6790149e6a7f809b6d35f20232ae104d
                                                                                                                • Opcode Fuzzy Hash: 2d97d0e12ee4a3a8b2d37e1ec409398ce534de5f8946287022801530ad55abf0
                                                                                                                • Instruction Fuzzy Hash: 77A18B32B08B4585EB11CF29E4402AE67A6FB88BE8F544132EF5D17799DF38D581C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CCB300 Relevance: 13.6, APIs: 9, Instructions: 122COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$_invalid_parameter_noinfo_noreturnmemset$Concurrency::cancel_current_task
                                                                                                                • String ID:
                                                                                                                • API String ID: 612657275-0
                                                                                                                • Opcode ID: b049d1f40c21fbe2e38ad000cf652e28f2f947a77c9211f69e8f13876829a593
                                                                                                                • Instruction ID: d597cefe150ca05fa891e50f97c807b944579269d9441c43f9ee5e2efaa9f859
                                                                                                                • Opcode Fuzzy Hash: b049d1f40c21fbe2e38ad000cf652e28f2f947a77c9211f69e8f13876829a593
                                                                                                                • Instruction Fuzzy Hash: 56418122B49A8291EF14DF52E4441ADAB63FB84BD8F580636DE6D0BB96DF7CE141C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD4540 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 297COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 57%
                                                                                                                			E00007FF87FF887CD4540(signed long long __rbx, long long __rcx, void* __r8) {
				void* _t112;
				intOrPtr* _t129;
				long long _t140;
				long long _t141;
				signed long long _t152;
				intOrPtr* _t159;
				intOrPtr* _t161;
				intOrPtr* _t164;
				intOrPtr* _t170;
				intOrPtr* _t174;
				void* _t178;
				void* _t181;
				void* _t183;
				void* _t184;
				void* _t186;
				void* _t187;
				signed long long _t190;
				void* _t192;
				void* _t195;
				void* _t198;

				 *((long long*)(_t186 + 0x20)) = __rbx;
				 *((long long*)(_t186 + 8)) = __rcx;
				_t184 = _t186 - 0x27;
				_t187 = _t186 - 0xe0;
				r12d = 0;
				 *((intOrPtr*)(_t187 + 0x20)) = r12d;
				 *(_t184 - 0x11) = _t190;
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp-0x9], xmm0");
				 *((intOrPtr*)(_t184 + 7)) = 0xffffffff;
				asm("movups [ebp+0x17], xmm0");
				 *((long long*)(_t184 + 0x17)) = "bad allocation";
				 *((long long*)(_t184 - 0x19)) = 0x87cdef20;
				 *((long long*)(_t184 + 0xf)) = 0x87cdef30;
				 *((long long*)(_t184 - 0x49)) = 0x87cded40;
				 *((long long*)(_t184 - 0x39)) = 0x87cdcf08;
				 *((intOrPtr*)(_t187 + 0x20)) = 2;
				 *((long long*)(_t187 + 0x30)) = 0x87cdcef8;
				 *(_t187 + 0x38) = _t190;
				 *((long long*)(_t184 - 0x79)) =  *((intOrPtr*)(_t184 - 9));
				 *((long long*)(_t184 - 0x71)) =  *((intOrPtr*)(_t184 - 1));
				 *((intOrPtr*)(_t184 - 0x69)) = 0xffffffff;
				 *((long long*)(_t184 - 0x61)) = 0x87cdb9e8;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x59], xmm0");
				0x87cd70e3(_t198, _t195, _t192, _t190, _t178, _t181, _t183);
				 *((long long*)(_t187 + 0x30)) = 0x87cded00;
				 *((long long*)(_t184 - 0x61)) = 0x87cded10;
				 *((long long*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x49)) = 0x87cded28;
				 *((intOrPtr*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x4d)) =  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x10;
				 *(_t184 + 0x6f) = __rbx;
				_t159 =  *(_t184 - 0x11);
				if (_t159 == 0) goto 0x87cd4691;
				_t129 =  *_t159;
				 *((intOrPtr*)(_t129 + 0x28))();
				_t152 =  *_t129;
				 *(_t184 + 0x6f) = _t152;
				if (_t152 == 0) goto 0x87cd4674;
				 *((intOrPtr*)( *_t152 + 0x18))();
				_t161 =  *((intOrPtr*)(_t184 + 0x67));
				if (_t161 == 0) goto 0x87cd4691;
				 *((intOrPtr*)( *_t161 + 0x20))();
				_t163 =  !=  ? _t190 :  *((intOrPtr*)(_t184 + 0x67));
				 *((long long*)(_t184 + 0x67)) =  !=  ? _t190 :  *((intOrPtr*)(_t184 + 0x67));
				 *((long long*)(_t184 - 0x71)) =  *((intOrPtr*)(_t184 - 1));
				 *((intOrPtr*)(_t184 - 0x69)) =  *((intOrPtr*)(_t184 + 7));
				 *((long long*)(_t184 - 0x79)) =  *((intOrPtr*)(_t184 - 9));
				_t164 =  *(_t187 + 0x38);
				if (_t164 == 0) goto 0x87cd46b7;
				 *((intOrPtr*)( *_t164 + 0x20))();
				 *(_t187 + 0x38) = _t152;
				if (_t152 == 0) goto 0x87cd46cb;
				 *((intOrPtr*)( *_t152 + 0x18))();
				if (_t152 == 0) goto 0x87cd46da;
				 *((intOrPtr*)( *_t152 + 0x20))();
				 *((long long*)(_t184 - 0x79)) = "class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void)";
				 *((long long*)(_t184 - 0x71)) = ".\\boost/exception/detail/exception_ptr.hpp";
				 *((intOrPtr*)(_t184 - 0x69)) = 0x87;
				r8d = 0x44;
				r15d = 1;
				_t112 =  *0x87cf2440 -  *((intOrPtr*)(__r8 +  *((intOrPtr*)( *[gs:0x58] + _t152 * 8)))); // 0x80000001
				if (_t112 > 0) goto 0x87cd4833;
				_t140 =  *0x87cf2430; // 0xc31b00
				 *((long long*)(__rcx)) = _t140;
				_t141 =  *0x87cf2438; // 0xc51400
				 *((long long*)(__rcx + 8)) = _t141;
				if (_t141 == 0) goto 0x87cd4746;
				asm("lock inc esp");
				 *((long long*)(_t187 + 0x30)) = 0x87cded00;
				 *((long long*)(_t184 - 0x61)) = 0x87cded10;
				 *((long long*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x49)) = 0x87cded28;
				 *((intOrPtr*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x4d)) =  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x10;
				 *((long long*)(_t187 + 0x30)) = 0x87cdef20;
				 *((long long*)(_t184 - 0x61)) = 0x87cdb9e8;
				0x87cd70e9();
				 *((long long*)(_t187 + 0x30)) = 0x87cdcef8;
				_t170 =  *(_t187 + 0x38);
				if (_t170 == 0) goto 0x87cd47bf;
				 *((intOrPtr*)( *_t170 + 0x20))();
				_t172 =  !=  ? _t190 :  *(_t187 + 0x38);
				 *(_t187 + 0x38) =  !=  ? _t190 :  *(_t187 + 0x38);
				 *((long long*)(_t184 - 0x39)) = 0x87cdcf08;
				 *((long long*)(_t184 - 0x19)) = 0x87cdef20;
				 *((long long*)(_t184 + 0xf)) = 0x87cdb9e8;
				0x87cd70e9();
				 *((long long*)(_t184 - 0x19)) = 0x87cdcef8;
				_t174 =  *(_t184 - 0x11);
				if (_t174 == 0) goto 0x87cd47f0;
				return  *((intOrPtr*)( *_t174 + 0x20))();
			}























                                                                                                                0x7ff887cd4540
                                                                                                                0x7ff887cd4545
                                                                                                                0x7ff887cd4555
                                                                                                                0x7ff887cd455a
                                                                                                                0x7ff887cd4564
                                                                                                                0x7ff887cd4567
                                                                                                                0x7ff887cd456c
                                                                                                                0x7ff887cd4570
                                                                                                                0x7ff887cd4573
                                                                                                                0x7ff887cd457f
                                                                                                                0x7ff887cd4582
                                                                                                                0x7ff887cd458d
                                                                                                                0x7ff887cd4598
                                                                                                                0x7ff887cd45a3
                                                                                                                0x7ff887cd45ae
                                                                                                                0x7ff887cd45b9
                                                                                                                0x7ff887cd45bd
                                                                                                                0x7ff887cd45cc
                                                                                                                0x7ff887cd45d1
                                                                                                                0x7ff887cd45da
                                                                                                                0x7ff887cd45e2
                                                                                                                0x7ff887cd45e6
                                                                                                                0x7ff887cd45f0
                                                                                                                0x7ff887cd45f4
                                                                                                                0x7ff887cd45f7
                                                                                                                0x7ff887cd4603
                                                                                                                0x7ff887cd4610
                                                                                                                0x7ff887cd461c
                                                                                                                0x7ff887cd462f
                                                                                                                0x7ff887cd463f
                                                                                                                0x7ff887cd4646
                                                                                                                0x7ff887cd464a
                                                                                                                0x7ff887cd4651
                                                                                                                0x7ff887cd4653
                                                                                                                0x7ff887cd465a
                                                                                                                0x7ff887cd465e
                                                                                                                0x7ff887cd4661
                                                                                                                0x7ff887cd4668
                                                                                                                0x7ff887cd4670
                                                                                                                0x7ff887cd4674
                                                                                                                0x7ff887cd467b
                                                                                                                0x7ff887cd4680
                                                                                                                0x7ff887cd4689
                                                                                                                0x7ff887cd468d
                                                                                                                0x7ff887cd4695
                                                                                                                0x7ff887cd469c
                                                                                                                0x7ff887cd46a3
                                                                                                                0x7ff887cd46a7
                                                                                                                0x7ff887cd46af
                                                                                                                0x7ff887cd46b4
                                                                                                                0x7ff887cd46b7
                                                                                                                0x7ff887cd46bf
                                                                                                                0x7ff887cd46c7
                                                                                                                0x7ff887cd46ce
                                                                                                                0x7ff887cd46d6
                                                                                                                0x7ff887cd46e1
                                                                                                                0x7ff887cd46ec
                                                                                                                0x7ff887cd46f0
                                                                                                                0x7ff887cd4706
                                                                                                                0x7ff887cd4710
                                                                                                                0x7ff887cd471a
                                                                                                                0x7ff887cd4720
                                                                                                                0x7ff887cd4726
                                                                                                                0x7ff887cd472d
                                                                                                                0x7ff887cd4730
                                                                                                                0x7ff887cd4737
                                                                                                                0x7ff887cd473e
                                                                                                                0x7ff887cd4740
                                                                                                                0x7ff887cd474d
                                                                                                                0x7ff887cd4759
                                                                                                                0x7ff887cd476c
                                                                                                                0x7ff887cd477c
                                                                                                                0x7ff887cd4780
                                                                                                                0x7ff887cd478c
                                                                                                                0x7ff887cd4794
                                                                                                                0x7ff887cd479a
                                                                                                                0x7ff887cd479f
                                                                                                                0x7ff887cd47a7
                                                                                                                0x7ff887cd47ac
                                                                                                                0x7ff887cd47b6
                                                                                                                0x7ff887cd47ba
                                                                                                                0x7ff887cd47c6
                                                                                                                0x7ff887cd47ca
                                                                                                                0x7ff887cd47ce
                                                                                                                0x7ff887cd47d6
                                                                                                                0x7ff887cd47dc
                                                                                                                0x7ff887cd47e0
                                                                                                                0x7ff887cd47e7
                                                                                                                0x7ff887cd480d

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • bad allocation, xrefs: 00007FF887CD4586
                                                                                                                • .\boost/exception/detail/exception_ptr.hpp, xrefs: 00007FF887CD46E5
                                                                                                                • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void), xrefs: 00007FF887CD46DA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy__std_exception_destroy
                                                                                                                • String ID: .\boost/exception/detail/exception_ptr.hpp$bad allocation$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void)
                                                                                                                • API String ID: 2960854011-706345339
                                                                                                                • Opcode ID: 1a03432ef2f64235de1c2d14ea929b49f55d6afa29ab47f121b1aa27c1e9495f
                                                                                                                • Instruction ID: e84683e5de34b45f994781f70680c540857840cd1f9e0d498c720945f66bb2ab
                                                                                                                • Opcode Fuzzy Hash: 1a03432ef2f64235de1c2d14ea929b49f55d6afa29ab47f121b1aa27c1e9495f
                                                                                                                • Instruction Fuzzy Hash: 8BE14A36B45F418AEB60CF65E8902AC3BB6FB88B88B044536DE4D53B69EF38D555C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD49E0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 297COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 57%
                                                                                                                			E00007FF87FF887CD49E0(signed long long __rbx, long long __rcx, void* __r8) {
				void* _t112;
				intOrPtr* _t129;
				long long _t140;
				long long _t141;
				signed long long _t152;
				intOrPtr* _t159;
				intOrPtr* _t161;
				intOrPtr* _t164;
				intOrPtr* _t170;
				intOrPtr* _t174;
				void* _t178;
				void* _t181;
				void* _t183;
				void* _t184;
				void* _t186;
				void* _t187;
				signed long long _t190;
				void* _t192;
				void* _t195;
				void* _t198;

				 *((long long*)(_t186 + 0x20)) = __rbx;
				 *((long long*)(_t186 + 8)) = __rcx;
				_t184 = _t186 - 0x27;
				_t187 = _t186 - 0xe0;
				r12d = 0;
				 *((intOrPtr*)(_t187 + 0x20)) = r12d;
				 *(_t184 - 0x11) = _t190;
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp-0x9], xmm0");
				 *((intOrPtr*)(_t184 + 7)) = 0xffffffff;
				asm("movups [ebp+0x17], xmm0");
				 *((long long*)(_t184 + 0x17)) = "bad exception";
				 *((long long*)(_t184 - 0x19)) = 0x87cdef48;
				 *((long long*)(_t184 + 0xf)) = 0x87cdef58;
				 *((long long*)(_t184 - 0x49)) = 0x87cdee58;
				 *((long long*)(_t184 - 0x39)) = 0x87cdcf08;
				 *((intOrPtr*)(_t187 + 0x20)) = 2;
				 *((long long*)(_t187 + 0x30)) = 0x87cdcef8;
				 *(_t187 + 0x38) = _t190;
				 *((long long*)(_t184 - 0x79)) =  *((intOrPtr*)(_t184 - 9));
				 *((long long*)(_t184 - 0x71)) =  *((intOrPtr*)(_t184 - 1));
				 *((intOrPtr*)(_t184 - 0x69)) = 0xffffffff;
				 *((long long*)(_t184 - 0x61)) = 0x87cdb9e8;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x59], xmm0");
				0x87cd70e3(_t198, _t195, _t192, _t190, _t178, _t181, _t183);
				 *((long long*)(_t187 + 0x30)) = 0x87cdee18;
				 *((long long*)(_t184 - 0x61)) = 0x87cdee28;
				 *((long long*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x49)) = 0x87cdee40;
				 *((intOrPtr*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x4d)) =  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x10;
				 *(_t184 + 0x6f) = __rbx;
				_t159 =  *(_t184 - 0x11);
				if (_t159 == 0) goto 0x87cd4b31;
				_t129 =  *_t159;
				 *((intOrPtr*)(_t129 + 0x28))();
				_t152 =  *_t129;
				 *(_t184 + 0x6f) = _t152;
				if (_t152 == 0) goto 0x87cd4b14;
				 *((intOrPtr*)( *_t152 + 0x18))();
				_t161 =  *((intOrPtr*)(_t184 + 0x67));
				if (_t161 == 0) goto 0x87cd4b31;
				 *((intOrPtr*)( *_t161 + 0x20))();
				_t163 =  !=  ? _t190 :  *((intOrPtr*)(_t184 + 0x67));
				 *((long long*)(_t184 + 0x67)) =  !=  ? _t190 :  *((intOrPtr*)(_t184 + 0x67));
				 *((long long*)(_t184 - 0x71)) =  *((intOrPtr*)(_t184 - 1));
				 *((intOrPtr*)(_t184 - 0x69)) =  *((intOrPtr*)(_t184 + 7));
				 *((long long*)(_t184 - 0x79)) =  *((intOrPtr*)(_t184 - 9));
				_t164 =  *(_t187 + 0x38);
				if (_t164 == 0) goto 0x87cd4b57;
				 *((intOrPtr*)( *_t164 + 0x20))();
				 *(_t187 + 0x38) = _t152;
				if (_t152 == 0) goto 0x87cd4b6b;
				 *((intOrPtr*)( *_t152 + 0x18))();
				if (_t152 == 0) goto 0x87cd4b7a;
				 *((intOrPtr*)( *_t152 + 0x20))();
				 *((long long*)(_t184 - 0x79)) = "class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)";
				 *((long long*)(_t184 - 0x71)) = ".\\boost/exception/detail/exception_ptr.hpp";
				 *((intOrPtr*)(_t184 - 0x69)) = 0x87;
				r8d = 0x44;
				r15d = 1;
				_t112 =  *0x87cf2458 -  *((intOrPtr*)(__r8 +  *((intOrPtr*)( *[gs:0x58] + _t152 * 8)))); // 0x80000002
				if (_t112 > 0) goto 0x87cd4cd3;
				_t140 =  *0x87cf2448; // 0xc32400
				 *((long long*)(__rcx)) = _t140;
				_t141 =  *0x87cf2450; // 0xc51460
				 *((long long*)(__rcx + 8)) = _t141;
				if (_t141 == 0) goto 0x87cd4be6;
				asm("lock inc esp");
				 *((long long*)(_t187 + 0x30)) = 0x87cdee18;
				 *((long long*)(_t184 - 0x61)) = 0x87cdee28;
				 *((long long*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x49)) = 0x87cdee40;
				 *((intOrPtr*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x4d)) =  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x10;
				 *((long long*)(_t187 + 0x30)) = 0x87cdef48;
				 *((long long*)(_t184 - 0x61)) = 0x87cdb9e8;
				0x87cd70e9();
				 *((long long*)(_t187 + 0x30)) = 0x87cdcef8;
				_t170 =  *(_t187 + 0x38);
				if (_t170 == 0) goto 0x87cd4c5f;
				 *((intOrPtr*)( *_t170 + 0x20))();
				_t172 =  !=  ? _t190 :  *(_t187 + 0x38);
				 *(_t187 + 0x38) =  !=  ? _t190 :  *(_t187 + 0x38);
				 *((long long*)(_t184 - 0x39)) = 0x87cdcf08;
				 *((long long*)(_t184 - 0x19)) = 0x87cdef48;
				 *((long long*)(_t184 + 0xf)) = 0x87cdb9e8;
				0x87cd70e9();
				 *((long long*)(_t184 - 0x19)) = 0x87cdcef8;
				_t174 =  *(_t184 - 0x11);
				if (_t174 == 0) goto 0x87cd4c90;
				return  *((intOrPtr*)( *_t174 + 0x20))();
			}























                                                                                                                0x7ff887cd49e0
                                                                                                                0x7ff887cd49e5
                                                                                                                0x7ff887cd49f5
                                                                                                                0x7ff887cd49fa
                                                                                                                0x7ff887cd4a04
                                                                                                                0x7ff887cd4a07
                                                                                                                0x7ff887cd4a0c
                                                                                                                0x7ff887cd4a10
                                                                                                                0x7ff887cd4a13
                                                                                                                0x7ff887cd4a1f
                                                                                                                0x7ff887cd4a22
                                                                                                                0x7ff887cd4a2d
                                                                                                                0x7ff887cd4a38
                                                                                                                0x7ff887cd4a43
                                                                                                                0x7ff887cd4a4e
                                                                                                                0x7ff887cd4a59
                                                                                                                0x7ff887cd4a5d
                                                                                                                0x7ff887cd4a6c
                                                                                                                0x7ff887cd4a71
                                                                                                                0x7ff887cd4a7a
                                                                                                                0x7ff887cd4a82
                                                                                                                0x7ff887cd4a86
                                                                                                                0x7ff887cd4a90
                                                                                                                0x7ff887cd4a94
                                                                                                                0x7ff887cd4a97
                                                                                                                0x7ff887cd4aa3
                                                                                                                0x7ff887cd4ab0
                                                                                                                0x7ff887cd4abc
                                                                                                                0x7ff887cd4acf
                                                                                                                0x7ff887cd4adf
                                                                                                                0x7ff887cd4ae6
                                                                                                                0x7ff887cd4aea
                                                                                                                0x7ff887cd4af1
                                                                                                                0x7ff887cd4af3
                                                                                                                0x7ff887cd4afa
                                                                                                                0x7ff887cd4afe
                                                                                                                0x7ff887cd4b01
                                                                                                                0x7ff887cd4b08
                                                                                                                0x7ff887cd4b10
                                                                                                                0x7ff887cd4b14
                                                                                                                0x7ff887cd4b1b
                                                                                                                0x7ff887cd4b20
                                                                                                                0x7ff887cd4b29
                                                                                                                0x7ff887cd4b2d
                                                                                                                0x7ff887cd4b35
                                                                                                                0x7ff887cd4b3c
                                                                                                                0x7ff887cd4b43
                                                                                                                0x7ff887cd4b47
                                                                                                                0x7ff887cd4b4f
                                                                                                                0x7ff887cd4b54
                                                                                                                0x7ff887cd4b57
                                                                                                                0x7ff887cd4b5f
                                                                                                                0x7ff887cd4b67
                                                                                                                0x7ff887cd4b6e
                                                                                                                0x7ff887cd4b76
                                                                                                                0x7ff887cd4b81
                                                                                                                0x7ff887cd4b8c
                                                                                                                0x7ff887cd4b90
                                                                                                                0x7ff887cd4ba6
                                                                                                                0x7ff887cd4bb0
                                                                                                                0x7ff887cd4bba
                                                                                                                0x7ff887cd4bc0
                                                                                                                0x7ff887cd4bc6
                                                                                                                0x7ff887cd4bcd
                                                                                                                0x7ff887cd4bd0
                                                                                                                0x7ff887cd4bd7
                                                                                                                0x7ff887cd4bde
                                                                                                                0x7ff887cd4be0
                                                                                                                0x7ff887cd4bed
                                                                                                                0x7ff887cd4bf9
                                                                                                                0x7ff887cd4c0c
                                                                                                                0x7ff887cd4c1c
                                                                                                                0x7ff887cd4c20
                                                                                                                0x7ff887cd4c2c
                                                                                                                0x7ff887cd4c34
                                                                                                                0x7ff887cd4c3a
                                                                                                                0x7ff887cd4c3f
                                                                                                                0x7ff887cd4c47
                                                                                                                0x7ff887cd4c4c
                                                                                                                0x7ff887cd4c56
                                                                                                                0x7ff887cd4c5a
                                                                                                                0x7ff887cd4c66
                                                                                                                0x7ff887cd4c6a
                                                                                                                0x7ff887cd4c6e
                                                                                                                0x7ff887cd4c76
                                                                                                                0x7ff887cd4c7c
                                                                                                                0x7ff887cd4c80
                                                                                                                0x7ff887cd4c87
                                                                                                                0x7ff887cd4cad

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • .\boost/exception/detail/exception_ptr.hpp, xrefs: 00007FF887CD4B85
                                                                                                                • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void), xrefs: 00007FF887CD4B7A
                                                                                                                • bad exception, xrefs: 00007FF887CD4A26
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy__std_exception_destroy
                                                                                                                • String ID: .\boost/exception/detail/exception_ptr.hpp$bad exception$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)
                                                                                                                • API String ID: 2960854011-1507259449
                                                                                                                • Opcode ID: a539889434486427bc690e4f49dfe9097a35e615ac8ccd8f044595b96ec35b04
                                                                                                                • Instruction ID: bfd026989b41ef8f3ce7cfc806bec36adfbf961589ec7c48b377718d26f997d8
                                                                                                                • Opcode Fuzzy Hash: a539889434486427bc690e4f49dfe9097a35e615ac8ccd8f044595b96ec35b04
                                                                                                                • Instruction Fuzzy Hash: 26E13936B45F418AEB60CF65E4802AC3BB6FB88B98B048536DE4D53B69EF38D555C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CAAB60 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 168COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 36%
                                                                                                                			E00007FF87FF887CAAB60(long long __rcx, void* __rdx, void* __rbp, long long _a40) {
				signed int _v64;
				intOrPtr _v72;
				char _v96;
				intOrPtr _v104;
				char _v128;
				long long _v136;
				long long _v144;
				char _v154;
				short _v156;
				char _v160;
				char _v176;
				char _v184;
				char _v192;
				char _v200;
				long long _v216;
				long long _v224;
				long long _v232;
				long long _v240;
				long long _v248;
				void* __rbx;
				void* __rsi;
				void* __r14;
				char _t54;
				void* _t76;
				signed long long _t95;
				signed long long _t96;
				long long _t100;
				void* _t104;
				long long _t114;
				char _t133;
				long long _t142;
				intOrPtr _t147;
				intOrPtr _t152;
				intOrPtr _t155;
				intOrPtr _t158;
				void* _t161;
				long long _t162;
				void* _t163;
				void* _t164;
				void* _t167;
				void* _t171;
				long long _t172;

				_t163 = __rbp;
				_t171 = _t164;
				_t165 = _t164 - 0xe8;
				_t95 =  *0x87ceec78; // 0x53a27ff7578c
				_t96 = _t95 ^ _t164 - 0x000000e8;
				_v64 = _t96;
				r12d = r9d;
				r15d = r8d;
				_t161 = __rdx;
				_t172 = __rcx;
				_v192 = r8d;
				_v200 = r9d;
				_t162 = _a40;
				_v160 = _t114;
				 *((long long*)(_t171 - 0x88)) = 0xf;
				 *((long long*)(_t171 - 0x90)) = 6;
				_t54 = "system"; // 0x74737973
				_v160 = _t54;
				_v156 =  *0x87cdba84 & 0x0000ffff;
				_v154 = 0;
				 *((long long*)(_t171 - 0x80)) = _t114;
				asm("movdqa xmm0, [0x317ba]");
				asm("repe inc ecx");
				 *((char*)(_t171 - 0x80)) = 0;
				E00007FF87FF887CBD640(_t114, __rcx, _t167);
				if ( &_v128 == _t96) goto 0x87caac20;
				if ( *((long long*)(_t96 + 0x18)) - 0x10 < 0) goto 0x87caac10;
				E00007FF87FF887CA9100(_t114,  &_v128,  *_t96,  *((intOrPtr*)(_t96 + 0x10)), _t172);
				E00007FF87FF887CC06F0( *((long long*)(_t96 + 0x18)) - 0x10,  *_t96,  &_v160,  *((intOrPtr*)(_t96 + 0x10)));
				_t142 = _v136;
				if (_t142 - 0x10 < 0) goto 0x87caac6e;
				if (_t142 + 1 - 0x1000 < 0) goto 0x87caac69;
				_t100 = _v160 -  *((intOrPtr*)(_v160 - 8)) + 0xfffffff8;
				if (_t100 - 0x1f <= 0) goto 0x87caac69;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v144 = _t114;
				_v136 = 0xf;
				_v160 = 0;
				_v176 = _t162;
				E00007FF87FF887CB4280(_t76, _t114,  &_v96, _t161, _t162, _t163);
				_v184 = _t172;
				_v216 =  &_v176;
				_v224 =  &_v200;
				_v232 =  &_v192;
				_v240 = _t100;
				_v248 =  &_v184;
				r8d = 0xb9;
				E00007FF87FF887CA5F50(0, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_startdocport {:#x}, \'{}\', {}, {}, {:#x}");
				_t147 = _v72;
				if (_t147 - 0x10 < 0) goto 0x87caad31;
				if (_t147 + 1 - 0x1000 < 0) goto 0x87caad2c;
				_t104 = _v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8;
				if (_t104 - 0x1f <= 0) goto 0x87caad2c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CAE0D0( *((intOrPtr*)(_v96 - 8)), _t147 + 0x28);
				E00007FF87FF887CB4280(_t76, _t104,  &_v96, _t161, _t162, _t163);
				_v240 = _t162;
				_v248 = r12d;
				r9d = r15d;
				_t169 = _t104;
				E00007FF87FF887CB0CE0(0, _t76, _t104, _t104, _t172, _t104);
				_t152 = _v72;
				if (_t152 - 0x10 < 0) goto 0x87caadad;
				if (_t152 + 1 - 0x1000 < 0) goto 0x87caada7;
				if (_v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caada7;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CC06F0(_v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8 - 0x1f, _v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8,  &_v128, _t104);
				_t155 = _v104;
				if (_t155 - 0x10 < 0) goto 0x87caae01;
				_t133 = _v128;
				if (_t155 + 1 - 0x1000 < 0) goto 0x87caadfb;
				_t110 = _t133 -  *((intOrPtr*)(_t133 - 8)) + 0xfffffff8;
				_t90 = _t133 -  *((intOrPtr*)(_t133 - 8)) + 0xfffffff8 - 0x1f;
				if (_t133 -  *((intOrPtr*)(_t133 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caadfb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CC06F0(_t90, _t110,  &_v128, _t169);
				_t158 = _v104;
				if (_t158 - 0x10 < 0) goto 0x87caae5c;
				if (_t158 + 1 - 0x1000 < 0) goto 0x87caae56;
				if (_v128 -  *((intOrPtr*)(_v128 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caae56;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				return E00007FF87FF887CC5E20(0, 0, _v64 ^ _t165);
			}













































                                                                                                                0x7ff887caab60
                                                                                                                0x7ff887caab60
                                                                                                                0x7ff887caab6c
                                                                                                                0x7ff887caab73
                                                                                                                0x7ff887caab7a
                                                                                                                0x7ff887caab7d
                                                                                                                0x7ff887caab85
                                                                                                                0x7ff887caab88
                                                                                                                0x7ff887caab8b
                                                                                                                0x7ff887caab8e
                                                                                                                0x7ff887caab91
                                                                                                                0x7ff887caab96
                                                                                                                0x7ff887caab9b
                                                                                                                0x7ff887caaba5
                                                                                                                0x7ff887caabaa
                                                                                                                0x7ff887caabb5
                                                                                                                0x7ff887caabc0
                                                                                                                0x7ff887caabc6
                                                                                                                0x7ff887caabd1
                                                                                                                0x7ff887caabd6
                                                                                                                0x7ff887caabda
                                                                                                                0x7ff887caabde
                                                                                                                0x7ff887caabe6
                                                                                                                0x7ff887caabec
                                                                                                                0x7ff887caabf0
                                                                                                                0x7ff887caac00
                                                                                                                0x7ff887caac0b
                                                                                                                0x7ff887caac1b
                                                                                                                0x7ff887caac25
                                                                                                                0x7ff887caac2b
                                                                                                                0x7ff887caac37
                                                                                                                0x7ff887caac4b
                                                                                                                0x7ff887caac58
                                                                                                                0x7ff887caac60
                                                                                                                0x7ff887caac62
                                                                                                                0x7ff887caac68
                                                                                                                0x7ff887caac69
                                                                                                                0x7ff887caac6e
                                                                                                                0x7ff887caac76
                                                                                                                0x7ff887caac82
                                                                                                                0x7ff887caac87
                                                                                                                0x7ff887caac97
                                                                                                                0x7ff887caac9d
                                                                                                                0x7ff887caaca7
                                                                                                                0x7ff887caacb1
                                                                                                                0x7ff887caacbb
                                                                                                                0x7ff887caacc0
                                                                                                                0x7ff887caacca
                                                                                                                0x7ff887caacd6
                                                                                                                0x7ff887caace5
                                                                                                                0x7ff887caaceb
                                                                                                                0x7ff887caacf7
                                                                                                                0x7ff887caad0e
                                                                                                                0x7ff887caad1b
                                                                                                                0x7ff887caad23
                                                                                                                0x7ff887caad25
                                                                                                                0x7ff887caad2b
                                                                                                                0x7ff887caad2c
                                                                                                                0x7ff887caad31
                                                                                                                0x7ff887caad44
                                                                                                                0x7ff887caad4a
                                                                                                                0x7ff887caad4f
                                                                                                                0x7ff887caad54
                                                                                                                0x7ff887caad57
                                                                                                                0x7ff887caad60
                                                                                                                0x7ff887caad66
                                                                                                                0x7ff887caad72
                                                                                                                0x7ff887caad89
                                                                                                                0x7ff887caad9e
                                                                                                                0x7ff887caada0
                                                                                                                0x7ff887caada6
                                                                                                                0x7ff887caada7
                                                                                                                0x7ff887caadb5
                                                                                                                0x7ff887caadba
                                                                                                                0x7ff887caadc6
                                                                                                                0x7ff887caadcb
                                                                                                                0x7ff887caaddd
                                                                                                                0x7ff887caadea
                                                                                                                0x7ff887caadee
                                                                                                                0x7ff887caadf2
                                                                                                                0x7ff887caadf4
                                                                                                                0x7ff887caadfa
                                                                                                                0x7ff887caadfb
                                                                                                                0x7ff887caae10
                                                                                                                0x7ff887caae15
                                                                                                                0x7ff887caae21
                                                                                                                0x7ff887caae38
                                                                                                                0x7ff887caae4d
                                                                                                                0x7ff887caae4f
                                                                                                                0x7ff887caae55
                                                                                                                0x7ff887caae56
                                                                                                                0x7ff887caae7e

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CBD640: __tlregdtor.LIBCMT ref: 00007FF887CBD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAAC62
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAAD25
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAADA0
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAADF4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_startdocport {:#x}, '{}', {}, {}, {:#x}$system
                                                                                                                • API String ID: 333172304-80416438
                                                                                                                • Opcode ID: 406ab90b12b9c71644ad45163aa117fb6f4394c3b52fa641a7fa9bed9ec58b32
                                                                                                                • Instruction ID: d973ab5be0da22909092aafa0e6278d233508af204ebe3ff2f1589c15b4993c8
                                                                                                                • Opcode Fuzzy Hash: 406ab90b12b9c71644ad45163aa117fb6f4394c3b52fa641a7fa9bed9ec58b32
                                                                                                                • Instruction Fuzzy Hash: 58718272A48A8141EB60CB65F4443AEB762FB847E1F504236EAAD43BE9DF7CD484C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA9980 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 146COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 32%
                                                                                                                			E00007FF87FF887CA9980(long long __rbx, void* __rcx, long long __rdx, void* __rbp, void* __r8, long long _a32) {
				signed int _v40;
				intOrPtr _v48;
				char _v72;
				long long _v80;
				long long _v88;
				char _v104;
				intOrPtr _v112;
				char _v136;
				long long _v144;
				long long _v152;
				char _v162;
				short _v164;
				char _v168;
				char _v184;
				long long _v200;
				long long _v208;
				long long _v216;
				void* __rsi;
				void* __r14;
				char _t49;
				void* _t68;
				signed long long _t87;
				signed long long _t88;
				long long _t92;
				void* _t106;
				long long _t107;
				char _t123;
				long long _t132;
				long long _t138;
				intOrPtr _t141;
				intOrPtr _t144;
				intOrPtr _t147;
				void* _t150;
				long long _t151;
				void* _t152;
				void* _t153;
				intOrPtr _t157;
				long long _t159;

				_t152 = __rbp;
				_a32 = __rbx;
				_t154 = _t153 - 0xe0;
				_t87 =  *0x87ceec78; // 0x53a27ff7578c
				_t88 = _t87 ^ _t153 - 0x000000e0;
				_v40 = _t88;
				_t106 = __r8;
				_t151 = __rdx;
				_t150 = __rcx;
				r14d = 0;
				_v168 = _t159;
				_v144 = 0xf;
				_v152 = 6;
				_t49 = "system"; // 0x74737973
				_v168 = _t49;
				_v164 =  *0x87cdba84 & 0x0000ffff;
				_v162 = r14b;
				_v136 = _t159;
				asm("movdqa xmm0, [0x329b3]");
				asm("movdqu [esp+0x80], xmm0");
				_v136 = r14b;
				E00007FF87FF887CBD640(__r8, __rcx, __r8);
				if ( &_v136 == _t88) goto 0x87ca9a25;
				_t157 =  *((intOrPtr*)(_t88 + 0x10));
				if ( *((long long*)(_t88 + 0x18)) - 0x10 < 0) goto 0x87ca9a18;
				E00007FF87FF887CA9100(__r8,  &_v136,  *_t88, _t157, _t159);
				E00007FF87FF887CC06F0( *((long long*)(_t88 + 0x18)) - 0x10,  *_t88,  &_v168, _t157);
				_t132 = _v144;
				if (_t132 - 0x10 < 0) goto 0x87ca9a70;
				if (_t132 + 1 - 0x1000 < 0) goto 0x87ca9a6b;
				_t92 = _v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8;
				if (_t92 - 0x1f <= 0) goto 0x87ca9a6b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v152 = _t159;
				_v144 = 0xf;
				_v168 = 0;
				E00007FF87FF887CB4280(_t68, _t106,  &_v72, _t106, _t151, _t152);
				_t107 = _t92;
				_v184 = _t151;
				E00007FF87FF887CB4280(_t68, _t107,  &_v104, _t150, _t151, _t152);
				_v200 = _t107;
				_v208 =  &_v184;
				_v216 = _t92;
				r8d = 0x51;
				_t67 = _t157 - 0x50;
				E00007FF87FF887CA5BB0(_t157 - 0x50, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_configureport \'{}\', {:#x}, \'{}\'");
				_t138 = _v80;
				if (_t138 - 0x10 < 0) goto 0x87ca9b24;
				if (_t138 + 1 - 0x1000 < 0) goto 0x87ca9b1f;
				if (_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca9b1f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v88 = _t159;
				_v80 = 0xf;
				_v104 = 0;
				_t141 = _v48;
				if (_t141 - 0x10 < 0) goto 0x87ca9b87;
				if (_t141 + 1 - 0x1000 < 0) goto 0x87ca9b81;
				if (_v72 -  *((intOrPtr*)(_v72 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca9b81;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CC06F0(_v72 -  *((intOrPtr*)(_v72 - 8)) + 0xfffffff8 - 0x1f, _v72 -  *((intOrPtr*)(_v72 - 8)) + 0xfffffff8,  &_v136, _t157);
				_t144 = _v112;
				if (_t144 - 0x10 < 0) goto 0x87ca9bd5;
				_t123 = _v136;
				if (_t144 + 1 - 0x1000 < 0) goto 0x87ca9bcf;
				_t101 = _t123 -  *((intOrPtr*)(_t123 - 8)) + 0xfffffff8;
				_t82 = _t123 -  *((intOrPtr*)(_t123 - 8)) + 0xfffffff8 - 0x1f;
				if (_t123 -  *((intOrPtr*)(_t123 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca9bcf;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CC06F0(_t82, _t101,  &_v136, _t157);
				_t147 = _v112;
				if (_t147 - 0x10 < 0) goto 0x87ca9c2a;
				if (_t147 + 1 - 0x1000 < 0) goto 0x87ca9c24;
				if (_v136 -  *((intOrPtr*)(_v136 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca9c24;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				return E00007FF87FF887CC5E20(0, _t67, _v40 ^ _t154);
			}









































                                                                                                                0x7ff887ca9980
                                                                                                                0x7ff887ca9980
                                                                                                                0x7ff887ca9989
                                                                                                                0x7ff887ca9990
                                                                                                                0x7ff887ca9997
                                                                                                                0x7ff887ca999a
                                                                                                                0x7ff887ca99a2
                                                                                                                0x7ff887ca99a5
                                                                                                                0x7ff887ca99a8
                                                                                                                0x7ff887ca99ab
                                                                                                                0x7ff887ca99ae
                                                                                                                0x7ff887ca99b3
                                                                                                                0x7ff887ca99bc
                                                                                                                0x7ff887ca99c5
                                                                                                                0x7ff887ca99cb
                                                                                                                0x7ff887ca99d6
                                                                                                                0x7ff887ca99db
                                                                                                                0x7ff887ca99e0
                                                                                                                0x7ff887ca99e5
                                                                                                                0x7ff887ca99ed
                                                                                                                0x7ff887ca99f6
                                                                                                                0x7ff887ca99fb
                                                                                                                0x7ff887ca9a08
                                                                                                                0x7ff887ca9a0a
                                                                                                                0x7ff887ca9a13
                                                                                                                0x7ff887ca9a20
                                                                                                                0x7ff887ca9a2a
                                                                                                                0x7ff887ca9a30
                                                                                                                0x7ff887ca9a39
                                                                                                                0x7ff887ca9a4d
                                                                                                                0x7ff887ca9a5a
                                                                                                                0x7ff887ca9a62
                                                                                                                0x7ff887ca9a64
                                                                                                                0x7ff887ca9a6a
                                                                                                                0x7ff887ca9a6b
                                                                                                                0x7ff887ca9a70
                                                                                                                0x7ff887ca9a75
                                                                                                                0x7ff887ca9a7e
                                                                                                                0x7ff887ca9a8e
                                                                                                                0x7ff887ca9a93
                                                                                                                0x7ff887ca9a96
                                                                                                                0x7ff887ca9aa6
                                                                                                                0x7ff887ca9aac
                                                                                                                0x7ff887ca9ab6
                                                                                                                0x7ff887ca9abb
                                                                                                                0x7ff887ca9ac7
                                                                                                                0x7ff887ca9ad4
                                                                                                                0x7ff887ca9ad8
                                                                                                                0x7ff887ca9ade
                                                                                                                0x7ff887ca9aea
                                                                                                                0x7ff887ca9b01
                                                                                                                0x7ff887ca9b16
                                                                                                                0x7ff887ca9b18
                                                                                                                0x7ff887ca9b1e
                                                                                                                0x7ff887ca9b1f
                                                                                                                0x7ff887ca9b24
                                                                                                                0x7ff887ca9b2c
                                                                                                                0x7ff887ca9b38
                                                                                                                0x7ff887ca9b40
                                                                                                                0x7ff887ca9b4c
                                                                                                                0x7ff887ca9b63
                                                                                                                0x7ff887ca9b78
                                                                                                                0x7ff887ca9b7a
                                                                                                                0x7ff887ca9b80
                                                                                                                0x7ff887ca9b81
                                                                                                                0x7ff887ca9b8c
                                                                                                                0x7ff887ca9b91
                                                                                                                0x7ff887ca9b9d
                                                                                                                0x7ff887ca9ba2
                                                                                                                0x7ff887ca9bb1
                                                                                                                0x7ff887ca9bbe
                                                                                                                0x7ff887ca9bc2
                                                                                                                0x7ff887ca9bc6
                                                                                                                0x7ff887ca9bc8
                                                                                                                0x7ff887ca9bce
                                                                                                                0x7ff887ca9bcf
                                                                                                                0x7ff887ca9be1
                                                                                                                0x7ff887ca9be6
                                                                                                                0x7ff887ca9bf2
                                                                                                                0x7ff887ca9c06
                                                                                                                0x7ff887ca9c1b
                                                                                                                0x7ff887ca9c1d
                                                                                                                0x7ff887ca9c23
                                                                                                                0x7ff887ca9c24
                                                                                                                0x7ff887ca9c4f

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CBD640: __tlregdtor.LIBCMT ref: 00007FF887CBD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA9A64
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA9B18
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA9B7A
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA9BC8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_configureport '{}', {:#x}, '{}'$system
                                                                                                                • API String ID: 333172304-3163355225
                                                                                                                • Opcode ID: e14ab46071b807c50b760bae5b8b4710aa90fb6ebf50a14d2b1117d1926ebb90
                                                                                                                • Instruction ID: c9f66b0c570b02433307e4bdd5de8fab732d38b2827affd7871e0b5739d369f9
                                                                                                                • Opcode Fuzzy Hash: e14ab46071b807c50b760bae5b8b4710aa90fb6ebf50a14d2b1117d1926ebb90
                                                                                                                • Instruction Fuzzy Hash: B1518262A58B8141EB20DB64F4453AEB772FB947E1F504236EAAD07AE9DF7CD081C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB5550 Relevance: 12.2, APIs: 8, Instructions: 248COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FF887CB5BDD), ref: 00007FF887CB5643
                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FF887CB5BDD), ref: 00007FF887CB565A
                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FF887CB5BDD), ref: 00007FF887CB567E
                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FF887CB5BDD), ref: 00007FF887CB5695
                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FF887CB5BDD), ref: 00007FF887CB56CE
                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FF887CB5BDD), ref: 00007FF887CB56E5
                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FF887CB5BDD), ref: 00007FF887CB573E
                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FF887CB5BDD), ref: 00007FF887CB5755
                                                                                                                  • Part of subcall function 00007FF887CB5480: __std_type_info_compare.VCRUNTIME140(?,?,?,00007FF887CB561B,?,?,00000000,00007FF887CB5BDD), ref: 00007FF887CB54A6
                                                                                                                  • Part of subcall function 00007FF887CB5480: __std_type_info_compare.VCRUNTIME140(?,?,?,00007FF887CB561B,?,?,00000000,00007FF887CB5BDD), ref: 00007FF887CB54DE
                                                                                                                  • Part of subcall function 00007FF887CB5480: __std_type_info_compare.VCRUNTIME140(?,?,?,00007FF887CB561B,?,?,00000000,00007FF887CB5BDD), ref: 00007FF887CB5516
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_type_info_compare
                                                                                                                • String ID:
                                                                                                                • API String ID: 4241632388-0
                                                                                                                • Opcode ID: 7d142e9f2ca846a9df2f65f0f1854761cbdd8297f96bc156cff0964b0237385b
                                                                                                                • Instruction ID: 5ad2ff8b4ee2ee6ff1ec61fcf4967186ced4adcb9ce71b9b7edd06d9f3442e91
                                                                                                                • Opcode Fuzzy Hash: 7d142e9f2ca846a9df2f65f0f1854761cbdd8297f96bc156cff0964b0237385b
                                                                                                                • Instruction Fuzzy Hash: C3A17876B96A8282DB10CF56E98427DA776FB88BD4B048432DF9D47745DF38E261C310
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CBBD30 Relevance: 12.1, APIs: 8, Instructions: 135COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memmove.VCRUNTIME140(?,?,00000000,?,00007FF887CBE79F), ref: 00007FF887CBBE20
                                                                                                                • memmove.VCRUNTIME140(?,?,00000000,?,00007FF887CBE79F), ref: 00007FF887CBBE37
                                                                                                                • memset.VCRUNTIME140(?,?,00000000,?,00007FF887CBE79F), ref: 00007FF887CBBE4C
                                                                                                                • memmove.VCRUNTIME140(?,?,00000000,?,00007FF887CBE79F), ref: 00007FF887CBBE64
                                                                                                                • memmove.VCRUNTIME140(?,?,00000000,?,00007FF887CBE79F), ref: 00007FF887CBBE7D
                                                                                                                • memset.VCRUNTIME140(?,?,00000000,?,00007FF887CBE79F), ref: 00007FF887CBBE8B
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,00007FF887CBE79F), ref: 00007FF887CBBEEF
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887CBBEF6
                                                                                                                  • Part of subcall function 00007FF887CC56A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887CA8F4E), ref: 00007FF887CC56C2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$memset$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1282081513-0
                                                                                                                • Opcode ID: f6b35741b10c704098a06c801e1f053a1391e23ad5623e337860fab711777fad
                                                                                                                • Instruction ID: befc24b3110fedf9383e20703cfda1c4612df841ff7e740f450654eb4b86da6d
                                                                                                                • Opcode Fuzzy Hash: f6b35741b10c704098a06c801e1f053a1391e23ad5623e337860fab711777fad
                                                                                                                • Instruction Fuzzy Hash: 6041C061B49A8285EF14DF66E4402AC6B62FB45BE8F544635EB6D0BBDACE3CD240C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CCB140 Relevance: 10.6, APIs: 7, Instructions: 134COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887CCB1C7
                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF887CCB21E
                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF887CCB248
                                                                                                                • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF887CCB283
                                                                                                                • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF887CCB2B7
                                                                                                                • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF887CCB2BE
                                                                                                                • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF887CCB2CA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                                                                                                                • String ID:
                                                                                                                • API String ID: 1492985063-0
                                                                                                                • Opcode ID: 9d0936fb1a672e1796aba82365c1d2076bff5db8fa4339c5f789ed29314c767b
                                                                                                                • Instruction ID: 18e2e153be161a0918f84ba3bea8cf99c37b02e19a3cf255b6ceb67e2ad7c765
                                                                                                                • Opcode Fuzzy Hash: 9d0936fb1a672e1796aba82365c1d2076bff5db8fa4339c5f789ed29314c767b
                                                                                                                • Instruction Fuzzy Hash: 0E512F22648A8181EB208F9AE59427DAF72FF85FD9F158535CE4E477A1CE39D646C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CAC670 Relevance: 10.6, APIs: 7, Instructions: 125COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(00000009,?,?,?,?,00007FF887CAF95E), ref: 00007FF887CAC6D3
                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(00000009,?,?,?,?,00007FF887CAF95E), ref: 00007FF887CAC74A
                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(00000009,?,?,?,?,00007FF887CAF95E), ref: 00007FF887CAC770
                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,00007FF887CAF95E), ref: 00007FF887CAC79B
                                                                                                                • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(00000009,?,?,?,?,00007FF887CAF95E), ref: 00007FF887CAC7DC
                                                                                                                • ?uncaught_exception@std@@YA_NXZ.MSVCP140(?,?,?,00007FF887CAF95E), ref: 00007FF887CAC7E3
                                                                                                                • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140(?,?,?,00007FF887CAF95E), ref: 00007FF887CAC7EF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                                                                                                                • String ID:
                                                                                                                • API String ID: 2331969452-0
                                                                                                                • Opcode ID: f691e1f04ba2ee2f9ca696224b13ba9103c1a7b8a4e03602e614a439e787b8e8
                                                                                                                • Instruction ID: cd8f16f4c236707f9668820fd278028b8d6168871aaa482d0cbe536ef14ad004
                                                                                                                • Opcode Fuzzy Hash: f691e1f04ba2ee2f9ca696224b13ba9103c1a7b8a4e03602e614a439e787b8e8
                                                                                                                • Instruction Fuzzy Hash: 3C517F62649A4186DB20CF1AD18027DABB1FF85FD6F158636CE5E477A0CF39C446C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CAE3A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 15%
                                                                                                                			E00007FF87FF887CAE3A0(void* __eax, void* __ebp, long long __rbx, long long __rcx, void* __rdx, long long _a24) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				signed long long _v104;
				signed long long _v112;
				long long _v120;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r14;
				void* _t35;
				void* _t37;
				signed long long _t52;
				signed long long _t53;
				long long _t66;
				intOrPtr _t83;
				signed long long _t86;
				long long _t87;
				void* _t88;
				void* _t89;
				void* _t92;
				void* _t94;

				_t66 = __rcx;
				_a24 = __rbx;
				_t52 =  *0x87ceec78; // 0x53a27ff7578c
				_t53 = _t52 ^ _t89 - 0x00000070;
				_v56 = _t53;
				_t88 = __rdx;
				_t87 = __rcx;
				if ( *((long long*)(__rdx + 0x10)) == 0) goto 0x87cae517;
				_t4 = _t66 + 0x70; // 0x70
				_v120 = _t4;
				0x87cc5430();
				if (__eax != 0) goto 0x87cae50f;
				E00007FF87FF887CC56A8(E00007FF87FF887CB3D90(_t37, _t4,  &_v88, __rcx, __rdx, _t92, _t94), _t53,  &_v88);
				_t86 = _t53;
				_v112 = _t53;
				if (_t53 == 0) goto 0x87cae43c;
				asm("xorps xmm0, xmm0");
				asm("movups [eax], xmm0");
				 *((intOrPtr*)(_t53 + 8)) = 1;
				 *((intOrPtr*)(_t53 + 0xc)) = 1;
				 *_t86 = 0x87cdc988;
				_t10 = _t86 + 0x10; // 0x10
				E00007FF87FF887CAD640(0x87cdc988, _t4, _t10, _t88, _t53);
				goto 0x87cae43e;
				_t11 = _t86 + 0x10; // 0x10
				_v112 = _t11;
				_v104 = _t86;
				_t15 = _t87 + 0x60; // 0x60
				E00007FF87FF887CAC830(_t4, _t15,  &_v112, _t87);
				if (_v104 == 0) goto 0x87cae49d;
				asm("lock xadd [ecx+0x8], eax");
				if (0xffffffff != 1) goto 0x87cae498;
				 *((intOrPtr*)( *_v104))();
				asm("lock xadd [ebx+0xc], edi");
				if (0xffffffff != 1) goto 0x87cae498;
				 *((intOrPtr*)( *_v104 + 8))();
				_t83 = _v64;
				if (_t83 - 0x10 < 0) goto 0x87cae4dd;
				if (_t83 + 1 - 0x1000 < 0) goto 0x87cae4d8;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cae4d8;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_t35 = E00007FF87FF887CB07D0(_v120, _t87, _t86, _t87);
				0x87cc5436();
				return E00007FF87FF887CC5E20(_t35, 0x118, _v56 ^ _t89 - 0x00000070);
			}

























                                                                                                                0x7ff887cae3a0
                                                                                                                0x7ff887cae3a0
                                                                                                                0x7ff887cae3b0
                                                                                                                0x7ff887cae3b7
                                                                                                                0x7ff887cae3ba
                                                                                                                0x7ff887cae3bf
                                                                                                                0x7ff887cae3c2
                                                                                                                0x7ff887cae3ca
                                                                                                                0x7ff887cae3d0
                                                                                                                0x7ff887cae3d4
                                                                                                                0x7ff887cae3dc
                                                                                                                0x7ff887cae3e3
                                                                                                                0x7ff887cae3fb
                                                                                                                0x7ff887cae400
                                                                                                                0x7ff887cae403
                                                                                                                0x7ff887cae40b
                                                                                                                0x7ff887cae40d
                                                                                                                0x7ff887cae410
                                                                                                                0x7ff887cae413
                                                                                                                0x7ff887cae41a
                                                                                                                0x7ff887cae428
                                                                                                                0x7ff887cae42b
                                                                                                                0x7ff887cae435
                                                                                                                0x7ff887cae43a
                                                                                                                0x7ff887cae43e
                                                                                                                0x7ff887cae442
                                                                                                                0x7ff887cae447
                                                                                                                0x7ff887cae451
                                                                                                                0x7ff887cae455
                                                                                                                0x7ff887cae463
                                                                                                                0x7ff887cae46c
                                                                                                                0x7ff887cae474
                                                                                                                0x7ff887cae481
                                                                                                                0x7ff887cae483
                                                                                                                0x7ff887cae48b
                                                                                                                0x7ff887cae495
                                                                                                                0x7ff887cae49d
                                                                                                                0x7ff887cae4a6
                                                                                                                0x7ff887cae4ba
                                                                                                                0x7ff887cae4cf
                                                                                                                0x7ff887cae4d1
                                                                                                                0x7ff887cae4d7
                                                                                                                0x7ff887cae4d8
                                                                                                                0x7ff887cae4e0
                                                                                                                0x7ff887cae4e9
                                                                                                                0x7ff887cae50e

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$C_error@std@@ErrorExceptionLastMtx_lockMtx_unlockPathTempThrowThrow__invalid_parameter_noinfo_noreturnmalloc
                                                                                                                • String ID: port name cannot be empty
                                                                                                                • API String ID: 314681990-1868005089
                                                                                                                • Opcode ID: 0b3eac9eee0a13e11e49dcbd756b6e8cc6a8d33c295c26f0e35e345daeeacace
                                                                                                                • Instruction ID: b7da5f5d67baedeca3d86ae7e2709eb8a2be535e90355886ad55165422195a7b
                                                                                                                • Opcode Fuzzy Hash: 0b3eac9eee0a13e11e49dcbd756b6e8cc6a8d33c295c26f0e35e345daeeacace
                                                                                                                • Instruction Fuzzy Hash: 6241CF72A98B4282EB10DF25E5412ADA3B2FBC8BE5F544631EA5D437A5EF3CD481C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB3D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 23%
                                                                                                                			E00007FF87FF887CB3D90(void* __ebx, long long __rbx, intOrPtr* __rcx, long long __rsi, long long __rbp, void* __r8, void* __r14, long long _a16, long long _a24, long long _a32) {
				void* _v8;
				signed int _v24;
				char _v1064;
				char _v1592;
				char _v1608;
				long long _v1616;
				long long _v1624;
				short _v1632;
				long long _v1640;
				int _t40;
				signed long long _t61;
				intOrPtr* _t81;
				void* _t86;

				_t82 = __rsi;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t61 =  *0x87ceec78; // 0x53a27ff7578c
				_v24 = _t61 ^ _t86 - 0x00000680;
				_v1608 = __rcx;
				_t81 = __rcx;
				_v1064 = 0;
				if (GetTempPathW(??, ??) != 0) goto 0x87cb3e14;
				_v1608 = GetLastError();
				r8d = 0xdb;
				_v1640 =  &_v1608;
				_t11 = _t82 + 1; // 0x1
				E00007FF87FF887CB35D0(_t11, "c:\\design\\wiservice\\wiservice\\ext\\win\\ext-win-winutil.cpp", __rbp, "couldn\'t get temp folder path, error {}");
				_v1592 = sil;
				if ( *((intOrPtr*)( &_v1064 + 0xfffffffffffffffe)) != 0) goto 0x87cb3e30;
				if (0 == 0) goto 0x87cb3ea2;
				_v1616 = __rsi;
				_v1624 = __rsi;
				r9d = __ebx;
				_v1632 = 0;
				_v1640 = __rsi;
				_t40 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				if (_t40 == 0) goto 0x87cb3ea2;
				_v1616 = __rsi;
				_v1624 = __rsi;
				_t41 =  >  ? 0x208 : _t40;
				r9d = __ebx;
				_v1632 =  >  ? 0x208 : _t40;
				_v1640 =  &_v1592;
				WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				 *_t81 = __rsi;
				 *((long long*)(_t81 + 0x10)) = __rsi;
				 *((long long*)(_t81 + 0x18)) = 0xf;
				 *_t81 = sil;
				if ( *((intOrPtr*)( &_v1592 + 0xffffffff)) != sil) goto 0x87cb3ec0;
				return E00007FF87FF887CC5E20(E00007FF87FF887CA9100(0, _t81,  &_v1592, 0xffffffff, __r14), 0xfde9, _v24 ^ _t86 - 0x00000680);
			}
















                                                                                                                0x7ff887cb3d90
                                                                                                                0x7ff887cb3d90
                                                                                                                0x7ff887cb3d95
                                                                                                                0x7ff887cb3d9a
                                                                                                                0x7ff887cb3da7
                                                                                                                0x7ff887cb3db1
                                                                                                                0x7ff887cb3db9
                                                                                                                0x7ff887cb3dc6
                                                                                                                0x7ff887cb3dd2
                                                                                                                0x7ff887cb3de2
                                                                                                                0x7ff887cb3dea
                                                                                                                0x7ff887cb3dfa
                                                                                                                0x7ff887cb3e07
                                                                                                                0x7ff887cb3e0c
                                                                                                                0x7ff887cb3e0f
                                                                                                                0x7ff887cb3e1b
                                                                                                                0x7ff887cb3e37
                                                                                                                0x7ff887cb3e3c
                                                                                                                0x7ff887cb3e3e
                                                                                                                0x7ff887cb3e4b
                                                                                                                0x7ff887cb3e50
                                                                                                                0x7ff887cb3e53
                                                                                                                0x7ff887cb3e5e
                                                                                                                0x7ff887cb3e63
                                                                                                                0x7ff887cb3e6b
                                                                                                                0x7ff887cb3e6f
                                                                                                                0x7ff887cb3e74
                                                                                                                0x7ff887cb3e81
                                                                                                                0x7ff887cb3e84
                                                                                                                0x7ff887cb3e87
                                                                                                                0x7ff887cb3e97
                                                                                                                0x7ff887cb3e9c
                                                                                                                0x7ff887cb3ea2
                                                                                                                0x7ff887cb3eaa
                                                                                                                0x7ff887cb3eae
                                                                                                                0x7ff887cb3eb6
                                                                                                                0x7ff887cb3ec7
                                                                                                                0x7ff887cb3f04

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide_invalid_parameter_noinfo_noreturn$ErrorLastPathTemp
                                                                                                                • String ID: c:\design\wiservice\wiservice\ext\win\ext-win-winutil.cpp$couldn't get temp folder path, error {}
                                                                                                                • API String ID: 1286625825-281439859
                                                                                                                • Opcode ID: 27723f8dbbc8be8e3f18a9bff4afd5919641ec508ffa06e2fc59b97fcf0ac7b5
                                                                                                                • Instruction ID: cea7c45392d531789a234dd7a4e63ca1ea717ae933986a9b18c53eb646cfb349
                                                                                                                • Opcode Fuzzy Hash: 27723f8dbbc8be8e3f18a9bff4afd5919641ec508ffa06e2fc59b97fcf0ac7b5
                                                                                                                • Instruction Fuzzy Hash: 39412C32608B8586E7208F15F4402AEBBB6FB88B94F44423AEB9D43B95DF3CD515CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB82A0 Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB82B2
                                                                                                                • ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB82CC
                                                                                                                • ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB82F6
                                                                                                                • ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB8320
                                                                                                                • std::_Facet_Register.LIBCPMT ref: 00007FF887CB8339
                                                                                                                • ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB8358
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887CB8369
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Concurrency::cancel_current_taskD@std@@@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterU?$char_traits@V42@@V?$ostreambuf_iterator@Vfacet@locale@2@std::_
                                                                                                                • String ID:
                                                                                                                • API String ID: 3345465274-0
                                                                                                                • Opcode ID: 4e4a803cf451d749639f82d7c091ac8fe20c97de71ea8e2ae2af82c5be18d0bb
                                                                                                                • Instruction ID: 480059c5e8ac9f758a8f6f5284b008834e236752dcab994925ca348cd5e94e22
                                                                                                                • Opcode Fuzzy Hash: 4e4a803cf451d749639f82d7c091ac8fe20c97de71ea8e2ae2af82c5be18d0bb
                                                                                                                • Instruction Fuzzy Hash: D7213D26A88A4181EB149F16E48017D6BB2FF95FE5F184531EF5D077A9DF2CE885C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB81D0 Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,00007FF887CCAECA), ref: 00007FF887CB81E2
                                                                                                                • ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,00007FF887CCAECA), ref: 00007FF887CB81FC
                                                                                                                • ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,00007FF887CCAECA), ref: 00007FF887CB8226
                                                                                                                • ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,00007FF887CCAECA), ref: 00007FF887CB8250
                                                                                                                • std::_Facet_Register.LIBCPMT ref: 00007FF887CB8269
                                                                                                                • ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,00007FF887CCAECA), ref: 00007FF887CB8288
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887CB8299
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Concurrency::cancel_current_taskFacet_Getcat@?$codecvt@_Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterV42@@Vfacet@locale@2@std::_
                                                                                                                • String ID:
                                                                                                                • API String ID: 929128910-0
                                                                                                                • Opcode ID: 3a782683d63e8b3b5db5c7f10f913e878a86a5064d5519ca7bc9aeb1d141eeb8
                                                                                                                • Instruction ID: 668a06df0a3aba912594d57645040f23c4870dbe35b7e3975ef2a6b24d16784a
                                                                                                                • Opcode Fuzzy Hash: 3a782683d63e8b3b5db5c7f10f913e878a86a5064d5519ca7bc9aeb1d141eeb8
                                                                                                                • Instruction Fuzzy Hash: DE216A26A88A4281EB189F56E48417D6BB2FF95BE1F180131EF5D077A9DF2CE880C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD6B90 Relevance: 10.1, APIs: 8, Instructions: 100memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$FreeProcess$Value
                                                                                                                • String ID:
                                                                                                                • API String ID: 3709577838-0
                                                                                                                • Opcode ID: cba726e5eb5ad7b4e1610d0dee1c37cbefd4d62cab8451685cd09f84cd3f4121
                                                                                                                • Instruction ID: de0c8c9c9c3e47a51016b67990c782508548c37128463c562880c63e4e530699
                                                                                                                • Opcode Fuzzy Hash: cba726e5eb5ad7b4e1610d0dee1c37cbefd4d62cab8451685cd09f84cd3f4121
                                                                                                                • Instruction Fuzzy Hash: 72415C22A49A0182EB749F26E49023D6BB2FF89FD4F188535DA4E137A6CF3CE455C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB4280 Relevance: 9.2, APIs: 6, Instructions: 157COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$Concurrency::cancel_current_taskXlength_error@std@@mallocmemset
                                                                                                                • String ID:
                                                                                                                • API String ID: 1152013002-0
                                                                                                                • Opcode ID: 542fc2ed402419ff91edc090ac5f0108e80cbfef90a8c7504d974c129b5f27d7
                                                                                                                • Instruction ID: 7786233a1a5c65bd9c8b7823e53def3d9123fd37d28425b34670f0bb3286f3d1
                                                                                                                • Opcode Fuzzy Hash: 542fc2ed402419ff91edc090ac5f0108e80cbfef90a8c7504d974c129b5f27d7
                                                                                                                • Instruction Fuzzy Hash: 8D519F22A48B4181EB249B12F50036EB6B6BB95BD4F184634EF9D03B95DF7CD294D700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD67A0 Relevance: 9.1, APIs: 6, Instructions: 118COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 54%
                                                                                                                			E00007FF87FF887CD67A0() {
				void* _t42;
				void* _t43;
				void* _t58;
				void* _t61;
				long long _t66;
				intOrPtr* _t67;
				long long _t69;
				intOrPtr* _t71;
				void* _t86;
				intOrPtr _t87;
				intOrPtr* _t88;
				long _t92;
				intOrPtr* _t93;
				long* _t96;
				intOrPtr _t97;
				void* _t99;
				void* _t100;
				long* _t102;
				intOrPtr* _t103;
				long _t105;
				void* _t108;
				intOrPtr _t109;
				void* _t111;
				long long _t112;

				 *((long long*)(_t99 + 0x10)) = _t66;
				_t100 = _t99 - 0x20;
				_t103 = _t71;
				 *((char*)(_t71 + 0x28)) = 1;
				E00007FF87FF887CD6A20(_t42, _t43, _t61, _t66, _t71 + 0x40, _t86, _t92);
				_t112 =  *((intOrPtr*)(_t103 + 0x78));
				_t93 =  *_t112;
				 *((long long*)(_t100 + 0x60)) = _t93;
				 *((long long*)(_t100 + 0x70)) = _t112;
				if (_t93 == _t112) goto 0x87cd6915;
				_t97 =  *((intOrPtr*)(_t93 + 0x10));
				if ( *((intOrPtr*)(_t97 + 0x10)) == 0) goto 0x87cd6909;
				E00007FF87FF887CD6690( *((intOrPtr*)(_t97 + 0x10)), _t61, _t66, _t97, _t93, _t111);
				if ( *((intOrPtr*)(_t97 + 0x10)) != 0) goto 0x87cd6813;
				goto 0x87cd68d8;
				 *((intOrPtr*)(_t97 + 0x10)) = 0;
				r8d = 0;
				ReleaseSemaphore(_t108, _t105, _t102);
				_t67 =  *((intOrPtr*)(_t97 + 0x18));
				_t87 =  *((intOrPtr*)(_t97 + 0x20));
				if (_t67 == _t87) goto 0x87cd684f;
				 *((char*)( *_t67 + 0x14)) = 1;
				r8d = 0;
				ReleaseSemaphore(_t86, _t92, _t96);
				if (_t67 + 8 != _t87) goto 0x87cd6830;
				_t109 =  *((intOrPtr*)(_t97 + 0x20));
				_t88 =  *((intOrPtr*)(_t97 + 0x18));
				if (_t88 == _t109) goto 0x87cd68ba;
				_t69 =  *_t88;
				if (_t69 == 0) goto 0x87cd68ad;
				asm("lock xadd [ebx+0x18], eax");
				if (0xffffffff != 1) goto 0x87cd68ad;
				if ( *((intOrPtr*)(_t69 + 8)) - 1 - 0xfffffffd > 0) goto 0x87cd688c;
				CloseHandle(??);
				if ( *_t69 - 1 - 0xfffffffd > 0) goto 0x87cd68a0;
				CloseHandle(??);
				E00007FF87FF887CC56E4();
				if (_t88 + 8 != _t109) goto 0x87cd6860;
				 *((long long*)(_t97 + 0x20)) =  *((intOrPtr*)(_t97 + 0x18));
				_t58 =  *((intOrPtr*)(_t97 + 0x30)) - 1 - 0xfffffffd;
				if (_t58 > 0) goto 0x87cd68d2;
				CloseHandle(??);
				 *((long long*)(_t97 + 0x30)) = _t69;
				asm("lock xadd [ebp], eax");
				asm("bt eax, 0x1e");
				if (_t58 < 0) goto 0x87cd6909;
				if (0x80000000 - 0x80000000 <= 0) goto 0x87cd6909;
				asm("lock bts dword [ebp], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x87cd6909;
				E00007FF87FF887CBD940(_t97);
				SetEvent(??);
				if ( *_t93 != _t112) goto 0x87cd67f0;
				goto ( *((intOrPtr*)( *_t103 + 0x10)));
			}



























                                                                                                                0x7ff887cd67a0
                                                                                                                0x7ff887cd67b0
                                                                                                                0x7ff887cd67b7
                                                                                                                0x7ff887cd67ba
                                                                                                                0x7ff887cd67c2
                                                                                                                0x7ff887cd67c7
                                                                                                                0x7ff887cd67cc
                                                                                                                0x7ff887cd67cf
                                                                                                                0x7ff887cd67d4
                                                                                                                0x7ff887cd67dc
                                                                                                                0x7ff887cd67f0
                                                                                                                0x7ff887cd67f9
                                                                                                                0x7ff887cd6802
                                                                                                                0x7ff887cd680c
                                                                                                                0x7ff887cd680e
                                                                                                                0x7ff887cd6813
                                                                                                                0x7ff887cd6816
                                                                                                                0x7ff887cd681d
                                                                                                                0x7ff887cd6823
                                                                                                                0x7ff887cd6827
                                                                                                                0x7ff887cd682e
                                                                                                                0x7ff887cd6836
                                                                                                                0x7ff887cd683a
                                                                                                                0x7ff887cd6840
                                                                                                                0x7ff887cd684d
                                                                                                                0x7ff887cd684f
                                                                                                                0x7ff887cd6853
                                                                                                                0x7ff887cd685a
                                                                                                                0x7ff887cd6860
                                                                                                                0x7ff887cd6866
                                                                                                                0x7ff887cd686d
                                                                                                                0x7ff887cd6875
                                                                                                                0x7ff887cd6883
                                                                                                                0x7ff887cd6885
                                                                                                                0x7ff887cd6897
                                                                                                                0x7ff887cd6899
                                                                                                                0x7ff887cd68a8
                                                                                                                0x7ff887cd68b4
                                                                                                                0x7ff887cd68ba
                                                                                                                0x7ff887cd68c6
                                                                                                                0x7ff887cd68ca
                                                                                                                0x7ff887cd68cc
                                                                                                                0x7ff887cd68d4
                                                                                                                0x7ff887cd68dd
                                                                                                                0x7ff887cd68e2
                                                                                                                0x7ff887cd68e6
                                                                                                                0x7ff887cd68ed
                                                                                                                0x7ff887cd68ef
                                                                                                                0x7ff887cd68f5
                                                                                                                0x7ff887cd68fa
                                                                                                                0x7ff887cd6902
                                                                                                                0x7ff887cd690f
                                                                                                                0x7ff887cd6933

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle$EventReleaseSemaphore$ObjectSingleWait
                                                                                                                • String ID:
                                                                                                                • API String ID: 1488515630-0
                                                                                                                • Opcode ID: 3bcf2f0ad8178168a7f8be7a2930863f511e61aaff0b105efb4953fc0a99a83f
                                                                                                                • Instruction ID: e86ac68cf189b83438b74d36730b403715dcbd98f7eeead94afe8f44d921c7fe
                                                                                                                • Opcode Fuzzy Hash: 3bcf2f0ad8178168a7f8be7a2930863f511e61aaff0b105efb4953fc0a99a83f
                                                                                                                • Instruction Fuzzy Hash: C4417032A44A8186EB208F25D84466D7BB2FB46BF8F184636EE6D537D6DF38E441C740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA2190 Relevance: 9.1, APIs: 6, Instructions: 118COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 2016347663-0
                                                                                                                • Opcode ID: dfbe2bb97fd55202672e72005a79ffd0a429575f79d2377de772fcddb129c807
                                                                                                                • Instruction ID: 492fb20dca91002cb70ca8e2ff3d81bd7f5dbdf81f4b6c164197e24643930f06
                                                                                                                • Opcode Fuzzy Hash: dfbe2bb97fd55202672e72005a79ffd0a429575f79d2377de772fcddb129c807
                                                                                                                • Instruction Fuzzy Hash: 2F41B0A1B49A9185EB149B12E6046ADE767BB85BE1F484731DE5D0BBC5DF7CE081C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB59F0 Relevance: 9.1, APIs: 6, Instructions: 117COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memmove.VCRUNTIME140(?,?,?,?,00007FF887CBC1BC,?,?,?,?,?,00007FF887CBC11C,?,?,?,00007FF887CBD3B9), ref: 00007FF887CB5ADE
                                                                                                                • memset.VCRUNTIME140(?,?,?,?,00007FF887CBC1BC,?,?,?,?,?,00007FF887CBC11C,?,?,?,00007FF887CBD3B9), ref: 00007FF887CB5AEC
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF887CBC1BC,?,?,?,?,?,00007FF887CBC11C,?,?,?,00007FF887CBD3B9), ref: 00007FF887CB5B25
                                                                                                                • memmove.VCRUNTIME140(?,?,?,?,00007FF887CBC1BC,?,?,?,?,?,00007FF887CBC11C,?,?,?,00007FF887CBD3B9), ref: 00007FF887CB5B2F
                                                                                                                • memset.VCRUNTIME140(?,?,?,?,00007FF887CBC1BC,?,?,?,?,?,00007FF887CBC11C,?,?,?,00007FF887CBD3B9), ref: 00007FF887CB5B3D
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887CB5B72
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmovememset$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 2171940698-0
                                                                                                                • Opcode ID: 34bb71b0ba394ae16318a7d290492d0c7af7ec8d63b37f31e4ad3571e89afd36
                                                                                                                • Instruction ID: 6108774af67595a30040952ac6b6e9bd085d99d1b548afd19e53772d74a4aaa2
                                                                                                                • Opcode Fuzzy Hash: 34bb71b0ba394ae16318a7d290492d0c7af7ec8d63b37f31e4ad3571e89afd36
                                                                                                                • Instruction Fuzzy Hash: BC419D61B49B8185EB14DB22E5442ADA767BB48BD0F580631EF9D0B7D6CF7CE142C304
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD14B0 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 338COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887CD160E
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887CD18FF
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887CD1A9C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ?write@?$basic_ostream@D@std@@@std@@U?$char_traits@V12@
                                                                                                                • String ID: ''''$0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures
                                                                                                                • API String ID: 2277189856-568624354
                                                                                                                • Opcode ID: 3aff13a59325f5cfba9f4cda191dfbefc8fa3dbfffc973e15dde9fda4ad904ce
                                                                                                                • Instruction ID: eec20820c9c6fc9e81bef9004803389907360187976186e3b57fb908b42992d1
                                                                                                                • Opcode Fuzzy Hash: 3aff13a59325f5cfba9f4cda191dfbefc8fa3dbfffc973e15dde9fda4ad904ce
                                                                                                                • Instruction Fuzzy Hash: E8E1865BD28BD351F3134B39A4125A8A761BFE77C0F10D72BFEE432912EB2993519218
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD1B10 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 331COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887CD1C9B
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887CD1EE9
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887CD20D2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ?write@?$basic_ostream@D@std@@@std@@U?$char_traits@V12@
                                                                                                                • String ID: ''''$0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures
                                                                                                                • API String ID: 2277189856-568624354
                                                                                                                • Opcode ID: deb9300bf523231e68528a72c5f9e80c1f0207f0c69c3409293c06da2a51802a
                                                                                                                • Instruction ID: 5d7ccc100e01c2c8fa58f5d06e74c9b55d9ab85eab8a5fd23aebe37a26158bae
                                                                                                                • Opcode Fuzzy Hash: deb9300bf523231e68528a72c5f9e80c1f0207f0c69c3409293c06da2a51802a
                                                                                                                • Instruction Fuzzy Hash: 27E19526E34BD341F7224B3DA4165A9A720BFE77D0F11D727FE9832912FB29D2419208
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA3510 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 127COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00007FF87FF887CA3510(long long __rbx, signed char* __rcx, void* __rdx, long long __rdi, long long __rsi, intOrPtr* __r8, char _a8, long long _a16, long long _a24, long long _a32) {
				void* _v8;
				signed int _t31;
				void* _t43;
				void* _t49;
				signed char* _t56;
				signed char* _t57;
				char* _t58;
				signed char* _t59;
				intOrPtr _t67;
				signed char* _t74;
				void* _t85;
				char* _t87;

				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t74 = __rcx;
				r9d =  *__rcx & 0x000000ff;
				if (r9b >= 0) goto 0x87ca354a;
				_t56 =  &(__rcx[1]);
				if (_t56 == __rdx) goto 0x87ca3551;
				if (( *_t56 & 0xc0) == 0x80) goto 0x87ca3537;
				goto 0x87ca354e;
				_t57 =  &(__rcx[1]);
				_t43 = _t57 - __rdx;
				_t58 =  ==  ? __rcx : _t57;
				if (_t43 == 0) goto 0x87ca358f;
				if (_t43 == 0) goto 0x87ca3588;
				if (_t43 == 0) goto 0x87ca3581;
				if ( *_t58 - 0x3a == 0x20) goto 0x87ca357a;
				if (_t58 == __rcx) goto 0x87ca3632;
				_t59 = __rcx;
				goto 0x87ca3555;
				goto 0x87ca3594;
				goto 0x87ca3594;
				goto 0x87ca3594;
				if (__rcx == __rcx) goto 0x87ca35f6;
				if (r9b != 0x7b) goto 0x87ca35b8;
				_a8 = 0;
				E00007FF87FF887CC50C0(__rcx, "invalid fill character \'{\'");
				goto 0x87ca3632;
				_t85 = _t59 - _t74;
				_t87 =  *__r8 + 0x11;
				if (_t85 - 4 > 0) goto 0x87ca364c;
				_t49 = _t85;
				if (_t49 == 0) goto 0x87ca35f0;
				 *_t87 =  *(_t74 - _t87 + _t87) & 0x000000ff;
				if (_t49 != 0) goto 0x87ca35e0;
				 *((intOrPtr*)(_t87 + 4)) = r8b;
				goto 0x87ca35f9;
				if (1 != 4) goto 0x87ca3624;
				if ( *((intOrPtr*)(__r8 + 0x20)) - 1 - 0xb <= 0) goto 0x87ca3624;
				_a8 = 0;
				E00007FF87FF887CC50C0(_t74 - _t87, "format specifier requires numeric argument");
				_t67 =  *__r8;
				_t31 =  *(_t67 + 0xc) & 0xfffffff0 | 0x00000001;
				 *(_t67 + 0xc) = _t31;
				return _t31;
			}















                                                                                                                0x7ff887ca3510
                                                                                                                0x7ff887ca3515
                                                                                                                0x7ff887ca351a
                                                                                                                0x7ff887ca3528
                                                                                                                0x7ff887ca352e
                                                                                                                0x7ff887ca3535
                                                                                                                0x7ff887ca3537
                                                                                                                0x7ff887ca353d
                                                                                                                0x7ff887ca3546
                                                                                                                0x7ff887ca3548
                                                                                                                0x7ff887ca354a
                                                                                                                0x7ff887ca354e
                                                                                                                0x7ff887ca3551
                                                                                                                0x7ff887ca355b
                                                                                                                0x7ff887ca3560
                                                                                                                0x7ff887ca3565
                                                                                                                0x7ff887ca356a
                                                                                                                0x7ff887ca356f
                                                                                                                0x7ff887ca3575
                                                                                                                0x7ff887ca3578
                                                                                                                0x7ff887ca357f
                                                                                                                0x7ff887ca3586
                                                                                                                0x7ff887ca358d
                                                                                                                0x7ff887ca3597
                                                                                                                0x7ff887ca359d
                                                                                                                0x7ff887ca35a1
                                                                                                                0x7ff887ca35b1
                                                                                                                0x7ff887ca35b6
                                                                                                                0x7ff887ca35bb
                                                                                                                0x7ff887ca35c1
                                                                                                                0x7ff887ca35c9
                                                                                                                0x7ff887ca35cf
                                                                                                                0x7ff887ca35d2
                                                                                                                0x7ff887ca35e4
                                                                                                                0x7ff887ca35ee
                                                                                                                0x7ff887ca35f0
                                                                                                                0x7ff887ca35f4
                                                                                                                0x7ff887ca3600
                                                                                                                0x7ff887ca360b
                                                                                                                0x7ff887ca360f
                                                                                                                0x7ff887ca361f
                                                                                                                0x7ff887ca3624
                                                                                                                0x7ff887ca362d
                                                                                                                0x7ff887ca362f
                                                                                                                0x7ff887ca364b

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionThrow__std_exception_copy
                                                                                                                • String ID: format specifier requires numeric argument$invalid fill$invalid fill character '{'
                                                                                                                • API String ID: 1552479455-4061151604
                                                                                                                • Opcode ID: b7ff8291887d5177cecc7ace963eeb140f2fa9a4833c1d2eb685c374454571a0
                                                                                                                • Instruction ID: 9d62bf2885d30e25a4e1dd530b3e21a0511472dad7a66e4f25d8d8b742f982d5
                                                                                                                • Opcode Fuzzy Hash: b7ff8291887d5177cecc7ace963eeb140f2fa9a4833c1d2eb685c374454571a0
                                                                                                                • Instruction Fuzzy Hash: 6A41D5A2E4CAC285EF60CB28E6641BDEBB3FB557C0F584132E68D47696DE2DE541C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CAA8F0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 123COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 51%
                                                                                                                			E00007FF87FF887CAA8F0(long long __rcx, long long __rdx, void* __rbp, long long __r9) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v96;
				long long _v104;
				short _v116;
				char _v120;
				char _v136;
				char _v144;
				char _v152;
				char _v160;
				char _v168;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				void* __rbx;
				void* __r14;
				char _t47;
				void* _t54;
				signed long long _t77;
				signed long long _t78;
				intOrPtr* _t93;
				char _t103;
				long long _t112;
				intOrPtr _t117;
				intOrPtr _t120;
				long long _t123;
				long long _t124;
				void* _t126;
				void* _t129;
				void* _t135;
				void* _t136;
				long long _t137;

				_t135 = _t126;
				_t127 = _t126 - 0xc0;
				_t77 =  *0x87ceec78; // 0x53a27ff7578c
				_t78 = _t77 ^ _t126 - 0x000000c0;
				_v56 = _t78;
				_t93 = __r9;
				r14d = r8d;
				_t123 = __rdx;
				_t124 = __rcx;
				_v160 = r14d;
				r15d = 0;
				 *((long long*)(_t135 - 0x78)) = _t137;
				 *((long long*)(_t135 - 0x60)) = 0xf;
				 *((long long*)(_t135 - 0x68)) = 6;
				_t47 = "system"; // 0x74737973
				_v120 = _t47;
				_v116 =  *0x87cdba84 & 0x0000ffff;
				 *((intOrPtr*)(_t135 - 0x72)) = r15b;
				 *((long long*)(_t135 - 0x58)) = _t137;
				asm("movdqa xmm0, [0x31a3f]");
				asm("repe inc ecx");
				 *((intOrPtr*)(_t135 - 0x58)) = r15b;
				E00007FF87FF887CBD640(__r9, __rcx, _t129);
				if ( &_v88 == _t78) goto 0x87caa99b;
				if ( *((long long*)(_t78 + 0x18)) - 0x10 < 0) goto 0x87caa98b;
				E00007FF87FF887CA9100(__r9,  &_v88,  *_t78,  *((intOrPtr*)(_t78 + 0x10)), _t136);
				E00007FF87FF887CC06F0( *((long long*)(_t78 + 0x18)) - 0x10,  *_t78,  &_v120,  *((intOrPtr*)(_t78 + 0x10)));
				_t112 = _v96;
				if (_t112 - 0x10 < 0) goto 0x87caa9e9;
				if (_t112 + 1 - 0x1000 < 0) goto 0x87caa9e4;
				if (_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caa9e4;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v104 = _t137;
				_v96 = 0xf;
				_v120 = 0;
				 *((intOrPtr*)(__r9)) = r15d;
				_v168 = r15d;
				_v144 = __r9;
				_v136 = _t123;
				_v152 = _t124;
				_v176 =  &_v144;
				_v184 =  &_v160;
				_v192 =  &_v136;
				_v200 =  &_v152;
				r8d = 0x94;
				E00007FF87FF887CA6160(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_readport {:#x}, {:#x}, {}, {:#x}");
				_t54 = E00007FF87FF887CAE0D0( *((intOrPtr*)(_v120 - 8)), "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp");
				_v200 =  &_v168;
				_t131 = _t123;
				E00007FF87FF887CB07C0(_t54);
				 *_t93 = _v168;
				E00007FF87FF887CC06F0(_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f,  &_v152,  &_v88, _t123);
				_t117 = _v64;
				if (_t117 - 0x10 < 0) goto 0x87caaadb;
				_t103 = _v88;
				if (_t117 + 1 - 0x1000 < 0) goto 0x87caaad5;
				_t89 = _t103 -  *((intOrPtr*)(_t103 - 8)) + 0xfffffff8;
				_t72 = _t103 -  *((intOrPtr*)(_t103 - 8)) + 0xfffffff8 - 0x1f;
				if (_t103 -  *((intOrPtr*)(_t103 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caaad5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CC06F0(_t72, _t89,  &_v88, _t131);
				_t120 = _v64;
				if (_t120 - 0x10 < 0) goto 0x87caab36;
				if (_t120 + 1 - 0x1000 < 0) goto 0x87caab30;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caab30;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				return E00007FF87FF887CC5E20(0, 1, _v56 ^ _t127);
			}





































                                                                                                                0x7ff887caa8f0
                                                                                                                0x7ff887caa8fa
                                                                                                                0x7ff887caa901
                                                                                                                0x7ff887caa908
                                                                                                                0x7ff887caa90b
                                                                                                                0x7ff887caa913
                                                                                                                0x7ff887caa916
                                                                                                                0x7ff887caa919
                                                                                                                0x7ff887caa91c
                                                                                                                0x7ff887caa91f
                                                                                                                0x7ff887caa924
                                                                                                                0x7ff887caa927
                                                                                                                0x7ff887caa92b
                                                                                                                0x7ff887caa933
                                                                                                                0x7ff887caa93b
                                                                                                                0x7ff887caa941
                                                                                                                0x7ff887caa94c
                                                                                                                0x7ff887caa951
                                                                                                                0x7ff887caa955
                                                                                                                0x7ff887caa959
                                                                                                                0x7ff887caa961
                                                                                                                0x7ff887caa967
                                                                                                                0x7ff887caa96b
                                                                                                                0x7ff887caa97b
                                                                                                                0x7ff887caa986
                                                                                                                0x7ff887caa996
                                                                                                                0x7ff887caa9a0
                                                                                                                0x7ff887caa9a6
                                                                                                                0x7ff887caa9b2
                                                                                                                0x7ff887caa9c6
                                                                                                                0x7ff887caa9db
                                                                                                                0x7ff887caa9dd
                                                                                                                0x7ff887caa9e3
                                                                                                                0x7ff887caa9e4
                                                                                                                0x7ff887caa9e9
                                                                                                                0x7ff887caa9f1
                                                                                                                0x7ff887caa9fd
                                                                                                                0x7ff887caaa02
                                                                                                                0x7ff887caaa05
                                                                                                                0x7ff887caaa0a
                                                                                                                0x7ff887caaa0f
                                                                                                                0x7ff887caaa14
                                                                                                                0x7ff887caaa1e
                                                                                                                0x7ff887caaa28
                                                                                                                0x7ff887caaa32
                                                                                                                0x7ff887caaa3c
                                                                                                                0x7ff887caaa48
                                                                                                                0x7ff887caaa5a
                                                                                                                0x7ff887caaa5f
                                                                                                                0x7ff887caaa6d
                                                                                                                0x7ff887caaa72
                                                                                                                0x7ff887caaa7b
                                                                                                                0x7ff887caaa85
                                                                                                                0x7ff887caaa8f
                                                                                                                0x7ff887caaa94
                                                                                                                0x7ff887caaaa0
                                                                                                                0x7ff887caaaa5
                                                                                                                0x7ff887caaab7
                                                                                                                0x7ff887caaac4
                                                                                                                0x7ff887caaac8
                                                                                                                0x7ff887caaacc
                                                                                                                0x7ff887caaace
                                                                                                                0x7ff887caaad4
                                                                                                                0x7ff887caaad5
                                                                                                                0x7ff887caaaea
                                                                                                                0x7ff887caaaef
                                                                                                                0x7ff887caaafb
                                                                                                                0x7ff887caab12
                                                                                                                0x7ff887caab27
                                                                                                                0x7ff887caab29
                                                                                                                0x7ff887caab2f
                                                                                                                0x7ff887caab30
                                                                                                                0x7ff887caab56

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CBD640: __tlregdtor.LIBCMT ref: 00007FF887CBD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAA9DD
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAAACE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_readport {:#x}, {:#x}, {}, {:#x}$system
                                                                                                                • API String ID: 333172304-2826333439
                                                                                                                • Opcode ID: 63654d137c15f83f08eb559c95b2f5fad86409a222d48f8664635b54fdbb5bfd
                                                                                                                • Instruction ID: ab8e537e8a4a2d57cf24ded44b6553eb2f1f660e62364e384dd2febdae298e46
                                                                                                                • Opcode Fuzzy Hash: 63654d137c15f83f08eb559c95b2f5fad86409a222d48f8664635b54fdbb5bfd
                                                                                                                • Instruction Fuzzy Hash: 53515E62A58B8185E720CB25E4443AEB7B6FB857D0F500236EA9D03BA6DF3DD485C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CAAE80 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 122COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E00007FF87FF887CAAE80(long long __rcx, long long __rdx, void* __rbp, long long __r9) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v96;
				long long _v104;
				short _v116;
				char _v120;
				char _v136;
				char _v144;
				char _v152;
				char _v160;
				char _v168;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				void* __rbx;
				void* __r14;
				char _t47;
				void* _t54;
				void* _t64;
				signed long long _t78;
				signed long long _t79;
				intOrPtr* _t94;
				char _t104;
				long long _t113;
				intOrPtr _t118;
				intOrPtr _t121;
				long long _t124;
				long long _t125;
				void* _t127;
				void* _t130;
				void* _t136;
				void* _t137;
				long long _t138;

				_t136 = _t127;
				_t128 = _t127 - 0xc0;
				_t78 =  *0x87ceec78; // 0x53a27ff7578c
				_t79 = _t78 ^ _t127 - 0x000000c0;
				_v56 = _t79;
				_t94 = __r9;
				r14d = r8d;
				_t124 = __rdx;
				_t125 = __rcx;
				_v160 = r14d;
				r15d = 0;
				 *((long long*)(_t136 - 0x78)) = _t138;
				 *((long long*)(_t136 - 0x60)) = 0xf;
				 *((long long*)(_t136 - 0x68)) = 6;
				_t47 = "system"; // 0x74737973
				_v120 = _t47;
				_v116 =  *0x87cdba84 & 0x0000ffff;
				 *((intOrPtr*)(_t136 - 0x72)) = r15b;
				 *((long long*)(_t136 - 0x58)) = _t138;
				asm("movdqa xmm0, [0x314af]");
				asm("repe inc ecx");
				 *((intOrPtr*)(_t136 - 0x58)) = r15b;
				E00007FF87FF887CBD640(__r9, __rcx, _t130);
				if ( &_v88 == _t79) goto 0x87caaf2b;
				if ( *((long long*)(_t79 + 0x18)) - 0x10 < 0) goto 0x87caaf1b;
				E00007FF87FF887CA9100(__r9,  &_v88,  *_t79,  *((intOrPtr*)(_t79 + 0x10)), _t137);
				E00007FF87FF887CC06F0( *((long long*)(_t79 + 0x18)) - 0x10,  *_t79,  &_v120,  *((intOrPtr*)(_t79 + 0x10)));
				_t113 = _v96;
				if (_t113 - 0x10 < 0) goto 0x87caaf79;
				if (_t113 + 1 - 0x1000 < 0) goto 0x87caaf74;
				if (_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caaf74;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v104 = _t138;
				_v96 = 0xf;
				_v120 = 0;
				 *((intOrPtr*)(__r9)) = r15d;
				_v168 = r15d;
				_v144 = __r9;
				_v136 = _t124;
				_v152 = _t125;
				_v176 =  &_v144;
				_v184 =  &_v160;
				_v192 =  &_v136;
				_v200 =  &_v152;
				r8d = 0xa7;
				E00007FF87FF887CA6160(0, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_writeport {:#x}, {:#x}, {}, {:#x}");
				_t54 = E00007FF87FF887CAE0D0( *((intOrPtr*)(_v120 - 8)), "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp");
				_v200 =  &_v168;
				_t132 = _t124;
				E00007FF87FF887CB2420(_t54, _t64, _t94,  &_v152, _t125, _t124, _t124 + _t137);
				 *_t94 = _v168;
				E00007FF87FF887CC06F0(_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f,  &_v152,  &_v88, _t124);
				_t118 = _v64;
				if (_t118 - 0x10 < 0) goto 0x87cab068;
				_t104 = _v88;
				if (_t118 + 1 - 0x1000 < 0) goto 0x87cab062;
				_t90 = _t104 -  *((intOrPtr*)(_t104 - 8)) + 0xfffffff8;
				_t73 = _t104 -  *((intOrPtr*)(_t104 - 8)) + 0xfffffff8 - 0x1f;
				if (_t104 -  *((intOrPtr*)(_t104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cab062;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CC06F0(_t73, _t90,  &_v88, _t132);
				_t121 = _v64;
				if (_t121 - 0x10 < 0) goto 0x87cab0c3;
				if (_t121 + 1 - 0x1000 < 0) goto 0x87cab0bd;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cab0bd;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				return E00007FF87FF887CC5E20(0, 0, _v56 ^ _t128);
			}






































                                                                                                                0x7ff887caae80
                                                                                                                0x7ff887caae8a
                                                                                                                0x7ff887caae91
                                                                                                                0x7ff887caae98
                                                                                                                0x7ff887caae9b
                                                                                                                0x7ff887caaea3
                                                                                                                0x7ff887caaea6
                                                                                                                0x7ff887caaea9
                                                                                                                0x7ff887caaeac
                                                                                                                0x7ff887caaeaf
                                                                                                                0x7ff887caaeb4
                                                                                                                0x7ff887caaeb7
                                                                                                                0x7ff887caaebb
                                                                                                                0x7ff887caaec3
                                                                                                                0x7ff887caaecb
                                                                                                                0x7ff887caaed1
                                                                                                                0x7ff887caaedc
                                                                                                                0x7ff887caaee1
                                                                                                                0x7ff887caaee5
                                                                                                                0x7ff887caaee9
                                                                                                                0x7ff887caaef1
                                                                                                                0x7ff887caaef7
                                                                                                                0x7ff887caaefb
                                                                                                                0x7ff887caaf0b
                                                                                                                0x7ff887caaf16
                                                                                                                0x7ff887caaf26
                                                                                                                0x7ff887caaf30
                                                                                                                0x7ff887caaf36
                                                                                                                0x7ff887caaf42
                                                                                                                0x7ff887caaf56
                                                                                                                0x7ff887caaf6b
                                                                                                                0x7ff887caaf6d
                                                                                                                0x7ff887caaf73
                                                                                                                0x7ff887caaf74
                                                                                                                0x7ff887caaf79
                                                                                                                0x7ff887caaf81
                                                                                                                0x7ff887caaf8d
                                                                                                                0x7ff887caaf92
                                                                                                                0x7ff887caaf95
                                                                                                                0x7ff887caaf9a
                                                                                                                0x7ff887caaf9f
                                                                                                                0x7ff887caafa4
                                                                                                                0x7ff887caafae
                                                                                                                0x7ff887caafb8
                                                                                                                0x7ff887caafc2
                                                                                                                0x7ff887caafcc
                                                                                                                0x7ff887caafd8
                                                                                                                0x7ff887caafe7
                                                                                                                0x7ff887caafec
                                                                                                                0x7ff887caaffa
                                                                                                                0x7ff887caafff
                                                                                                                0x7ff887cab008
                                                                                                                0x7ff887cab012
                                                                                                                0x7ff887cab01c
                                                                                                                0x7ff887cab021
                                                                                                                0x7ff887cab02d
                                                                                                                0x7ff887cab032
                                                                                                                0x7ff887cab044
                                                                                                                0x7ff887cab051
                                                                                                                0x7ff887cab055
                                                                                                                0x7ff887cab059
                                                                                                                0x7ff887cab05b
                                                                                                                0x7ff887cab061
                                                                                                                0x7ff887cab062
                                                                                                                0x7ff887cab077
                                                                                                                0x7ff887cab07c
                                                                                                                0x7ff887cab088
                                                                                                                0x7ff887cab09f
                                                                                                                0x7ff887cab0b4
                                                                                                                0x7ff887cab0b6
                                                                                                                0x7ff887cab0bc
                                                                                                                0x7ff887cab0bd
                                                                                                                0x7ff887cab0e3

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CBD640: __tlregdtor.LIBCMT ref: 00007FF887CBD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAAF6D
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAB05B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_writeport {:#x}, {:#x}, {}, {:#x}$system
                                                                                                                • API String ID: 333172304-2630413138
                                                                                                                • Opcode ID: ddacbfdd1a9649652c7a86655d04096a8500b7752d6a0cdd5784e42f15562c43
                                                                                                                • Instruction ID: 69c9ef27f681cba37d82b91d69dac99506427463e7139a41dc95429507b6815f
                                                                                                                • Opcode Fuzzy Hash: ddacbfdd1a9649652c7a86655d04096a8500b7752d6a0cdd5784e42f15562c43
                                                                                                                • Instruction Fuzzy Hash: 68514EA2A58B8185E710CF25E4443AEB7B6FB857D4F500236EA9D43BA5DF7CD485C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CAC470 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 106COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 42%
                                                                                                                			E00007FF87FF887CAC470(long long __rcx, long long __rdx, void* __rbp, long long __r8, void* __r14) {
				signed int _v40;
				intOrPtr _v48;
				char _v72;
				long long _v80;
				long long _v88;
				char _v104;
				char _v120;
				char _v128;
				char _v136;
				char _v144;
				char _v152;
				long long _v168;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				void* __rbx;
				char _t41;
				signed long long _t61;
				signed long long _t62;
				long long _t75;
				long long _t89;
				intOrPtr _t93;
				long long _t96;
				long long _t97;
				void* _t99;
				void* _t105;

				_t105 = _t99;
				_t61 =  *0x87ceec78; // 0x53a27ff7578c
				_t62 = _t61 ^ _t99 - 0x000000d0;
				_v40 = _t62;
				_t75 = __r8;
				_t97 = __rdx;
				_t96 = __rcx;
				_v136 = __r8;
				_v152 = r9d;
				 *((long long*)(_t105 - 0x68)) = 0;
				 *((long long*)(_t105 - 0x50)) = 0xf;
				 *((long long*)(_t105 - 0x58)) = 6;
				_t41 = "rundll"; // 0x646e7572
				 *((intOrPtr*)(_t105 - 0x68)) = _t41;
				 *((short*)(_t105 - 0x64)) =  *0x87cdbfe8 & 0x0000ffff;
				 *((char*)(_t105 - 0x62)) = 0;
				 *((long long*)(_t105 - 0x48)) = 0;
				asm("movdqa xmm0, [0x2febb]");
				asm("repe inc ecx");
				 *((char*)(_t105 - 0x48)) = 0;
				E00007FF87FF887CBD640(__r8, __rcx, __r8);
				if ( &_v72 == _t62) goto 0x87cac520;
				if ( *((long long*)(_t62 + 0x18)) - 0x10 < 0) goto 0x87cac510;
				E00007FF87FF887CA9100(__r8,  &_v72,  *_t62,  *((intOrPtr*)(_t62 + 0x10)), __r14);
				E00007FF87FF887CC06F0( *((long long*)(_t62 + 0x18)) - 0x10,  *_t62,  &_v104,  *((intOrPtr*)(_t62 + 0x10)));
				_t89 = _v80;
				if (_t89 - 0x10 < 0) goto 0x87cac574;
				if (_t89 + 1 - 0x1000 < 0) goto 0x87cac56f;
				if (_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cac56f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v88 = 0;
				_v80 = 0xf;
				_v104 = 0;
				_v128 = _t75;
				_v120 = _t97;
				_v144 = _t96;
				_v168 =  &_v152;
				_v176 =  &_v136;
				_v184 =  &_v128;
				_v192 =  &_v120;
				_v200 =  &_v144;
				r8d = 0x113;
				E00007FF87FF887CA6330(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "RunDllCallback {:#x}, {:#x}, {:#x} -> \'{}\', {}");
				E00007FF87FF887CC06F0(_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f,  &_v144,  &_v72,  *((intOrPtr*)(_t62 + 0x10)));
				_t93 = _v48;
				if (_t93 - 0x10 < 0) goto 0x87cac648;
				if (_t93 + 1 - 0x1000 < 0) goto 0x87cac642;
				if (_v72 -  *((intOrPtr*)(_v72 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cac642;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887CC5E20(E00007FF87FF887CC56E4(), 1, _v40 ^ _t99 - 0x000000d0);
			}






























                                                                                                                0x7ff887cac470
                                                                                                                0x7ff887cac47d
                                                                                                                0x7ff887cac484
                                                                                                                0x7ff887cac487
                                                                                                                0x7ff887cac48f
                                                                                                                0x7ff887cac492
                                                                                                                0x7ff887cac495
                                                                                                                0x7ff887cac498
                                                                                                                0x7ff887cac49d
                                                                                                                0x7ff887cac4a2
                                                                                                                0x7ff887cac4aa
                                                                                                                0x7ff887cac4b2
                                                                                                                0x7ff887cac4ba
                                                                                                                0x7ff887cac4c0
                                                                                                                0x7ff887cac4cb
                                                                                                                0x7ff887cac4d0
                                                                                                                0x7ff887cac4d5
                                                                                                                0x7ff887cac4dd
                                                                                                                0x7ff887cac4e5
                                                                                                                0x7ff887cac4eb
                                                                                                                0x7ff887cac4f0
                                                                                                                0x7ff887cac500
                                                                                                                0x7ff887cac50b
                                                                                                                0x7ff887cac51b
                                                                                                                0x7ff887cac528
                                                                                                                0x7ff887cac52e
                                                                                                                0x7ff887cac53a
                                                                                                                0x7ff887cac551
                                                                                                                0x7ff887cac566
                                                                                                                0x7ff887cac568
                                                                                                                0x7ff887cac56e
                                                                                                                0x7ff887cac56f
                                                                                                                0x7ff887cac574
                                                                                                                0x7ff887cac580
                                                                                                                0x7ff887cac58c
                                                                                                                0x7ff887cac594
                                                                                                                0x7ff887cac599
                                                                                                                0x7ff887cac59e
                                                                                                                0x7ff887cac5a8
                                                                                                                0x7ff887cac5b2
                                                                                                                0x7ff887cac5bc
                                                                                                                0x7ff887cac5c6
                                                                                                                0x7ff887cac5d0
                                                                                                                0x7ff887cac5dc
                                                                                                                0x7ff887cac5ee
                                                                                                                0x7ff887cac5fc
                                                                                                                0x7ff887cac601
                                                                                                                0x7ff887cac60d
                                                                                                                0x7ff887cac624
                                                                                                                0x7ff887cac639
                                                                                                                0x7ff887cac63b
                                                                                                                0x7ff887cac641
                                                                                                                0x7ff887cac662

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CBD640: __tlregdtor.LIBCMT ref: 00007FF887CBD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAC568
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAC63B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: RunDllCallback {:#x}, {:#x}, {:#x} -> '{}', {}$c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$rundll
                                                                                                                • API String ID: 333172304-2456309662
                                                                                                                • Opcode ID: a6f49f52a633823130ec69534744436b55779717cb7c8cb33321a036e829d2c8
                                                                                                                • Instruction ID: 7faf45c8a4d641e7940a7d7812ed525a39443c6fe10e72cbf88974509f528c10
                                                                                                                • Opcode Fuzzy Hash: a6f49f52a633823130ec69534744436b55779717cb7c8cb33321a036e829d2c8
                                                                                                                • Instruction Fuzzy Hash: C9514C72A59B8185EB20CB54E5443AEB7A2FB857E0F500236EAAC43BD9DF7CD484C740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA9780 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E00007FF87FF887CA9780(long long __rcx, void* __rbp, void* __r14) {
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v82;
				short _v84;
				char _v88;
				char _v104;
				long long _v120;
				void* __rbx;
				char _t34;
				signed long long _t63;
				signed long long _t64;
				long long _t76;
				char _t85;
				long long _t93;
				intOrPtr _t98;
				intOrPtr _t101;
				void* _t104;
				signed long long _t106;
				void* _t107;
				intOrPtr _t108;

				_t63 =  *0x87ceec78; // 0x53a27ff7578c
				_t64 = _t63 ^ _t106;
				_v24 = _t64;
				_t76 = __rcx;
				_v88 = 0;
				_v64 = 0xf;
				_v72 = 6;
				_t34 = "system"; // 0x74737973
				_v88 = _t34;
				_v84 =  *0x87cdba84 & 0x0000ffff;
				_v82 = 0;
				_v56 = 0;
				asm("movdqa xmm0, [0x32bbb]");
				asm("movdqu [esp+0x70], xmm0");
				_v56 = 0;
				E00007FF87FF887CBD640(__rcx, __rcx, _t107);
				if ( &_v56 == _t64) goto 0x87ca981a;
				_t108 =  *((intOrPtr*)(_t64 + 0x10));
				if ( *((long long*)(_t64 + 0x18)) - 0x10 < 0) goto 0x87ca980d;
				E00007FF87FF887CA9100(_t76,  &_v56,  *_t64, _t108, __r14);
				E00007FF87FF887CC06F0( *((long long*)(_t64 + 0x18)) - 0x10,  *_t64,  &_v88, _t108);
				_t93 = _v64;
				if (_t93 - 0x10 < 0) goto 0x87ca9865;
				if (_t93 + 1 - 0x1000 < 0) goto 0x87ca9860;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca9860;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v72 = 0;
				_v64 = 0xf;
				_v88 = 0;
				_v104 = _t76;
				_v120 =  &_v104;
				r8d = 0x42;
				_t50 = _t108 - 0x41;
				E00007FF87FF887CA5DB0(_t108 - 0x41, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_closeport {:#x}");
				E00007FF87FF887CAE5B0(E00007FF87FF887CAE0D0( *((intOrPtr*)(_v88 - 8)), "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp"), _t76,  &_v104, _t76, _t104);
				E00007FF87FF887CC06F0(_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f,  &_v104,  &_v56, _t108);
				_t98 = _v32;
				if (_t98 - 0x10 < 0) goto 0x87ca9904;
				_t85 = _v56;
				if (_t98 + 1 - 0x1000 < 0) goto 0x87ca98fe;
				_t72 = _t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8;
				_t58 = _t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8 - 0x1f;
				if (_t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca98fe;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CC06F0(_t58, _t72,  &_v56, _t108);
				_t101 = _v32;
				if (_t101 - 0x10 < 0) goto 0x87ca9956;
				if (_t101 + 1 - 0x1000 < 0) goto 0x87ca9950;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ca9950;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				return E00007FF87FF887CC5E20(0, _t50, _v24 ^ _t106);
			}


























                                                                                                                0x7ff887ca9789
                                                                                                                0x7ff887ca9790
                                                                                                                0x7ff887ca9793
                                                                                                                0x7ff887ca979b
                                                                                                                0x7ff887ca979e
                                                                                                                0x7ff887ca97a7
                                                                                                                0x7ff887ca97b0
                                                                                                                0x7ff887ca97b9
                                                                                                                0x7ff887ca97bf
                                                                                                                0x7ff887ca97ca
                                                                                                                0x7ff887ca97cf
                                                                                                                0x7ff887ca97d4
                                                                                                                0x7ff887ca97dd
                                                                                                                0x7ff887ca97e5
                                                                                                                0x7ff887ca97eb
                                                                                                                0x7ff887ca97f0
                                                                                                                0x7ff887ca97fd
                                                                                                                0x7ff887ca97ff
                                                                                                                0x7ff887ca9808
                                                                                                                0x7ff887ca9815
                                                                                                                0x7ff887ca981f
                                                                                                                0x7ff887ca9825
                                                                                                                0x7ff887ca982e
                                                                                                                0x7ff887ca9842
                                                                                                                0x7ff887ca9857
                                                                                                                0x7ff887ca9859
                                                                                                                0x7ff887ca985f
                                                                                                                0x7ff887ca9860
                                                                                                                0x7ff887ca9865
                                                                                                                0x7ff887ca986e
                                                                                                                0x7ff887ca9877
                                                                                                                0x7ff887ca987c
                                                                                                                0x7ff887ca9886
                                                                                                                0x7ff887ca9892
                                                                                                                0x7ff887ca989f
                                                                                                                0x7ff887ca98a3
                                                                                                                0x7ff887ca98b3
                                                                                                                0x7ff887ca98be
                                                                                                                0x7ff887ca98c3
                                                                                                                0x7ff887ca98cc
                                                                                                                0x7ff887ca98d1
                                                                                                                0x7ff887ca98e0
                                                                                                                0x7ff887ca98ed
                                                                                                                0x7ff887ca98f1
                                                                                                                0x7ff887ca98f5
                                                                                                                0x7ff887ca98f7
                                                                                                                0x7ff887ca98fd
                                                                                                                0x7ff887ca98fe
                                                                                                                0x7ff887ca9910
                                                                                                                0x7ff887ca9915
                                                                                                                0x7ff887ca991e
                                                                                                                0x7ff887ca9932
                                                                                                                0x7ff887ca9947
                                                                                                                0x7ff887ca9949
                                                                                                                0x7ff887ca994f
                                                                                                                0x7ff887ca9950
                                                                                                                0x7ff887ca9970

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CBD640: __tlregdtor.LIBCMT ref: 00007FF887CBD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA9859
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CA98F7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_closeport {:#x}$system
                                                                                                                • API String ID: 333172304-1932419764
                                                                                                                • Opcode ID: e5d8c8661186eecb9c26fef6bfbf78ce596301ad3e3beeb2c16e34fd045bf4b6
                                                                                                                • Instruction ID: 76c4c144a08de398b46a489871e50d1c0c944b6cb3c56a6c64ae4f5deed724e3
                                                                                                                • Opcode Fuzzy Hash: e5d8c8661186eecb9c26fef6bfbf78ce596301ad3e3beeb2c16e34fd045bf4b6
                                                                                                                • Instruction Fuzzy Hash: DF418CA2A58B8682EB10DB25E44536EB772FB957D0F400235E69D47BDADF6CE084C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CAA000 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 51%
                                                                                                                			E00007FF87FF887CAA000(long long __rcx, void* __rbp, void* __r14) {
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v82;
				short _v84;
				char _v88;
				char _v104;
				long long _v120;
				void* __rbx;
				char _t33;
				void* _t50;
				signed long long _t63;
				signed long long _t64;
				long long _t76;
				char _t85;
				long long _t93;
				intOrPtr _t98;
				intOrPtr _t101;
				void* _t104;
				void* _t105;
				void* _t106;
				signed long long _t107;
				void* _t108;

				_t106 = __rbp;
				_t63 =  *0x87ceec78; // 0x53a27ff7578c
				_t64 = _t63 ^ _t107;
				_v24 = _t64;
				_t76 = __rcx;
				_v88 = 0;
				_v64 = 0xf;
				_v72 = 6;
				_t33 = "system"; // 0x74737973
				_v88 = _t33;
				_v84 =  *0x87cdba84 & 0x0000ffff;
				_v82 = 0;
				_v56 = 0;
				asm("movdqa xmm0, [0x3233b]");
				asm("movdqu [esp+0x70], xmm0");
				_v56 = 0;
				E00007FF87FF887CBD640(__rcx, __rcx, _t108);
				if ( &_v56 == _t64) goto 0x87caa09a;
				_t109 =  *((intOrPtr*)(_t64 + 0x10));
				if ( *((long long*)(_t64 + 0x18)) - 0x10 < 0) goto 0x87caa08d;
				E00007FF87FF887CA9100(_t76,  &_v56,  *_t64,  *((intOrPtr*)(_t64 + 0x10)), __r14);
				E00007FF87FF887CC06F0( *((long long*)(_t64 + 0x18)) - 0x10,  *_t64,  &_v88,  *((intOrPtr*)(_t64 + 0x10)));
				_t93 = _v64;
				if (_t93 - 0x10 < 0) goto 0x87caa0e5;
				if (_t93 + 1 - 0x1000 < 0) goto 0x87caa0e0;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caa0e0;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				_v72 = 0;
				_v64 = 0xf;
				_v88 = 0;
				_v104 = _t76;
				_v120 =  &_v104;
				r8d = 0xc8;
				E00007FF87FF887CA5DB0(0, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_enddocport {:#x}");
				E00007FF87FF887CAE730(E00007FF87FF887CAE0D0( *((intOrPtr*)(_v88 - 8)), "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp"), _t50, _t76,  &_v104, _t76, _t104, _t105, _t106,  *((intOrPtr*)(_t64 + 0x10)));
				E00007FF87FF887CC06F0(_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f,  &_v104,  &_v56,  *((intOrPtr*)(_t64 + 0x10)));
				_t98 = _v32;
				if (_t98 - 0x10 < 0) goto 0x87caa182;
				_t85 = _v56;
				if (_t98 + 1 - 0x1000 < 0) goto 0x87caa17c;
				_t72 = _t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8;
				_t58 = _t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8 - 0x1f;
				if (_t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caa17c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				E00007FF87FF887CC06F0(_t58, _t72,  &_v56, _t109);
				_t101 = _v32;
				if (_t101 - 0x10 < 0) goto 0x87caa1d4;
				if (_t101 + 1 - 0x1000 < 0) goto 0x87caa1ce;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caa1ce;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				return E00007FF87FF887CC5E20(0, 0, _v24 ^ _t107);
			}




























                                                                                                                0x7ff887caa000
                                                                                                                0x7ff887caa009
                                                                                                                0x7ff887caa010
                                                                                                                0x7ff887caa013
                                                                                                                0x7ff887caa01b
                                                                                                                0x7ff887caa01e
                                                                                                                0x7ff887caa027
                                                                                                                0x7ff887caa030
                                                                                                                0x7ff887caa039
                                                                                                                0x7ff887caa03f
                                                                                                                0x7ff887caa04a
                                                                                                                0x7ff887caa04f
                                                                                                                0x7ff887caa054
                                                                                                                0x7ff887caa05d
                                                                                                                0x7ff887caa065
                                                                                                                0x7ff887caa06b
                                                                                                                0x7ff887caa070
                                                                                                                0x7ff887caa07d
                                                                                                                0x7ff887caa07f
                                                                                                                0x7ff887caa088
                                                                                                                0x7ff887caa095
                                                                                                                0x7ff887caa09f
                                                                                                                0x7ff887caa0a5
                                                                                                                0x7ff887caa0ae
                                                                                                                0x7ff887caa0c2
                                                                                                                0x7ff887caa0d7
                                                                                                                0x7ff887caa0d9
                                                                                                                0x7ff887caa0df
                                                                                                                0x7ff887caa0e0
                                                                                                                0x7ff887caa0e5
                                                                                                                0x7ff887caa0ee
                                                                                                                0x7ff887caa0f7
                                                                                                                0x7ff887caa0fc
                                                                                                                0x7ff887caa106
                                                                                                                0x7ff887caa112
                                                                                                                0x7ff887caa121
                                                                                                                0x7ff887caa131
                                                                                                                0x7ff887caa13c
                                                                                                                0x7ff887caa141
                                                                                                                0x7ff887caa14a
                                                                                                                0x7ff887caa14f
                                                                                                                0x7ff887caa15e
                                                                                                                0x7ff887caa16b
                                                                                                                0x7ff887caa16f
                                                                                                                0x7ff887caa173
                                                                                                                0x7ff887caa175
                                                                                                                0x7ff887caa17b
                                                                                                                0x7ff887caa17c
                                                                                                                0x7ff887caa18e
                                                                                                                0x7ff887caa193
                                                                                                                0x7ff887caa19c
                                                                                                                0x7ff887caa1b0
                                                                                                                0x7ff887caa1c5
                                                                                                                0x7ff887caa1c7
                                                                                                                0x7ff887caa1cd
                                                                                                                0x7ff887caa1ce
                                                                                                                0x7ff887caa1ee

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CBD640: __tlregdtor.LIBCMT ref: 00007FF887CBD690
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAA0D9
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAA175
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_enddocport {:#x}$system
                                                                                                                • API String ID: 333172304-3202253893
                                                                                                                • Opcode ID: f67c89eb7bd3bec54ba0237cedce4b43c66fcbe91a0e68528c45ec1747136fc5
                                                                                                                • Instruction ID: 822c63c51907ac6d3aa3f89b23ed3f3d422a5c55e86d5f090459876c02f1dacd
                                                                                                                • Opcode Fuzzy Hash: f67c89eb7bd3bec54ba0237cedce4b43c66fcbe91a0e68528c45ec1747136fc5
                                                                                                                • Instruction Fuzzy Hash: 44417CA2A98A8182FB10DB64E44436EB772FB857D0F404235E69D47BDADF6DE084D700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB68F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF887CB695B
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB82B2
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB82CC
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB82F6
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB8320
                                                                                                                  • Part of subcall function 00007FF887CB82A0: std::_Facet_Register.LIBCPMT ref: 00007FF887CB8339
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB8358
                                                                                                                • ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z.MSVCP140 ref: 00007FF887CB69CB
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887CB6A00
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: U?$char_traits@$V?$ostreambuf_iterator@$D@std@@@std@@@std@@Lockit@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?put@?$time_put@Bid@locale@std@@D@std@@@2@D@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterUtm@@V12@V32@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@std::_
                                                                                                                • String ID: $B
                                                                                                                • API String ID: 2374335714-2922798824
                                                                                                                • Opcode ID: 4c90dcd5b17b733bbf7a0741c09f34c9d962b6272dfb0017e2fd1e9677194e17
                                                                                                                • Instruction ID: c066d3e8d10abc9cf66c05e6f6975d81720d41368324b1be7a0abe094bacdea2
                                                                                                                • Opcode Fuzzy Hash: 4c90dcd5b17b733bbf7a0741c09f34c9d962b6272dfb0017e2fd1e9677194e17
                                                                                                                • Instruction Fuzzy Hash: 28311E62A08BC182EB10CB65E4903AEB771FBD9B88F145126DB8D47B56DF7CD185C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB67C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF887CB682B
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB82B2
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB82CC
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB82F6
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB8320
                                                                                                                  • Part of subcall function 00007FF887CB82A0: std::_Facet_Register.LIBCPMT ref: 00007FF887CB8339
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB8358
                                                                                                                • ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z.MSVCP140 ref: 00007FF887CB689B
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887CB68D0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: U?$char_traits@$V?$ostreambuf_iterator@$D@std@@@std@@@std@@Lockit@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?put@?$time_put@Bid@locale@std@@D@std@@@2@D@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterUtm@@V12@V32@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@std::_
                                                                                                                • String ID: $A
                                                                                                                • API String ID: 2374335714-926879570
                                                                                                                • Opcode ID: 23fbfba1f362895d4738c1b54d018f1fa61c5d990b0208e7b8aa9063b041dc4d
                                                                                                                • Instruction ID: c12f6e6e9ffb08ac2b9e0e8b3dcad8a373579c5678cc024ecf32d2ff77aa5236
                                                                                                                • Opcode Fuzzy Hash: 23fbfba1f362895d4738c1b54d018f1fa61c5d990b0208e7b8aa9063b041dc4d
                                                                                                                • Instruction Fuzzy Hash: 3B312D62A08BC182EB10CB65E4903AEB771FBD9B88F145126DB8D47B56DF7CD188C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB6B50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF887CB6BBB
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB82B2
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB82CC
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB82F6
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB8320
                                                                                                                  • Part of subcall function 00007FF887CB82A0: std::_Facet_Register.LIBCPMT ref: 00007FF887CB8339
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB8358
                                                                                                                • ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z.MSVCP140 ref: 00007FF887CB6C2B
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887CB6C60
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: U?$char_traits@$V?$ostreambuf_iterator@$D@std@@@std@@@std@@Lockit@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?put@?$time_put@Bid@locale@std@@D@std@@@2@D@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterUtm@@V12@V32@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@std::_
                                                                                                                • String ID: $b
                                                                                                                • API String ID: 2374335714-2505604640
                                                                                                                • Opcode ID: c6cd45424e9051ab469fa1244db57bbf8476600e3f5e0e57702211fa5840139c
                                                                                                                • Instruction ID: 4fbe630c02dbedef60d54c60e16e2799ffb4d35f15971a569d3d48f6180cf179
                                                                                                                • Opcode Fuzzy Hash: c6cd45424e9051ab469fa1244db57bbf8476600e3f5e0e57702211fa5840139c
                                                                                                                • Instruction Fuzzy Hash: 25314B62A08BC182EB10CB65E4903AEB771FBD9B88F149126EB8D47B16DF3CD584C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB6A20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF887CB6A8B
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB82B2
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB82CC
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB82F6
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB8320
                                                                                                                  • Part of subcall function 00007FF887CB82A0: std::_Facet_Register.LIBCPMT ref: 00007FF887CB8339
                                                                                                                  • Part of subcall function 00007FF887CB82A0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887CCAECA), ref: 00007FF887CB8358
                                                                                                                • ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z.MSVCP140 ref: 00007FF887CB6AFB
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887CB6B30
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: U?$char_traits@$V?$ostreambuf_iterator@$D@std@@@std@@@std@@Lockit@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?put@?$time_put@Bid@locale@std@@D@std@@@2@D@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterUtm@@V12@V32@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@std::_
                                                                                                                • String ID: $a
                                                                                                                • API String ID: 2374335714-206647194
                                                                                                                • Opcode ID: 40208c702b3025eb7d6e4bcea59c6ce640fd8d329c515ba2f42296a91b8afa97
                                                                                                                • Instruction ID: b2b2fef8edceb481c17a2528e2e7776e31f511b8abb2c656715c3feb1959ef2f
                                                                                                                • Opcode Fuzzy Hash: 40208c702b3025eb7d6e4bcea59c6ce640fd8d329c515ba2f42296a91b8afa97
                                                                                                                • Instruction Fuzzy Hash: CC312B62A08BC186EB10CB65E4903AEB771FBD9B88F149126EB8D47B56DF7CD184C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CAE5B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 16%
                                                                                                                			E00007FF87FF887CAE5B0(void* __eax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long _a8, long long _a24) {
				void* _v8;
				signed int _v16;
				long long _v80;
				void* _t15;
				signed long long _t21;
				intOrPtr* _t23;
				void* _t28;
				intOrPtr* _t35;
				void* _t40;

				_t28 = __rcx;
				_a8 = __rbx;
				_a24 = __rsi;
				_t41 = _t40 - 0x70;
				_t21 =  *0x87ceec78; // 0x53a27ff7578c
				_v16 = _t21 ^ _t40 - 0x00000070;
				_t4 = _t28 + 0x70; // 0x70
				_v80 = _t4;
				0x87cc5430();
				if (__eax != 0) goto 0x87cae636;
				_t35 =  *((intOrPtr*)(__rcx + 0x60));
				_t23 =  *_t35;
				if (_t23 == _t35) goto 0x87cae63e;
				if ( *((intOrPtr*)(_t23 + 0x10)) == __rdx) goto 0x87cae608;
				if ( *_t23 == _t35) goto 0x87cae63e;
				goto 0x87cae5f5;
				 *((char*)(__rdx + 0xa0)) = 0;
				0x87cc5436();
				return E00007FF87FF887CC5E20(__eax, _t15, _v16 ^ _t41);
			}












                                                                                                                0x7ff887cae5b0
                                                                                                                0x7ff887cae5b0
                                                                                                                0x7ff887cae5b5
                                                                                                                0x7ff887cae5bb
                                                                                                                0x7ff887cae5bf
                                                                                                                0x7ff887cae5c9
                                                                                                                0x7ff887cae5d4
                                                                                                                0x7ff887cae5d8
                                                                                                                0x7ff887cae5e0
                                                                                                                0x7ff887cae5e7
                                                                                                                0x7ff887cae5e9
                                                                                                                0x7ff887cae5ed
                                                                                                                0x7ff887cae5f3
                                                                                                                0x7ff887cae5f9
                                                                                                                0x7ff887cae604
                                                                                                                0x7ff887cae606
                                                                                                                0x7ff887cae608
                                                                                                                0x7ff887cae612
                                                                                                                0x7ff887cae635

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: C_error@std@@ExceptionMtx_lockMtx_unlockThrowThrow_
                                                                                                                • String ID: port object {:#x} is not present in the list
                                                                                                                • API String ID: 2666407778-719059081
                                                                                                                • Opcode ID: 24d7fd1fe5605673694042690c94f3859060df4a94e54292fa0a103a04a0d1b7
                                                                                                                • Instruction ID: 8626eea1434c2700ff440530deb46c64ec60862357c60c934b2ecce6dfe7985d
                                                                                                                • Opcode Fuzzy Hash: 24d7fd1fe5605673694042690c94f3859060df4a94e54292fa0a103a04a0d1b7
                                                                                                                • Instruction Fuzzy Hash: 5411AE62798B4681EB24DB21E5510BEA3B2FB84BC0F944531EA8D43B65DE3CE441C740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB9720 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 24%
                                                                                                                			E00007FF87FF887CB9720(signed long long __rcx) {
				signed int _v24;
				long long _v32;
				long long _v40;
				signed long long _v56;
				char _v64;
				signed long long _v72;
				void* _t17;
				intOrPtr _t19;
				void* _t21;
				signed long long _t28;
				signed long long _t29;
				long long* _t37;
				signed long long _t39;
				intOrPtr _t46;
				signed long long _t49;

				_t28 =  *0x87ceec78; // 0x53a27ff7578c
				_t29 = _t28 ^ _t49;
				_v24 = _t29;
				_t37 = __rcx;
				_v72 = __rcx;
				E00007FF87FF887CC56A8(_t17, _t29, __rcx);
				asm("movups xmm0, [0x23982]");
				_t39 = _t29;
				_v40 = 0x26;
				_v32 = 0x2f;
				asm("movups [eax], xmm0");
				_v72 = _t39;
				asm("movups xmm1, [0x2396a]");
				_v64 = 1;
				asm("xorps xmm0, xmm0");
				asm("movups [eax+0x10], xmm1");
				_t19 = M00007FF87FF887CDD0F0; // 0x39392e2e
				 *((intOrPtr*)(_t39 + 0x20)) = _t19;
				 *((short*)(_t39 + 0x24)) =  *0x87cdd0f4 & 0x0000ffff;
				 *((char*)(_t39 + 0x26)) = 0;
				_v56 = _t39;
				 *_t37 = 0x87cdb9e8;
				asm("movups [edx], xmm0");
				0x87cd70e3();
				_t46 = _v32;
				 *_t37 = 0x87cdcff0;
				if (_t46 - 0x10 < 0) goto 0x87cb9800;
				if (_t46 + 1 - 0x1000 < 0) goto 0x87cb97fb;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cb97fb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t21 = E00007FF87FF887CC56E4();
				 *_t37 = 0x87cdd0c0;
				return E00007FF87FF887CC5E20(_t21, 0x30, _v24 ^ _t49);
			}


















                                                                                                                0x7ff887cb9726
                                                                                                                0x7ff887cb972d
                                                                                                                0x7ff887cb9730
                                                                                                                0x7ff887cb9735
                                                                                                                0x7ff887cb9738
                                                                                                                0x7ff887cb9742
                                                                                                                0x7ff887cb9747
                                                                                                                0x7ff887cb974e
                                                                                                                0x7ff887cb9751
                                                                                                                0x7ff887cb975a
                                                                                                                0x7ff887cb9767
                                                                                                                0x7ff887cb976a
                                                                                                                0x7ff887cb976f
                                                                                                                0x7ff887cb9776
                                                                                                                0x7ff887cb977b
                                                                                                                0x7ff887cb977e
                                                                                                                0x7ff887cb9782
                                                                                                                0x7ff887cb9788
                                                                                                                0x7ff887cb9792
                                                                                                                0x7ff887cb979d
                                                                                                                0x7ff887cb97a1
                                                                                                                0x7ff887cb97ab
                                                                                                                0x7ff887cb97ae
                                                                                                                0x7ff887cb97b1
                                                                                                                0x7ff887cb97b6
                                                                                                                0x7ff887cb97c2
                                                                                                                0x7ff887cb97c9
                                                                                                                0x7ff887cb97dd
                                                                                                                0x7ff887cb97f2
                                                                                                                0x7ff887cb97f4
                                                                                                                0x7ff887cb97fa
                                                                                                                0x7ff887cb97fb
                                                                                                                0x7ff887cb9807
                                                                                                                0x7ff887cb981f

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CC56A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887CA8F4E), ref: 00007FF887CC56C2
                                                                                                                • __std_exception_copy.VCRUNTIME140 ref: 00007FF887CB97B1
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CB97F4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                • String ID: &$..9999$/
                                                                                                                • API String ID: 4226527432-2119091122
                                                                                                                • Opcode ID: a2d8674bf7939e1ed00b3c855439470b86ba617df5ecf75af23d96fb384395a0
                                                                                                                • Instruction ID: 44974c2a3322b99d53a2ea71358742492bcd5618b916057a1da47c4126005d96
                                                                                                                • Opcode Fuzzy Hash: a2d8674bf7939e1ed00b3c855439470b86ba617df5ecf75af23d96fb384395a0
                                                                                                                • Instruction Fuzzy Hash: 64215061958B8581EB11CF24E84036D77B1FB987D8F504232EA9C037A6EF7CE191C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CC0F50 Relevance: 7.6, APIs: 5, Instructions: 150windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 19%
                                                                                                                			E00007FF87FF887CC0F50(int __edx, long long __rbx, long long __rcx, long long _a24) {
				signed int _v56;
				long long _v64;
				long long _v72;
				char _v88;
				long long _v96;
				void* _v104;
				long long _v112;
				long long _v120;
				intOrPtr _v128;
				long long _v136;
				void* __rbp;
				void* __r14;
				int _t51;
				int _t54;
				void* _t56;
				int _t71;
				signed long long _t89;
				int _t113;
				void* _t119;
				long long _t121;
				void* _t125;
				long long _t127;
				void* _t129;
				intOrPtr _t133;
				void* _t134;
				char _t136;
				void* _t137;
				long long _t139;

				_a24 = __rbx;
				_t89 =  *0x87ceec78; // 0x53a27ff7578c
				_v56 = _t89 ^ _t129 - 0x00000080;
				_t71 = __edx;
				_t127 = __rcx;
				_v104 = __rcx;
				r15d = 0;
				_v104 = _t139;
				_v120 = _t139;
				_v128 = r15d;
				_v136 =  &_v104;
				r9d = 0x400;
				r8d = __edx;
				if (FormatMessageW(??, ??, ??, ??, ??, ??, ??) != 0) goto 0x87cc0fc0;
				E00007FF87FF887CC1450(__edx, FormatMessageW(??, ??, ??, ??, ??, ??, ??), __rcx, _t119, _t129, _t134, _t137);
				goto 0x87cc1159;
				_v96 = _v104;
				_v112 = _t139;
				_v120 = _t139;
				_v128 = r15d;
				_v136 = _t139;
				r9d = 0xffffffff;
				_t51 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				_t138 = _t51;
				if (_t51 != 0) goto 0x87cc1005;
				E00007FF87FF887CC1450(__edx, _t51, __rcx, _t119, _t129, _t134, _t51);
				goto 0x87cc1150;
				_v88 = _t139;
				_v72 = _t139;
				_v64 = 0xf;
				_v88 = 0;
				r8d = 0;
				E00007FF87FF887CBC1D0(_v104,  &_v88, _t51, _t51);
				_t93 =  >=  ? _v88 :  &_v88;
				_v112 = _t139;
				_v120 = _t139;
				_v128 = r14d;
				_v136 =  >=  ? _v88 :  &_v88;
				r9d = 0xffffffff;
				_t133 = _v104;
				_t54 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				r8d = _t54;
				if (_t54 != 0) goto 0x87cc10b8;
				E00007FF87FF887CC1450(_t71, _t54, _t127, _t51, _t129, _t134, _t138);
				_t121 = _v64;
				if (_t121 - 0x10 < 0) goto 0x87cc1140;
				if (_t121 + 1 - 0x1000 < 0) goto 0x87cc10ae;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cc10ae;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t56 = E00007FF87FF887CC56E4();
				goto 0x87cc1140;
				r8d = r8d - 1;
				_t113 = r8d;
				_t136 = _v88;
				if (r8d <= 0) goto 0x87cc1122;
				_t98 =  >=  ? _t136 :  &_v88;
				if ( *((char*)(_t113 + ( >=  ? _t136 :  &_v88) - 1)) == 0xa) goto 0x87cc10f6;
				_t100 =  >=  ? _t136 :  &_v88;
				if ( *((char*)(_t113 + ( >=  ? _t136 :  &_v88) - 1)) != 0xd) goto 0x87cc1101;
				r8d = r8d - 1;
				if (_t113 - 1 > 0) goto 0x87cc10d0;
				if (r8d <= 0) goto 0x87cc1122;
				_t125 =  >=  ? _t136 :  &_v88;
				_t40 = _t133 - 1; // -3
				r8d =  ==  ? _t40 : r8d;
				r8d = 0;
				E00007FF87FF887CC0430(_t56,  &_v88, r8d);
				asm("movups xmm0, [ebp-0x30]");
				asm("movups [edi], xmm0");
				asm("movups xmm1, [ebp-0x20]");
				asm("movups [edi+0x10], xmm1");
				_v88 = 0;
				_v64 = 0xf;
				_v72 = _t139;
				return E00007FF87FF887CC5E20(LocalFree(??), _t40, _v56 ^ _t129 - 0x00000080);
			}































                                                                                                                0x7ff887cc0f50
                                                                                                                0x7ff887cc0f66
                                                                                                                0x7ff887cc0f70
                                                                                                                0x7ff887cc0f74
                                                                                                                0x7ff887cc0f76
                                                                                                                0x7ff887cc0f79
                                                                                                                0x7ff887cc0f7d
                                                                                                                0x7ff887cc0f80
                                                                                                                0x7ff887cc0f84
                                                                                                                0x7ff887cc0f89
                                                                                                                0x7ff887cc0f92
                                                                                                                0x7ff887cc0f97
                                                                                                                0x7ff887cc0f9d
                                                                                                                0x7ff887cc0faf
                                                                                                                0x7ff887cc0fb6
                                                                                                                0x7ff887cc0fbb
                                                                                                                0x7ff887cc0fc4
                                                                                                                0x7ff887cc0fc8
                                                                                                                0x7ff887cc0fcd
                                                                                                                0x7ff887cc0fd2
                                                                                                                0x7ff887cc0fd7
                                                                                                                0x7ff887cc0fdc
                                                                                                                0x7ff887cc0fe9
                                                                                                                0x7ff887cc0fef
                                                                                                                0x7ff887cc0ff4
                                                                                                                0x7ff887cc0ffb
                                                                                                                0x7ff887cc1000
                                                                                                                0x7ff887cc1005
                                                                                                                0x7ff887cc1009
                                                                                                                0x7ff887cc100d
                                                                                                                0x7ff887cc1015
                                                                                                                0x7ff887cc101c
                                                                                                                0x7ff887cc1023
                                                                                                                0x7ff887cc1032
                                                                                                                0x7ff887cc1037
                                                                                                                0x7ff887cc103c
                                                                                                                0x7ff887cc1041
                                                                                                                0x7ff887cc1046
                                                                                                                0x7ff887cc104b
                                                                                                                0x7ff887cc1051
                                                                                                                0x7ff887cc1059
                                                                                                                0x7ff887cc105f
                                                                                                                0x7ff887cc1064
                                                                                                                0x7ff887cc106b
                                                                                                                0x7ff887cc1071
                                                                                                                0x7ff887cc1079
                                                                                                                0x7ff887cc1090
                                                                                                                0x7ff887cc10a5
                                                                                                                0x7ff887cc10a7
                                                                                                                0x7ff887cc10ad
                                                                                                                0x7ff887cc10ae
                                                                                                                0x7ff887cc10b3
                                                                                                                0x7ff887cc10b8
                                                                                                                0x7ff887cc10bb
                                                                                                                0x7ff887cc10c2
                                                                                                                0x7ff887cc10c9
                                                                                                                0x7ff887cc10d8
                                                                                                                0x7ff887cc10e1
                                                                                                                0x7ff887cc10eb
                                                                                                                0x7ff887cc10f4
                                                                                                                0x7ff887cc10f6
                                                                                                                0x7ff887cc10ff
                                                                                                                0x7ff887cc1104
                                                                                                                0x7ff887cc110e
                                                                                                                0x7ff887cc1112
                                                                                                                0x7ff887cc111e
                                                                                                                0x7ff887cc1125
                                                                                                                0x7ff887cc112c
                                                                                                                0x7ff887cc1131
                                                                                                                0x7ff887cc1135
                                                                                                                0x7ff887cc1138
                                                                                                                0x7ff887cc113c
                                                                                                                0x7ff887cc1140
                                                                                                                0x7ff887cc1144
                                                                                                                0x7ff887cc114c
                                                                                                                0x7ff887cc117e

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharFormatFreeLocalMessageMultiWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 2906450291-0
                                                                                                                • Opcode ID: af953d9cff2a8f05137041803a2c7d5d08e1c9e19b80ec48ea067704dbc0be7f
                                                                                                                • Instruction ID: aee48f3ac52a3b397d94a8dd29a87a0adba4ed324f51895b773bb7b76d06bd66
                                                                                                                • Opcode Fuzzy Hash: af953d9cff2a8f05137041803a2c7d5d08e1c9e19b80ec48ea067704dbc0be7f
                                                                                                                • Instruction Fuzzy Hash: 24518572B58B518AFB20CB66E8507AD67B6BB847D8F504635EE4E13A99DF3CD041C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB3FF0 Relevance: 7.6, APIs: 5, Instructions: 140COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FF887CB3B6C), ref: 00007FF887CB404F
                                                                                                                • memset.VCRUNTIME140(?,?,?,?,00000000,?,?,?,00000000,00007FF887CB3B6C), ref: 00007FF887CB40AC
                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FF887CB3B6C), ref: 00007FF887CB40EA
                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FF887CB3B6C), ref: 00007FF887CB4117
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,?,?,?,00000000,00007FF887CB3B6C), ref: 00007FF887CB4178
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$_invalid_parameter_noinfo_noreturnmemset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2536929686-0
                                                                                                                • Opcode ID: afe144113961a97d98ef3f5f0637efb7c2706ae311b8a217db6a83da57d6f214
                                                                                                                • Instruction ID: bf5f4493491141b83e5085d7c57fcbd2532867b424f4f17c81171aa917423b1e
                                                                                                                • Opcode Fuzzy Hash: afe144113961a97d98ef3f5f0637efb7c2706ae311b8a217db6a83da57d6f214
                                                                                                                • Instruction Fuzzy Hash: E2418322E5874281E724DB12E40466EBAE6BF94BE4F154635EAAD07BD5DF3CD641C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB7ED0 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CB9000: __std_exception_copy.VCRUNTIME140(?,?,?,00007FF887CB7EE1), ref: 00007FF887CB902F
                                                                                                                • _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF887CBE5AE), ref: 00007FF887CB7EED
                                                                                                                • _CxxThrowException.VCRUNTIME140 ref: 00007FF887CB7F20
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionThrow$__std_exception_copy
                                                                                                                • String ID:
                                                                                                                • API String ID: 174860668-0
                                                                                                                • Opcode ID: 1863cd82fac41dba5849118a917ca5cd3564107b8257b490e11ea4118fc6bec0
                                                                                                                • Instruction ID: 586b634ea0f7c211906709395e677efb7d99c8f16cbd791bf29024b3263544d9
                                                                                                                • Opcode Fuzzy Hash: 1863cd82fac41dba5849118a917ca5cd3564107b8257b490e11ea4118fc6bec0
                                                                                                                • Instruction Fuzzy Hash: AF417C22648A8181DB249B15E4903ADA772FB85FC5F188532EF4E47B66CF3CD54AC300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA8330 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 119COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove
                                                                                                                • String ID: false
                                                                                                                • API String ID: 2162964266-734881840
                                                                                                                • Opcode ID: bc025fc7f03d0eb2bbeeb250945b171c69d13fae9fd529cdf8a4856c7184f660
                                                                                                                • Instruction ID: 812e225dbd2aa83099b2554583582d0c5a8c1902b09587aa25b496a23ea59910
                                                                                                                • Opcode Fuzzy Hash: bc025fc7f03d0eb2bbeeb250945b171c69d13fae9fd529cdf8a4856c7184f660
                                                                                                                • Instruction Fuzzy Hash: ED41ACA2B84A9586DB15DF67E6540ADA7B2FB4AFC4B088032DF4D57B4ACE3CD542C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CBCBA0 Relevance: 7.6, APIs: 5, Instructions: 117COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CBCBDC
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887CBCC39
                                                                                                                • ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF887CBCC46
                                                                                                                • ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF887CBCC50
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CBCCBF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: D@std@@@std@@U?$char_traits@$_invalid_parameter_noinfo_noreturn$??1?$basic_streambuf@?flush@?$basic_ostream@D?$basic_ostream@V12@
                                                                                                                • String ID:
                                                                                                                • API String ID: 2012728387-0
                                                                                                                • Opcode ID: e1402780647fd9f5ba4265f82a7b71ad14e8cddf1fc0af9fd9e8ab2e09c68d73
                                                                                                                • Instruction ID: 9d6ff06ada32a866c34062d5baa73fbbb494c4295b575f22cb83f1686686e384
                                                                                                                • Opcode Fuzzy Hash: e1402780647fd9f5ba4265f82a7b71ad14e8cddf1fc0af9fd9e8ab2e09c68d73
                                                                                                                • Instruction Fuzzy Hash: 7D41CB62B49A8581EF248F65E48437C2672FB54FD8F689531EA5D0B798CF2CD981C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB6C80 Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887CB6CE1
                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887CB6D09
                                                                                                                • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF887CB6D35
                                                                                                                • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF887CB6DAC
                                                                                                                • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF887CB6DB8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: D@std@@@std@@U?$char_traits@$?flush@?$basic_ostream@V12@$?getloc@ios_base@std@@?uncaught_exception@std@@Osfx@?$basic_ostream@Vlocale@2@
                                                                                                                • String ID:
                                                                                                                • API String ID: 3671896189-0
                                                                                                                • Opcode ID: 4e65773688b1f2c42ebbc07e31e0dda28c504954d5f195be2978443c76955207
                                                                                                                • Instruction ID: 8317d50bb380d096622d8eb5394b12933767bc2bd5c032f350b39abf8cf2f5f8
                                                                                                                • Opcode Fuzzy Hash: 4e65773688b1f2c42ebbc07e31e0dda28c504954d5f195be2978443c76955207
                                                                                                                • Instruction Fuzzy Hash: D5413426649A8582EF548F25E09036C6BB2FB86FC9F588536DF0E17B65CF2CD556C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD3EBC Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: EventExceptionThrow$CloseCurrentHandleOpenProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 1106008904-0
                                                                                                                • Opcode ID: 87c7cc9a79bbdfa8d9774b536e87ba9f3763bfb6022dff9efd4164e42d8d3c5f
                                                                                                                • Instruction ID: ff662e063e0a84f7fe386c5b03ffb2807f5c350d20b5e45ed0ed071bb71bb308
                                                                                                                • Opcode Fuzzy Hash: 87c7cc9a79bbdfa8d9774b536e87ba9f3763bfb6022dff9efd4164e42d8d3c5f
                                                                                                                • Instruction Fuzzy Hash: F021B062B58A8292EF34DB25E4502BC6772FB49BD4F444132D75E076A6DF2CE198C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD9B80 Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionThrow$LockShared$AcquireReleasefree
                                                                                                                • String ID:
                                                                                                                • API String ID: 3699279316-0
                                                                                                                • Opcode ID: 31515549c75ed788ea0c1695023ac1dc9ebf407b0dee6fe39a9ddf696b84dbfb
                                                                                                                • Instruction ID: f64c78cf90237660a62998f8b995803aef585e5a5bd6cde4d27aabea17e12a83
                                                                                                                • Opcode Fuzzy Hash: 31515549c75ed788ea0c1695023ac1dc9ebf407b0dee6fe39a9ddf696b84dbfb
                                                                                                                • Instruction Fuzzy Hash: 7711FE2AA4964189EBA8EF31D8153BD2762FF957C4F089435ED4E4769ACF3CE045C600
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CC4BC0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00007FF87FF887CC4BC0(void* __edx, long long __rbx, long long* __rcx, long long _a8) {
				intOrPtr _t27;

				_a8 = __rbx;
				 *__rcx = 0x87cde148;
				_t27 =  *((intOrPtr*)(__rcx + 8));
				if (_t27 == __rcx + 0x20) goto 0x87cc4c14;
				if ( *(__rcx + 0x18) << 2 - 0x1000 < 0) goto 0x87cc4c0f;
				if (_t27 -  *((intOrPtr*)(_t27 - 8)) - 8 - 0x1f > 0) goto 0x87cc4c35;
				E00007FF87FF887CC56E4();
				if ((dil & 0x00000001) == 0) goto 0x87cc4c27;
				return E00007FF87FF887CC56E4();
			}




                                                                                                                0x7ff887cc4bc0
                                                                                                                0x7ff887cc4bd4
                                                                                                                0x7ff887cc4bd9
                                                                                                                0x7ff887cc4be4
                                                                                                                0x7ff887cc4bf5
                                                                                                                0x7ff887cc4c0a
                                                                                                                0x7ff887cc4c0f
                                                                                                                0x7ff887cc4c18
                                                                                                                0x7ff887cc4c34

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: free$??1facet@locale@std@@_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3103965028-0
                                                                                                                • Opcode ID: 985aa39b10825d040dc855dac926cd403c71a9902d08aeaecbf66b3b98fdfc4f
                                                                                                                • Instruction ID: 9fff112e22d9d7e37e469be773bf5aa3bdd40b9f61a1d4a6eecb6d3347fd42c2
                                                                                                                • Opcode Fuzzy Hash: 985aa39b10825d040dc855dac926cd403c71a9902d08aeaecbf66b3b98fdfc4f
                                                                                                                • Instruction Fuzzy Hash: 85216F32B59A4692EF14DF26E59427C2772FB88FC4F588031DA4E07B66DE6CD896C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CCAC20 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 195COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 46%
                                                                                                                			E00007FF87FF887CCAC20(void* __eax, void* __edi, long long __rcx, void* __rdx, long long __r8, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* _t57;
				void* _t70;
				signed long long _t87;
				void* _t90;
				void* _t98;
				void* _t102;
				void* _t109;
				long long _t111;
				long long _t117;
				void* _t134;
				intOrPtr _t135;
				signed char* _t139;
				long long _t141;
				void* _t143;
				void* _t144;
				signed long long _t145;
				long long _t161;
				void* _t162;
				long long _t167;

				_t143 = _t144 - 0x98;
				_t145 = _t144 - 0x198;
				_t87 =  *0x87ceec78; // 0x53a27ff7578c
				 *(_t143 + 0x80) = _t87 ^ _t145;
				_t167 = __r8;
				_t161 = __rcx;
				 *((long long*)(_t145 + 0x48)) = __rcx;
				 *((long long*)(_t145 + 0x50)) = _t141;
				r13d = 0x100;
				_t90 =  >  ? _t162 : __r9;
				if (__rcx == __rdx) goto 0x87ccae59;
				if (_t90 == 0) goto 0x87ccae59;
				_t6 = _t143 - 0x80; // 0x80
				 *((long long*)(_t145 + 0x40)) = _t6;
				_t8 = _t143 - 0x80; // 0x80
				 *((long long*)(_t145 + 0x38)) = _t145 + 0x40;
				 *((long long*)(_t145 + 0x30)) = _t90 + _t8;
				_t12 = _t143 - 0x80; // 0x80
				 *((long long*)(_t145 + 0x28)) = _t12;
				 *((long long*)(_t145 + 0x20)) = _t145 + 0x48;
				__imp__?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z();
				_t70 = __eax;
				if (_t70 == 0) goto 0x87ccacfe;
				if (_t70 != 0) goto 0x87ccad39;
				_t17 = _t143 - 0x80; // 0x80
				if ( *((intOrPtr*)(_t145 + 0x40)) != _t17) goto 0x87ccad03;
				if ( *((intOrPtr*)(_t145 + 0x48)) != __rdx) goto 0x87ccae85;
				goto 0x87ccae59;
				_t21 = _t143 - 0x80; // 0x80
				_t117 = __r8;
				_t57 = E00007FF87FF887CB3030(__r9, __r8, _t141,  *((intOrPtr*)(_t145 + 0x40)) - _t21);
				_t24 = _t143 - 0x80; // 0x80
				_t109 = __r9 -  *((intOrPtr*)(_t145 + 0x40)) + _t24;
				_t98 =  >  ? _t162 : _t109;
				goto 0x87ccac82;
				if (_t57 != 2) goto 0x87ccae85;
				_t139 =  *((intOrPtr*)(_t145 + 0x48));
				_t110 =  <  ? __rdx - _t139 >> 1 : _t109;
				_t166 = ( <  ? __rdx - _t139 >> 1 : _t109) + _t110;
				_t111 = ( <  ? __rdx - _t139 >> 1 : _t109) + _t110 + _t139;
				 *((long long*)(_t145 + 0x70)) = _t141;
				 *((long long*)(_t145 + 0x78)) = _t117;
				 *((intOrPtr*)(_t145 + 0x60)) = sil;
				if (_t111 - _t139 >> 1 - 0x10 < 0) goto 0x87ccad96;
				r8d = 0;
				E00007FF87FF887CCAAD0(_t111, _t145 + 0x60, _t111 - _t139 >> 1, _t141);
				 *((long long*)(_t145 + 0x70)) = _t141;
				 *((long long*)(_t145 + 0x58)) = _t145 + 0x60;
				if (_t139 == _t111) goto 0x87ccadf5;
				r9d =  *_t139 & 0x000000ff;
				if (_t141 -  *((intOrPtr*)(_t145 + 0x78)) >= 0) goto 0x87ccadd1;
				_t37 = _t141 + 1; // 0x1
				 *((long long*)(_t145 + 0x70)) = _t37;
				_t102 =  >=  ?  *((void*)(_t145 + 0x60)) : _t145 + 0x60;
				 *((intOrPtr*)(_t102 + _t141)) = r9b;
				 *((char*)(_t102 + _t141 + 1)) = 0;
				goto 0x87ccade2;
				r8d = 0;
				E00007FF87FF887CB29B0(_t111, _t145 + 0x60, _t111 - _t139 >> 1, _t139, _t161);
				if ( &(_t139[2]) != _t111) goto 0x87ccada5;
				_t134 =  >=  ?  *((void*)(_t145 + 0x60)) : _t145 + 0x60;
				E00007FF87FF887CB3030(_t111, _t167,  *((intOrPtr*)(_t145 + 0x70)),  *((intOrPtr*)(_t145 + 0x70)));
				_t135 =  *((intOrPtr*)(_t145 + 0x78));
				if (_t135 - 0x10 < 0) goto 0x87ccae51;
				if (_t135 + 1 - 0x1000 < 0) goto 0x87ccae4b;
				if ( *((intOrPtr*)(_t145 + 0x60)) -  *((intOrPtr*)( *((intOrPtr*)(_t145 + 0x60)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87ccae4b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887CC5E20(E00007FF87FF887CC56E4(), 0xf,  *(_t143 + 0x80) ^ _t145);
			}



























                                                                                                                0x7ff887ccac2d
                                                                                                                0x7ff887ccac35
                                                                                                                0x7ff887ccac3c
                                                                                                                0x7ff887ccac46
                                                                                                                0x7ff887ccac50
                                                                                                                0x7ff887ccac56
                                                                                                                0x7ff887ccac5c
                                                                                                                0x7ff887ccac6a
                                                                                                                0x7ff887ccac72
                                                                                                                0x7ff887ccac7b
                                                                                                                0x7ff887ccac82
                                                                                                                0x7ff887ccac8b
                                                                                                                0x7ff887ccac91
                                                                                                                0x7ff887ccac95
                                                                                                                0x7ff887ccac9a
                                                                                                                0x7ff887ccaca6
                                                                                                                0x7ff887ccacab
                                                                                                                0x7ff887ccacb0
                                                                                                                0x7ff887ccacb4
                                                                                                                0x7ff887ccacbe
                                                                                                                0x7ff887ccacce
                                                                                                                0x7ff887ccacd4
                                                                                                                0x7ff887ccacd6
                                                                                                                0x7ff887ccacdb
                                                                                                                0x7ff887ccacdd
                                                                                                                0x7ff887ccace9
                                                                                                                0x7ff887ccacf3
                                                                                                                0x7ff887ccacf9
                                                                                                                0x7ff887ccad03
                                                                                                                0x7ff887ccad0e
                                                                                                                0x7ff887ccad11
                                                                                                                0x7ff887ccad1b
                                                                                                                0x7ff887ccad1f
                                                                                                                0x7ff887ccad28
                                                                                                                0x7ff887ccad34
                                                                                                                0x7ff887ccad3c
                                                                                                                0x7ff887ccad42
                                                                                                                0x7ff887ccad50
                                                                                                                0x7ff887ccad54
                                                                                                                0x7ff887ccad58
                                                                                                                0x7ff887ccad5c
                                                                                                                0x7ff887ccad66
                                                                                                                0x7ff887ccad6b
                                                                                                                0x7ff887ccad7d
                                                                                                                0x7ff887ccad7f
                                                                                                                0x7ff887ccad87
                                                                                                                0x7ff887ccad8c
                                                                                                                0x7ff887ccad9b
                                                                                                                0x7ff887ccada3
                                                                                                                0x7ff887ccada5
                                                                                                                0x7ff887ccadac
                                                                                                                0x7ff887ccadae
                                                                                                                0x7ff887ccadb2
                                                                                                                0x7ff887ccadc0
                                                                                                                0x7ff887ccadc6
                                                                                                                0x7ff887ccadca
                                                                                                                0x7ff887ccadcf
                                                                                                                0x7ff887ccadd1
                                                                                                                0x7ff887ccaddd
                                                                                                                0x7ff887ccadf3
                                                                                                                0x7ff887ccadfe
                                                                                                                0x7ff887ccae0a
                                                                                                                0x7ff887ccae10
                                                                                                                0x7ff887ccae19
                                                                                                                0x7ff887ccae2d
                                                                                                                0x7ff887ccae42
                                                                                                                0x7ff887ccae44
                                                                                                                0x7ff887ccae4a
                                                                                                                0x7ff887ccae84

                                                                                                                APIs
                                                                                                                • ?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z.MSVCP140 ref: 00007FF887CCACCE
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CCAE44
                                                                                                                  • Part of subcall function 00007FF887CCAAD0: memmove.VCRUNTIME140(?,?,00007FF887CCAD8C), ref: 00007FF887CCABAE
                                                                                                                  • Part of subcall function 00007FF887CB29B0: memmove.VCRUNTIME140(?,?,?,?,?,?,00000000,00007FF887CC4980), ref: 00007FF887CB2A8F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$?out@?$codecvt@_Mbstatet@@Mbstatet@@@std@@_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: Could not convert character encoding$libs\log\src\code_conversion.cpp
                                                                                                                • API String ID: 2223218856-1764552477
                                                                                                                • Opcode ID: 373f2eaf66edeac2eb1f88e4373690d468f65cc4fe1e7d55d591e64ccef73e95
                                                                                                                • Instruction ID: 762646adfc6191f664799f925febe6d9c61d26ba0877159237ec809f5fa9f87f
                                                                                                                • Opcode Fuzzy Hash: 373f2eaf66edeac2eb1f88e4373690d468f65cc4fe1e7d55d591e64ccef73e95
                                                                                                                • Instruction Fuzzy Hash: 9A719E72A18B8585EB10CB69F8442AEA776FB85BC4F940136EB8D13B99DF3CD145C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CABB20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionThrow__std_exception_copymemmove
                                                                                                                • String ID: string pointer is null
                                                                                                                • API String ID: 1395217600-3607014066
                                                                                                                • Opcode ID: 038199a635b4dbb348c3cedf97dcc78cab75a2d3bff88be1c45ea5f51a765d28
                                                                                                                • Instruction ID: 626076371c557f60f314f2ecad6e241f9c7d50167ec9befdfe276915f4380ea3
                                                                                                                • Opcode Fuzzy Hash: 038199a635b4dbb348c3cedf97dcc78cab75a2d3bff88be1c45ea5f51a765d28
                                                                                                                • Instruction Fuzzy Hash: BC318372648B8585DB60CF11F5401ADBB72FB447D4F548232EA9D436A9DF3CE185C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB95E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00007FF87FF887CB95E0(signed long long __rcx) {
				signed int _v24;
				long long _v32;
				long long _v40;
				signed long long _v56;
				char _v64;
				signed long long _v72;
				void* _t16;
				void* _t19;
				signed long long _t26;
				signed long long _t27;
				long long* _t35;
				signed long long _t37;
				intOrPtr _t44;
				signed long long _t47;

				_t26 =  *0x87ceec78; // 0x53a27ff7578c
				_t27 = _t26 ^ _t47;
				_v24 = _t27;
				_t35 = __rcx;
				_v72 = __rcx;
				E00007FF87FF887CC56A8(_t16, _t27, __rcx);
				asm("movups xmm0, [0x23b02]");
				_t37 = _t27;
				_v40 = 0x22;
				_v32 = 0x2f;
				asm("movups [eax], xmm0");
				_v72 = _t37;
				asm("movups xmm1, [0x23aea]");
				_v64 = 1;
				asm("xorps xmm0, xmm0");
				asm("movups [eax+0x10], xmm1");
				 *((short*)(_t37 + 0x20)) =  *0x87cdd130 & 0x0000ffff;
				 *((char*)(_t37 + 0x22)) = 0;
				_v56 = _t37;
				 *_t35 = 0x87cdb9e8;
				asm("movups [edx], xmm0");
				0x87cd70e3();
				_t44 = _v32;
				 *_t35 = 0x87cdcff0;
				if (_t44 - 0x10 < 0) goto 0x87cb96b7;
				if (_t44 + 1 - 0x1000 < 0) goto 0x87cb96b2;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cb96b2;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t19 = E00007FF87FF887CC56E4();
				 *_t35 = 0x87cdd100;
				return E00007FF87FF887CC5E20(_t19, 0x30, _v24 ^ _t47);
			}

















                                                                                                                0x7ff887cb95e6
                                                                                                                0x7ff887cb95ed
                                                                                                                0x7ff887cb95f0
                                                                                                                0x7ff887cb95f5
                                                                                                                0x7ff887cb95f8
                                                                                                                0x7ff887cb9602
                                                                                                                0x7ff887cb9607
                                                                                                                0x7ff887cb960e
                                                                                                                0x7ff887cb9611
                                                                                                                0x7ff887cb961a
                                                                                                                0x7ff887cb9627
                                                                                                                0x7ff887cb962a
                                                                                                                0x7ff887cb962f
                                                                                                                0x7ff887cb9636
                                                                                                                0x7ff887cb963b
                                                                                                                0x7ff887cb963e
                                                                                                                0x7ff887cb9649
                                                                                                                0x7ff887cb9654
                                                                                                                0x7ff887cb9658
                                                                                                                0x7ff887cb9662
                                                                                                                0x7ff887cb9665
                                                                                                                0x7ff887cb9668
                                                                                                                0x7ff887cb966d
                                                                                                                0x7ff887cb9679
                                                                                                                0x7ff887cb9680
                                                                                                                0x7ff887cb9694
                                                                                                                0x7ff887cb96a9
                                                                                                                0x7ff887cb96ab
                                                                                                                0x7ff887cb96b1
                                                                                                                0x7ff887cb96b2
                                                                                                                0x7ff887cb96be
                                                                                                                0x7ff887cb96d6

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CC56A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887CA8F4E), ref: 00007FF887CC56C2
                                                                                                                • __std_exception_copy.VCRUNTIME140 ref: 00007FF887CB9668
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CB96AB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                • String ID: "$/
                                                                                                                • API String ID: 4226527432-2662438755
                                                                                                                • Opcode ID: 8bc68a9ecdaef9003c01567f2d55088e1555c5fc82e2c2546f7f6aa76963e721
                                                                                                                • Instruction ID: efa437a194f59e7df5074e670abadfb4c4f645416c0506447c1b3fa971ffdd27
                                                                                                                • Opcode Fuzzy Hash: 8bc68a9ecdaef9003c01567f2d55088e1555c5fc82e2c2546f7f6aa76963e721
                                                                                                                • Instruction Fuzzy Hash: F8216221958B8581EB118B64E45536D7771FB997D8F404235E69C037A6EF7CE1D4C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB94A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CC56A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887CA8F4E), ref: 00007FF887CC56C2
                                                                                                                • __std_exception_copy.VCRUNTIME140 ref: 00007FF887CB9527
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CB956A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                • String ID: ($/
                                                                                                                • API String ID: 4226527432-2468745909
                                                                                                                • Opcode ID: 403472947b66f0a3488c0ce6a9d17aaba04e8f8d3172aeb975bc88177ff70ba5
                                                                                                                • Instruction ID: d675f1c97b81ad4deca418666035d46867edd22a5327ae5c75b124c3878b4685
                                                                                                                • Opcode Fuzzy Hash: 403472947b66f0a3488c0ce6a9d17aaba04e8f8d3172aeb975bc88177ff70ba5
                                                                                                                • Instruction Fuzzy Hash: 58212862A58B8581EB118B24E84036D7772FBA97D8F404231EA9C077A6EF6CE1D4C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CDA8A0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExclusiveLock$AcquireRelease_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: _old.txt
                                                                                                                • API String ID: 2194057460-616907513
                                                                                                                • Opcode ID: 19375733d42b06231c66649bbc83495ebd19588091db51a5034f5594767d68ad
                                                                                                                • Instruction ID: d472584814ce9c3ac168c44e2a4107a1b6a38c486ffbf4fe962c11b2f5280548
                                                                                                                • Opcode Fuzzy Hash: 19375733d42b06231c66649bbc83495ebd19588091db51a5034f5594767d68ad
                                                                                                                • Instruction Fuzzy Hash: 77115CA0E9868386FB14C729E85533C2633BF957E5F500331D9AC436E6EFACA081D200
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CCFD40 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 26memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00007FF87FF887CCFD40(long* __rcx) {
				long _t1;

				_t1 = TlsAlloc();
				 *__rcx = _t1;
				if (_t1 == 0xffffffff) goto 0x87ccfd5f;
				return _t1;
			}




                                                                                                                0x7ff887ccfd49
                                                                                                                0x7ff887ccfd4f
                                                                                                                0x7ff887ccfd54
                                                                                                                0x7ff887ccfd5e

                                                                                                                APIs
                                                                                                                • TlsAlloc.KERNEL32(?,?,?,00007FF887CCF2EA,?,?,?,00007FF887CCF238,?,?,00000000,00007FF887CC9BEB), ref: 00007FF887CCFD49
                                                                                                                • TlsFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF887CCF238,?,?,00000000), ref: 00007FF887CCFD86
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocFree
                                                                                                                • String ID: TLS capacity depleted$libs\log\src\thread_specific.cpp
                                                                                                                • API String ID: 265982327-1379514790
                                                                                                                • Opcode ID: c51c84f54730cbf98e99767d18b2e406bb13c54ec22f08a479ce666a06b74c17
                                                                                                                • Instruction ID: a8777d02655aaa981d46672b26bab2ed45b02c3ba8c57231c99409bce8303c67
                                                                                                                • Opcode Fuzzy Hash: c51c84f54730cbf98e99767d18b2e406bb13c54ec22f08a479ce666a06b74c17
                                                                                                                • Instruction Fuzzy Hash: C3E09B31A4414B82E738AF71E44546C2B72FB59799F541930C61D0B6F1DE3C719BCB41
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA15C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: CreateSymbolicLinkW$kernel32.dll
                                                                                                                • API String ID: 1646373207-1962376091
                                                                                                                • Opcode ID: 518f2b726df48b0379b464764493b469d08d199bf35e544040c96d894980a45c
                                                                                                                • Instruction ID: 245b829bed08592b3c07e1096057872b8bbf1813eff9d66789d16eb0b0a66254
                                                                                                                • Opcode Fuzzy Hash: 518f2b726df48b0379b464764493b469d08d199bf35e544040c96d894980a45c
                                                                                                                • Instruction Fuzzy Hash: A7D0C924E99A02D1E714AF12EC8106C2AB2BF48790F800035C40D03331FF6CA19AC340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA1590 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: CreateHardLinkW$kernel32.dll
                                                                                                                • API String ID: 1646373207-294928789
                                                                                                                • Opcode ID: 815e6742ab7692d77a54d0fd69f46ece7c65f6f90913d5dedfb638f05082a8ff
                                                                                                                • Instruction ID: e754bf6fb57d5a3a47a25188007c5f17efc8557de3218745f09c4ec827ab664b
                                                                                                                • Opcode Fuzzy Hash: 815e6742ab7692d77a54d0fd69f46ece7c65f6f90913d5dedfb638f05082a8ff
                                                                                                                • Instruction Fuzzy Hash: C1D0C924E89A02D1E724AF02EC8106C2AB2BF58784F800139C40D03331FF6CA19AC340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA44C1 Relevance: 6.4, APIs: 5, Instructions: 138COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00007FF87FF887CA44C1(long long* __rax, long long __rbx, long long __rsi, char* __r9, void* __r15) {
				void* _t48;
				char* _t57;
				intOrPtr* _t61;
				long long* _t62;
				intOrPtr _t66;
				void* _t77;
				char* _t83;
				void* _t87;
				signed long long _t89;

				_t62 = __rbx;
				asm("dec ax");
				asm("psrldq xmm0, 0x8");
				asm("dec ax");
				 *__rax();
				goto 0x87ca45a6;
				 *(_t87 - 0x14) =  *(_t87 - 0x14) & 0xffffff80;
				 *(_t87 - 0x10) =  *(_t87 - 0x10) & 0x000000fe;
				 *((intOrPtr*)(_t87 - 0xf)) = 0;
				 *((intOrPtr*)(_t87 - 0x20)) = 0;
				 *((long long*)(_t89 + 0x70)) = _t87 - 0x20;
				_t57 = _t89 + 0x70;
				 *((intOrPtr*)(_t87 - 0x1c)) = 0xffffffff;
				 *((long long*)(_t87 - 0x78)) = _t57;
				 *((intOrPtr*)(_t87 - 0x70)) =  *((intOrPtr*)(__rsi + 0x58));
				 *((char*)(_t87 - 0x18)) = 0;
				 *((char*)(_t87 - 0xf)) = 0x20;
				 *((char*)(_t87 - 0xb)) = 1;
				 *((long long*)(_t89 + 0x78)) = __rsi;
				 *((long long*)(_t87 - 0x80)) = __rbx;
				E00007FF87FF887CA3CC0(_t57, __rbx, __r9, __r15, _t89 + 0x70);
				_t83 = _t57;
				if (_t57 == __r15) goto 0x87ca4547;
				if ( *_t57 == 0x7d) goto 0x87ca4556;
				E00007FF87FF887CC50C0(_t62, "missing \'}\' in format string");
				_t66 =  *((intOrPtr*)(__rsi));
				 *((long long*)(_t89 + 0x40)) = _t62;
				_t77 = _t83 - _t66;
				 *((long long*)(_t89 + 0x48)) = __rsi;
				 *((long long*)(__rsi)) = _t77 + _t66;
				 *((intOrPtr*)(__rsi + 8)) =  *((intOrPtr*)(__rsi + 8)) - _t77;
				 *((long long*)(_t89 + 0x28)) =  *_t62;
				 *((long long*)(_t89 + 0x30)) =  *((intOrPtr*)(_t62 + 0x28));
				_t61 = _t87 - 0x20;
				 *((long long*)(_t89 + 0x38)) = _t61;
				E00007FF87FF887CA4AF0();
				 *_t62 =  *_t61;
				if (_t83 == __r15) goto 0x87ca45d0;
				if ( *_t83 != 0x7d) goto 0x87ca45d0;
				_t33 = _t83 + 1; // 0x2
				if (_t33 == __r15) goto 0x87ca45e8;
				goto 0x87ca4022;
				E00007FF87FF887CA8C80(_t61, _t62, _t89 + 0x58, _t33, _t87, __r15, __r15);
				goto 0x87ca45e8;
				goto 0x87ca45e0;
				return E00007FF87FF887CC5E20(E00007FF87FF887CC50C0(_t62, "invalid format string"), _t48,  *(_t87 - 8) ^ _t89);
			}












                                                                                                                0x7ff887ca44c1
                                                                                                                0x7ff887ca44c9
                                                                                                                0x7ff887ca44ce
                                                                                                                0x7ff887ca44d3
                                                                                                                0x7ff887ca44d8
                                                                                                                0x7ff887ca44dd
                                                                                                                0x7ff887ca44e2
                                                                                                                0x7ff887ca44eb
                                                                                                                0x7ff887ca44f1
                                                                                                                0x7ff887ca44fb
                                                                                                                0x7ff887ca4502
                                                                                                                0x7ff887ca450a
                                                                                                                0x7ff887ca450f
                                                                                                                0x7ff887ca4516
                                                                                                                0x7ff887ca451d
                                                                                                                0x7ff887ca4520
                                                                                                                0x7ff887ca4524
                                                                                                                0x7ff887ca4528
                                                                                                                0x7ff887ca452c
                                                                                                                0x7ff887ca4531
                                                                                                                0x7ff887ca4535
                                                                                                                0x7ff887ca453a
                                                                                                                0x7ff887ca4540
                                                                                                                0x7ff887ca4545
                                                                                                                0x7ff887ca4551
                                                                                                                0x7ff887ca4556
                                                                                                                0x7ff887ca4560
                                                                                                                0x7ff887ca4565
                                                                                                                0x7ff887ca4568
                                                                                                                0x7ff887ca4571
                                                                                                                0x7ff887ca4578
                                                                                                                0x7ff887ca4584
                                                                                                                0x7ff887ca458d
                                                                                                                0x7ff887ca4592
                                                                                                                0x7ff887ca4596
                                                                                                                0x7ff887ca459b
                                                                                                                0x7ff887ca45a3
                                                                                                                0x7ff887ca45a9
                                                                                                                0x7ff887ca45ae
                                                                                                                0x7ff887ca45b0
                                                                                                                0x7ff887ca45b7
                                                                                                                0x7ff887ca45b9
                                                                                                                0x7ff887ca45c9
                                                                                                                0x7ff887ca45ce
                                                                                                                0x7ff887ca45d7
                                                                                                                0x7ff887ca4621

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memchr$memmove
                                                                                                                • String ID:
                                                                                                                • API String ID: 4199700744-0
                                                                                                                • Opcode ID: 73a91e6077936b72f932de7d3562217ea11923a2af180b412c3a42b8658b6dad
                                                                                                                • Instruction ID: fc532d0e4519068a9591f7ea0ecec12e9f45499b5783f7e1bbf98c185cbfd4a2
                                                                                                                • Opcode Fuzzy Hash: 73a91e6077936b72f932de7d3562217ea11923a2af180b412c3a42b8658b6dad
                                                                                                                • Instruction Fuzzy Hash: ED516BA2A48B8582DB20CF29E64026DA7B2FB44BD5F544136DF9E03B95DF3CE654D340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB8800 Relevance: 6.4, APIs: 5, Instructions: 131COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove
                                                                                                                • String ID:
                                                                                                                • API String ID: 2162964266-0
                                                                                                                • Opcode ID: adc04215cd4fd4c0a0b031881e90294048e23f6722abfe3fe1c836f0e6035876
                                                                                                                • Instruction ID: e3b49a0c6f9d2647472d8c3bfeac898f11d694f1d3bad3c05ace44d41de25d5a
                                                                                                                • Opcode Fuzzy Hash: adc04215cd4fd4c0a0b031881e90294048e23f6722abfe3fe1c836f0e6035876
                                                                                                                • Instruction Fuzzy Hash: D2419F32A08B8182EB249F26E5841AD63B2F715BC4F544A35DFAD07786CF7CE290C380
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CC04D0 Relevance: 6.4, APIs: 5, Instructions: 107COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionThrow$__std_exception_copy
                                                                                                                • String ID:
                                                                                                                • API String ID: 174860668-0
                                                                                                                • Opcode ID: 5835f474e1769be0152aa8ffbbf43488734d5310dad5b9431d807699ec9559d6
                                                                                                                • Instruction ID: 401dda753e4b1efab4df892a3aa0c7bf6a80adbae27547c8df19436d40df98e9
                                                                                                                • Opcode Fuzzy Hash: 5835f474e1769be0152aa8ffbbf43488734d5310dad5b9431d807699ec9559d6
                                                                                                                • Instruction Fuzzy Hash: 2211305266858691EF24EB20D8951EE6332FB947C4FA04131E28E479B6DE3CF609CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CC4470 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 193COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove
                                                                                                                • String ID: #$%
                                                                                                                • API String ID: 2162964266-2141590602
                                                                                                                • Opcode ID: 34b4d6372bd322e99289d8db90c65af6c82bb6af3c9b5a6835dcb834b3bcb206
                                                                                                                • Instruction ID: 791537a92ae8aa630098de6bd2bb8ab19f81b8e2b1ce25958b3bcbf8b1b16f24
                                                                                                                • Opcode Fuzzy Hash: 34b4d6372bd322e99289d8db90c65af6c82bb6af3c9b5a6835dcb834b3bcb206
                                                                                                                • Instruction Fuzzy Hash: 2071DD62A48A8585EB118F25D5043BEBFB6BB94BC8F459132DF4A07399CF3CDA55C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CC4200 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 191COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove
                                                                                                                • String ID: #$%
                                                                                                                • API String ID: 2162964266-2141590602
                                                                                                                • Opcode ID: 88576e8595118c141d0c5084a1eeabb62c25855a64c728a16ca8d9d51b900290
                                                                                                                • Instruction ID: fedecd35826dd0b49dee73d6fbc389fa9d9af1ec0d1f5d97a1c6061d22307ba6
                                                                                                                • Opcode Fuzzy Hash: 88576e8595118c141d0c5084a1eeabb62c25855a64c728a16ca8d9d51b900290
                                                                                                                • Instruction Fuzzy Hash: F271EE22A58A8681EB118F25D5053BEABB2FBD5FC8F499132DE0A17694CF3CD656C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CCDC80 Relevance: 6.2, APIs: 4, Instructions: 187COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CBE130: ?exceptions@ios_base@std@@QEAAXH@Z.MSVCP140 ref: 00007FF887CBE154
                                                                                                                  • Part of subcall function 00007FF887CBE130: ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF887CBE180
                                                                                                                • ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z.MSVCP140 ref: 00007FF887CCDCB3
                                                                                                                • ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z.MSVCP140 ref: 00007FF887CCDCD9
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CCDDC9
                                                                                                                • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF887CCDE99
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@$?exceptions@ios_base@std@@?imbue@?$basic_ios@Init@locale@std@@Locimp@12@_V32@@Vlocale@2@_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 978063264-0
                                                                                                                • Opcode ID: 5171cbfb1a66cbbb129140d7ad303c9ca4bda11a20518d13f7f221ebe2b3a53d
                                                                                                                • Instruction ID: b3260b7a4f601256d875ea642e8e4aeb4d6d8ee78037639f35a4638fd71bc7ba
                                                                                                                • Opcode Fuzzy Hash: 5171cbfb1a66cbbb129140d7ad303c9ca4bda11a20518d13f7f221ebe2b3a53d
                                                                                                                • Instruction Fuzzy Hash: 76817932B49A458AEB24CF65D0403AD33B2FB94B98F144539DE1E57B99DF38E891C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CCD5B0 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionThrow__std_type_info_compare
                                                                                                                • String ID:
                                                                                                                • API String ID: 3388463524-0
                                                                                                                • Opcode ID: 4a945596ebe210e8d5b4c4a0263ef2dc93e63b01e4b1471ce050fdae2d993596
                                                                                                                • Instruction ID: 88dbe47342700cc8f66a84f621e3afe10e54e3440870c747e8714f5945eb12dc
                                                                                                                • Opcode Fuzzy Hash: 4a945596ebe210e8d5b4c4a0263ef2dc93e63b01e4b1471ce050fdae2d993596
                                                                                                                • Instruction Fuzzy Hash: AA518672A58B8182EB20CF25E84026D77B6FB88BD4F598532EE8D03769DF38D550C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA2760 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 149COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • d, xrefs: 00007FF887CA28DC
                                                                                                                • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00007FF887CA276F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove
                                                                                                                • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899$d
                                                                                                                • API String ID: 2162964266-2578503166
                                                                                                                • Opcode ID: 5f542f157bc4bcc359921d91813b84694f3378aacfbd99376261179b15e2f923
                                                                                                                • Instruction ID: 156f48351b939b92a3042c83c1b8a903b6759046c1a090fa9c025ab314037043
                                                                                                                • Opcode Fuzzy Hash: 5f542f157bc4bcc359921d91813b84694f3378aacfbd99376261179b15e2f923
                                                                                                                • Instruction Fuzzy Hash: F651B9B3A48A9486DB19CB6AE5445AEBB71F789BC0B088432DF8E43761DF38D594C310
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CCFA00 Relevance: 6.1, APIs: 4, Instructions: 140timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 52%
                                                                                                                			E00007FF87FF887CCFA00(void* __esi, long long __rbx, intOrPtr* __rcx, unsigned int __rdx, long long _a24) {
				signed int _v40;
				void* _v80;
				signed long long _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				signed long long _v120;
				void* _v124;
				void* _v128;
				signed short _v134;
				signed int _v136;
				signed int _t37;
				signed short _t52;
				signed long long _t61;
				signed long long _t89;
				void* _t90;

				_a24 = __rbx;
				_t61 =  *0x87ceec78; // 0x53a27ff7578c
				_v40 = _t61 ^ _t90 - 0x00000090;
				GetSystemTimeAsFileTime(??);
				_t89 = __rdx >> 0x12;
				_v120 = _t89;
				 *__rdx();
				_t37 =  *0x431BDE82D7B634E7 & 0x0000ffff;
				if (0x431bde82d7b634dc - 2 < 0) goto 0x87ccfb6a;
				if (_t37 - 0x1f > 0) goto 0x87ccfb7b;
				_t52 = ( *0x431BDE82D7B634EB & 0x0000ffff) + 1;
				if ((_t52 & 0x0000ffff) + 1 - 2 < 0) goto 0x87ccfb8c;
				if (_t52 - 0xc > 0) goto 0x87ccfb9a;
				r9d =  *0x431BDE82D7B634EF & 0x0000ffff;
				r9w = r9w + 0x76c;
				if ((r9w & 0xffffffff) + 1 - 0x579 < 0) goto 0x87ccfba8;
				if (r9w - 0x270f > 0) goto 0x87ccfbba;
				_v112 =  *((intOrPtr*)(0x431bde82d7b634e3));
				_v104 =  *((intOrPtr*)(0x431bde82d7b634df));
				asm("movups xmm0, [esp+0x38]");
				_v96 =  *0xd7b634db;
				asm("movups [edi+0x8], xmm0");
				_v136 = r9w;
				_v134 = _t52;
				_v88 = _t89 * 0xf4240;
				asm("movups xmm1, [esp+0x48]");
				 *((intOrPtr*)(__rcx)) = _v136;
				 *(__rcx + 4) = _t37;
				asm("movups [edi+0x18], xmm1");
				return E00007FF87FF887CC5E20(_t37, _v136, _v40 ^ _t90 - 0x00000090);
			}



















                                                                                                                0x7ff887ccfa00
                                                                                                                0x7ff887ccfa0f
                                                                                                                0x7ff887ccfa19
                                                                                                                0x7ff887ccfa2c
                                                                                                                0x7ff887ccfa7c
                                                                                                                0x7ff887ccfa80
                                                                                                                0x7ff887ccfa85
                                                                                                                0x7ff887ccfa8a
                                                                                                                0x7ff887ccfa94
                                                                                                                0x7ff887ccfa9d
                                                                                                                0x7ff887ccfaa8
                                                                                                                0x7ff887ccfab3
                                                                                                                0x7ff887ccfabd
                                                                                                                0x7ff887ccfac3
                                                                                                                0x7ff887ccfacd
                                                                                                                0x7ff887ccfadd
                                                                                                                0x7ff887ccfaec
                                                                                                                0x7ff887ccfaf6
                                                                                                                0x7ff887ccfaff
                                                                                                                0x7ff887ccfb07
                                                                                                                0x7ff887ccfb0c
                                                                                                                0x7ff887ccfb18
                                                                                                                0x7ff887ccfb1c
                                                                                                                0x7ff887ccfb25
                                                                                                                0x7ff887ccfb2c
                                                                                                                0x7ff887ccfb31
                                                                                                                0x7ff887ccfb3a
                                                                                                                0x7ff887ccfb3c
                                                                                                                0x7ff887ccfb43
                                                                                                                0x7ff887ccfb69

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Time$EventFileSystem__acrt_iob_funcfflush
                                                                                                                • String ID:
                                                                                                                • API String ID: 1736211985-0
                                                                                                                • Opcode ID: 8fbe9deb50a2553d171e416f978606913200a09efcb97367198c30951ce863af
                                                                                                                • Instruction ID: da1007704e3d1397b7960a7efe03e6308d2601e5784e87c668596c655010cf05
                                                                                                                • Opcode Fuzzy Hash: 8fbe9deb50a2553d171e416f978606913200a09efcb97367198c30951ce863af
                                                                                                                • Instruction Fuzzy Hash: 86510722E1865186EB288B29E46577D6372FBC97C4F50503AEB8E43B96CF3CD155CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB9AD0 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140(?,?,00000000,?,?,00007FF887CB610B), ref: 00007FF887CB9B1D
                                                                                                                • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140(?,?,00000000,?,?,00007FF887CB610B), ref: 00007FF887CB9C07
                                                                                                                • ?exceptions@ios_base@std@@QEAAXH@Z.MSVCP140(?,?,00000000,?,?,00007FF887CB610B), ref: 00007FF887CB9C4A
                                                                                                                • ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z.MSVCP140(?,?,00000000,?,?,00007FF887CB610B), ref: 00007FF887CB9C6D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_ostream@??0?$basic_streambuf@?exceptions@ios_base@std@@?imbue@?$basic_ios@D@std@@@1@_V32@@V?$basic_streambuf@Vlocale@2@
                                                                                                                • String ID:
                                                                                                                • API String ID: 3082451130-0
                                                                                                                • Opcode ID: 65962441ffbfd86a22632ce13964d0f0351af5448cad341264558a9a5c1d9756
                                                                                                                • Instruction ID: d343828582f3800e52484d4bde179a562671b9eb69c654b3b00da814610ae15a
                                                                                                                • Opcode Fuzzy Hash: 65962441ffbfd86a22632ce13964d0f0351af5448cad341264558a9a5c1d9756
                                                                                                                • Instruction Fuzzy Hash: 3E511F32640B4486EB549F2AE89036D7BA5FB94FD8F588436DE5E037A5CF38D5A1C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA7C90 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 130COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memset$memmove
                                                                                                                • String ID: 0123456789ABCDEF$0123456789abcdef
                                                                                                                • API String ID: 3527438329-885041942
                                                                                                                • Opcode ID: 01c60fb82b4070b04af536b7e455bd7ddc4279d52e774962564a86c2e4666df0
                                                                                                                • Instruction ID: 314c6e806c90507a290e9611ea71b3494aba47903c506b5ea9c9c99050400845
                                                                                                                • Opcode Fuzzy Hash: 01c60fb82b4070b04af536b7e455bd7ddc4279d52e774962564a86c2e4666df0
                                                                                                                • Instruction Fuzzy Hash: 7D41BFA2B48A5586DB149F1AE5401ADB772FB89FD5B488032DF4D07B5ADF3CD8A2C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA7E50 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 129COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memset$memmove
                                                                                                                • String ID: 0123456789ABCDEF$0123456789abcdef
                                                                                                                • API String ID: 3527438329-885041942
                                                                                                                • Opcode ID: 965fe44ab52bcfe57b52ceee5a0724d6543be5051b4c50be708f4ccc0e8df8c3
                                                                                                                • Instruction ID: bdb6b3b809ad5b244a833b351af6746e0c775555ffa2e85569093cd0c6d50ccb
                                                                                                                • Opcode Fuzzy Hash: 965fe44ab52bcfe57b52ceee5a0724d6543be5051b4c50be708f4ccc0e8df8c3
                                                                                                                • Instruction Fuzzy Hash: AD418EA2B48A5586DB149F16E9401ADA771FB89FD5B488032DF4C07B5ADF3CD5A6C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CBC1D0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E00007FF87FF887CBC1D0(long long __rbx, long long* __rcx, signed int __rdx, long long __r14) {
				void* _t21;
				void* _t22;
				void* _t25;
				void* _t43;
				long long _t44;
				long long* _t48;
				signed long long _t53;
				unsigned long long _t63;
				int _t66;
				int _t73;
				long long _t76;
				unsigned long long _t77;
				void* _t79;
				long long _t88;
				void* _t90;

				 *((long long*)(_t79 + 0x10)) = __rbx;
				 *((long long*)(_t79 + 0x18)) = _t76;
				_t77 =  *((intOrPtr*)(__rcx + 0x18));
				r15d = r8b;
				_t48 = __rcx;
				if (__rdx - _t77 > 0) goto 0x87cbc21c;
				if (_t77 - 0x10 < 0) goto 0x87cbc201;
				 *((long long*)(__rcx + 0x10)) = __rdx;
				_t21 = memset(_t90, _t66, _t73);
				 *((char*)( *((intOrPtr*)(__rcx)) + __rdx)) = 0;
				goto 0x87cbc30b;
				if (__rdx - 0xffffffff > 0) goto 0x87cbc328;
				 *((long long*)(_t79 - 0x20 + 0x40)) = __r14;
				_t53 = __rdx | 0x0000000f;
				if (_t53 - 0xffffffff > 0) goto 0x87cbc27a;
				_t63 = _t77 >> 1;
				if (_t77 - 0xffffffff - _t63 > 0) goto 0x87cbc27a;
				_t43 = _t63 + _t77;
				_t8 = ( <  ? _t43 : _t53) + 1; // 0x9
				_t44 = _t8;
				if (_t44 - 0x1000 < 0) goto 0x87cbc2a0;
				_t9 = _t44 + 0x27; // 0x30
				if (_t9 - _t44 <= 0) goto 0x87cbc32e;
				goto 0x87cbc284;
				_t22 = E00007FF87FF887CC56A8(_t21, _t44, 0x27);
				if (_t44 == 0) goto 0x87cbc321;
				_t10 = _t44 + 0x27; // 0x27
				 *((long long*)((_t10 & 0xffffffe0) - 8)) = _t44;
				goto 0x87cbc2b5;
				if (_t44 == 0) goto 0x87cbc2b2;
				E00007FF87FF887CC56A8(_t22, _t44, _t44);
				_t88 = _t44;
				goto 0x87cbc2b5;
				r14d = 0;
				 *((long long*)(_t48 + 0x10)) = __rdx;
				 *((long long*)(_t48 + 0x18)) =  <  ? _t43 : _t53;
				memset(??, ??, ??);
				 *((char*)(_t88 + __rdx)) = 0;
				if (_t77 - 0x10 < 0) goto 0x87cbc303;
				if (_t77 + 1 - 0x1000 < 0) goto 0x87cbc2fe;
				if ( *_t48 -  *((intOrPtr*)( *_t48 - 8)) - 8 - 0x1f > 0) goto 0x87cbc321;
				_t25 = E00007FF87FF887CC56E4();
				 *_t48 = _t88;
				return _t25;
			}


















                                                                                                                0x7ff887cbc1d0
                                                                                                                0x7ff887cbc1d5
                                                                                                                0x7ff887cbc1e2
                                                                                                                0x7ff887cbc1e9
                                                                                                                0x7ff887cbc1ed
                                                                                                                0x7ff887cbc1f3
                                                                                                                0x7ff887cbc1fc
                                                                                                                0x7ff887cbc201
                                                                                                                0x7ff887cbc20e
                                                                                                                0x7ff887cbc213
                                                                                                                0x7ff887cbc217
                                                                                                                0x7ff887cbc229
                                                                                                                0x7ff887cbc232
                                                                                                                0x7ff887cbc237
                                                                                                                0x7ff887cbc23e
                                                                                                                0x7ff887cbc246
                                                                                                                0x7ff887cbc24f
                                                                                                                0x7ff887cbc251
                                                                                                                0x7ff887cbc25f
                                                                                                                0x7ff887cbc25f
                                                                                                                0x7ff887cbc269
                                                                                                                0x7ff887cbc26b
                                                                                                                0x7ff887cbc272
                                                                                                                0x7ff887cbc278
                                                                                                                0x7ff887cbc284
                                                                                                                0x7ff887cbc28c
                                                                                                                0x7ff887cbc292
                                                                                                                0x7ff887cbc29a
                                                                                                                0x7ff887cbc29e
                                                                                                                0x7ff887cbc2a3
                                                                                                                0x7ff887cbc2a8
                                                                                                                0x7ff887cbc2ad
                                                                                                                0x7ff887cbc2b0
                                                                                                                0x7ff887cbc2b2
                                                                                                                0x7ff887cbc2b8
                                                                                                                0x7ff887cbc2bf
                                                                                                                0x7ff887cbc2c6
                                                                                                                0x7ff887cbc2cb
                                                                                                                0x7ff887cbc2d4
                                                                                                                0x7ff887cbc2e4
                                                                                                                0x7ff887cbc2f9
                                                                                                                0x7ff887cbc2fe
                                                                                                                0x7ff887cbc303
                                                                                                                0x7ff887cbc320

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memset$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 674427795-0
                                                                                                                • Opcode ID: e342e99b685ff44c21d1a7456a9f6da6b9c40bf2ea54ffcf52156b01f710bb59
                                                                                                                • Instruction ID: 74da1a8a7e880e0ac3c4f1efadd7223ca0201c090132483e9f552eba50926dfb
                                                                                                                • Opcode Fuzzy Hash: e342e99b685ff44c21d1a7456a9f6da6b9c40bf2ea54ffcf52156b01f710bb59
                                                                                                                • Instruction Fuzzy Hash: 9031D222B49A8685FF249A91D5043BC6663BB44FD0F940A32EB2D0B7C9DE7CD581C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB29B0 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 45%
                                                                                                                			E00007FF87FF887CB29B0(long long __rbx, long long* __rcx, void* __rdx, long long __rdi, long long __r12) {
				void* _t28;
				void* _t29;
				void* _t33;
				long long _t51;
				long long _t57;
				unsigned long long _t64;
				signed long long _t73;
				long long _t81;
				int _t83;
				long long* _t84;
				long long _t86;
				unsigned long long _t87;
				void* _t89;
				void* _t90;
				signed long long _t94;
				void* _t96;
				intOrPtr _t97;
				void* _t99;

				 *((long long*)(_t89 + 0x20)) = __rbx;
				_t90 = _t89 - 0x20;
				_t97 =  *((intOrPtr*)(__rcx + 0x10));
				r15d = r9b & 0xffffffff;
				_t84 = __rcx;
				if (0xffffffff - _t97 - __rdx < 0) goto 0x87cb2b0a;
				 *((long long*)(_t90 + 0x40)) = _t86;
				_t87 =  *((intOrPtr*)(__rcx + 0x18));
				 *((long long*)(_t90 + 0x48)) = __rdi;
				 *((long long*)(_t90 + 0x50)) = __r12;
				_t94 = _t97 + __rdx;
				_t73 = _t94 | 0x0000000f;
				if (_t73 - 0xffffffff > 0) goto 0x87cb2a3f;
				_t64 = _t87 >> 1;
				if (_t87 - 0xffffffff - _t64 > 0) goto 0x87cb2a3f;
				_t57 =  <  ? _t64 + _t87 : _t73;
				_t51 = _t57 + 1;
				if (_t51 - 0x1000 < 0) goto 0x87cb2a61;
				_t10 = _t51 + 0x27; // 0x27
				if (_t10 - _t51 <= 0) goto 0x87cb2b10;
				goto 0x87cb2a49;
				_t29 = E00007FF87FF887CC56A8(_t28, _t51, 0x27);
				if (_t51 == 0) goto 0x87cb2acd;
				_t11 = _t51 + 0x27; // 0x27
				 *((long long*)((_t11 & 0xffffffe0) - 8)) = _t51;
				goto 0x87cb2a75;
				if (_t51 == 0) goto 0x87cb2a73;
				E00007FF87FF887CC56A8(_t29, _t51, _t51);
				_t81 = _t51;
				goto 0x87cb2a75;
				 *(_t84 + 0x10) = _t94;
				 *((long long*)(_t84 + 0x18)) = _t57;
				if (_t87 - 0x10 < 0) goto 0x87cb2ad4;
				memmove(_t99, _t96, _t83);
				 *((intOrPtr*)(_t81 + _t97)) = r15b;
				 *((char*)(_t81 + _t97 + 1)) = 0;
				if (_t87 + 1 - 0x1000 < 0) goto 0x87cb2ac3;
				_t20 =  *_t84 -  *((intOrPtr*)( *_t84 - 8)) - 8; // 0x7ffffffffffffff7
				if (_t20 - 0x1f > 0) goto 0x87cb2acd;
				E00007FF87FF887CC56E4();
				goto 0x87cb2ae6;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t33 = memmove(??, ??, ??);
				 *((intOrPtr*)(_t81 + _t97)) = r15b;
				 *((char*)(_t81 + _t97 + 1)) = 0;
				 *_t84 = _t81;
				return _t33;
			}





















                                                                                                                0x7ff887cb29b0
                                                                                                                0x7ff887cb29ba
                                                                                                                0x7ff887cb29be
                                                                                                                0x7ff887cb29cf
                                                                                                                0x7ff887cb29d6
                                                                                                                0x7ff887cb29dc
                                                                                                                0x7ff887cb29e2
                                                                                                                0x7ff887cb29e7
                                                                                                                0x7ff887cb29eb
                                                                                                                0x7ff887cb29f0
                                                                                                                0x7ff887cb29f5
                                                                                                                0x7ff887cb29fc
                                                                                                                0x7ff887cb2a03
                                                                                                                0x7ff887cb2a0b
                                                                                                                0x7ff887cb2a14
                                                                                                                0x7ff887cb2a20
                                                                                                                0x7ff887cb2a24
                                                                                                                0x7ff887cb2a2e
                                                                                                                0x7ff887cb2a30
                                                                                                                0x7ff887cb2a37
                                                                                                                0x7ff887cb2a3d
                                                                                                                0x7ff887cb2a49
                                                                                                                0x7ff887cb2a51
                                                                                                                0x7ff887cb2a53
                                                                                                                0x7ff887cb2a5b
                                                                                                                0x7ff887cb2a5f
                                                                                                                0x7ff887cb2a64
                                                                                                                0x7ff887cb2a69
                                                                                                                0x7ff887cb2a6e
                                                                                                                0x7ff887cb2a71
                                                                                                                0x7ff887cb2a75
                                                                                                                0x7ff887cb2a7c
                                                                                                                0x7ff887cb2a87
                                                                                                                0x7ff887cb2a8f
                                                                                                                0x7ff887cb2a98
                                                                                                                0x7ff887cb2a9c
                                                                                                                0x7ff887cb2aa9
                                                                                                                0x7ff887cb2ab6
                                                                                                                0x7ff887cb2abe
                                                                                                                0x7ff887cb2ac6
                                                                                                                0x7ff887cb2acb
                                                                                                                0x7ff887cb2acd
                                                                                                                0x7ff887cb2ad3
                                                                                                                0x7ff887cb2ad7
                                                                                                                0x7ff887cb2adc
                                                                                                                0x7ff887cb2ae0
                                                                                                                0x7ff887cb2ae6
                                                                                                                0x7ff887cb2b09

                                                                                                                APIs
                                                                                                                • memmove.VCRUNTIME140(?,?,?,?,?,?,00000000,00007FF887CC4980), ref: 00007FF887CB2A8F
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,00007FF887CC4980), ref: 00007FF887CB2ACD
                                                                                                                • memmove.VCRUNTIME140(?,?,?,?,?,?,00000000,00007FF887CC4980), ref: 00007FF887CB2AD7
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887CB2B10
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 2016347663-0
                                                                                                                • Opcode ID: 886e374365119e1221a35c2cd39303fbd5fbd754e80a3eab4d3bbd931c25b5cc
                                                                                                                • Instruction ID: f94a91bb0bb78101d4884ea9982d31fa5a09d2101ec6f650fea007717c0a6b51
                                                                                                                • Opcode Fuzzy Hash: 886e374365119e1221a35c2cd39303fbd5fbd754e80a3eab4d3bbd931c25b5cc
                                                                                                                • Instruction Fuzzy Hash: B831BF21B4978195EB209B16E5042ADA763FB48BE0F980635EF6D077D6DF7CE191C304
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB6430 Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 31%
                                                                                                                			E00007FF87FF887CB6430(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __rsi, void* __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				long long _v56;
				char _v64;
				void* _v72;
				char _v88;
				void* __rdi;
				void* _t31;
				void* _t37;
				void* _t43;
				void* _t51;
				void* _t55;
				long long _t57;
				intOrPtr* _t59;
				long long _t61;
				long long _t83;
				void* _t86;
				void* _t98;
				void* _t101;

				_t84 = __rsi;
				_t57 = __rax;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __r9;
				_a8 = __rcx;
				_t101 = __r8;
				_t61 = __rcx;
				_t31 = E00007FF87FF887CD6670(__rax);
				if (_t57 == 0) goto 0x87cb647e;
				r10d =  *((intOrPtr*)(__rcx + 0x28));
				if ( *_t57 != r10d) goto 0x87cb647e;
				goto 0x87cb64fe;
				_v56 = __rcx + 0x10;
				__imp__AcquireSRWLockShared();
				E00007FF87FF887CC56A8(_t31, _t57, __rcx + 0x10);
				_v64 = _t57;
				if (_t57 == 0) goto 0x87cb64bf;
				E00007FF87FF887CB9AD0(_t43,  *((intOrPtr*)(_t61 + 0x28)), _t51, _t61, _t57, _t61 + 0x38, _t61 + 0x30);
				_t83 = _t57;
				goto 0x87cb64c3;
				__imp__ReleaseSRWLockShared();
				E00007FF87FF887CD6670(_t57);
				_t55 = _t57 - _t83;
				if (_t55 == 0) goto 0x87cb64f6;
				_v88 = 1;
				E00007FF87FF887CD6E20( *((intOrPtr*)(_t61 + 0x28)), _t57, _t61, _t61 + 0x48, 0x87cbc340, _t83, __rsi, _t86,  *((intOrPtr*)(_t61 + 0x48)), _t83, _t98);
				_v64 = _t83;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t83 + 0x128))))))();
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				_t37 = E00007FF87FF887CB8A90( &_v72, _t101);
				_t22 = _t83 + 8; // 0x8
				E00007FF87FF887CCE2D0(_t37, _t61, _a32, _t83, _t84, _t86, _t22);
				_t59 = _v72;
				 *_t59 =  *_t59 - 1;
				if (_t55 != 0) goto 0x87cb657e;
				 *((intOrPtr*)(_t59 + 4)) = 0;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t55 < 0) goto 0x87cb657e;
				if (0x80000000 - 0x80000000 <= 0) goto 0x87cb657e;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x87cb657e;
				E00007FF87FF887CBD940(_t59 + 8);
				SetEvent(??);
				return E00007FF87FF887CBA810(_t61,  &_v64);
			}





















                                                                                                                0x7ff887cb6430
                                                                                                                0x7ff887cb6430
                                                                                                                0x7ff887cb6430
                                                                                                                0x7ff887cb6435
                                                                                                                0x7ff887cb643a
                                                                                                                0x7ff887cb643f
                                                                                                                0x7ff887cb6454
                                                                                                                0x7ff887cb645a
                                                                                                                0x7ff887cb6461
                                                                                                                0x7ff887cb646c
                                                                                                                0x7ff887cb646e
                                                                                                                0x7ff887cb6475
                                                                                                                0x7ff887cb6479
                                                                                                                0x7ff887cb6482
                                                                                                                0x7ff887cb648a
                                                                                                                0x7ff887cb6496
                                                                                                                0x7ff887cb649b
                                                                                                                0x7ff887cb64a3
                                                                                                                0x7ff887cb64b3
                                                                                                                0x7ff887cb64b8
                                                                                                                0x7ff887cb64bd
                                                                                                                0x7ff887cb64c6
                                                                                                                0x7ff887cb64d0
                                                                                                                0x7ff887cb64d5
                                                                                                                0x7ff887cb64d8
                                                                                                                0x7ff887cb64da
                                                                                                                0x7ff887cb64f1
                                                                                                                0x7ff887cb64fe
                                                                                                                0x7ff887cb6514
                                                                                                                0x7ff887cb651d
                                                                                                                0x7ff887cb652b
                                                                                                                0x7ff887cb6531
                                                                                                                0x7ff887cb653b
                                                                                                                0x7ff887cb6541
                                                                                                                0x7ff887cb6546
                                                                                                                0x7ff887cb6549
                                                                                                                0x7ff887cb654b
                                                                                                                0x7ff887cb6557
                                                                                                                0x7ff887cb655b
                                                                                                                0x7ff887cb655f
                                                                                                                0x7ff887cb6566
                                                                                                                0x7ff887cb6568
                                                                                                                0x7ff887cb656d
                                                                                                                0x7ff887cb656f
                                                                                                                0x7ff887cb6577
                                                                                                                0x7ff887cb65a1

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LockShared$?flush@?$basic_ostream@AcquireD@std@@@std@@EventReleaseU?$char_traits@V12@
                                                                                                                • String ID:
                                                                                                                • API String ID: 3106982728-0
                                                                                                                • Opcode ID: dca59bed34d5218c9d0a5de8591030f77544f2d2cb362cc734211e3e6298320c
                                                                                                                • Instruction ID: 348e07f3f759a56647b2b6b18b123f4f3989e46fb08db17bcb900c364d6e8586
                                                                                                                • Opcode Fuzzy Hash: dca59bed34d5218c9d0a5de8591030f77544f2d2cb362cc734211e3e6298320c
                                                                                                                • Instruction Fuzzy Hash: F6419D32A48A4292EB51DF65E4401AEA772FB96BD4F404032EE4D13765DF3CDA95C780
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB62B0 Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 34%
                                                                                                                			E00007FF87FF887CB62B0(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __rsi, void* __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				long long _v56;
				char _v64;
				void* _v72;
				char _v88;
				void* __rdi;
				void* _t31;
				void* _t42;
				void* _t50;
				void* _t54;
				long long _t56;
				intOrPtr* _t58;
				long long _t60;
				long long _t82;
				void* _t85;
				void* _t97;
				void* _t100;

				_t56 = __rax;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __r9;
				_a8 = __rcx;
				_t100 = __r8;
				_t60 = __rcx;
				_t31 = E00007FF87FF887CD6670(__rax);
				if (_t56 == 0) goto 0x87cb62fe;
				r10d =  *((intOrPtr*)(__rcx + 0x28));
				if ( *_t56 != r10d) goto 0x87cb62fe;
				goto 0x87cb637e;
				_v56 = __rcx + 0x10;
				__imp__AcquireSRWLockShared();
				E00007FF87FF887CC56A8(_t31, _t56, __rcx + 0x10);
				_v64 = _t56;
				if (_t56 == 0) goto 0x87cb633f;
				E00007FF87FF887CB9AD0(_t42,  *((intOrPtr*)(_t60 + 0x28)), _t50, _t60, _t56, _t60 + 0x38, _t60 + 0x30);
				_t82 = _t56;
				goto 0x87cb6343;
				__imp__ReleaseSRWLockShared();
				E00007FF87FF887CD6670(_t56);
				_t54 = _t56 - _t82;
				if (_t54 == 0) goto 0x87cb6376;
				_v88 = 1;
				E00007FF87FF887CD6E20( *((intOrPtr*)(_t60 + 0x28)), _t56, _t60, _t60 + 0x48, 0x87cbc340, _t82, __rsi, _t85,  *((intOrPtr*)(_t60 + 0x48)), _t82, _t97);
				_v64 = _t82;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t82 + 0x128))))))();
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				E00007FF87FF887CB8A90( &_v72, _t100);
				E00007FF87FF887CCDF50();
				_t58 = _v72;
				 *_t58 =  *_t58 - 1;
				if (_t54 != 0) goto 0x87cb63fe;
				 *((intOrPtr*)(_t58 + 4)) = 0;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t54 < 0) goto 0x87cb63fe;
				if (0x80000000 - 0x80000000 <= 0) goto 0x87cb63fe;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x87cb63fe;
				E00007FF87FF887CBD940(_t58 + 8);
				SetEvent(??);
				return E00007FF87FF887CBA810(_t60,  &_v64);
			}




















                                                                                                                0x7ff887cb62b0
                                                                                                                0x7ff887cb62b0
                                                                                                                0x7ff887cb62b5
                                                                                                                0x7ff887cb62ba
                                                                                                                0x7ff887cb62bf
                                                                                                                0x7ff887cb62d4
                                                                                                                0x7ff887cb62da
                                                                                                                0x7ff887cb62e1
                                                                                                                0x7ff887cb62ec
                                                                                                                0x7ff887cb62ee
                                                                                                                0x7ff887cb62f5
                                                                                                                0x7ff887cb62f9
                                                                                                                0x7ff887cb6302
                                                                                                                0x7ff887cb630a
                                                                                                                0x7ff887cb6316
                                                                                                                0x7ff887cb631b
                                                                                                                0x7ff887cb6323
                                                                                                                0x7ff887cb6333
                                                                                                                0x7ff887cb6338
                                                                                                                0x7ff887cb633d
                                                                                                                0x7ff887cb6346
                                                                                                                0x7ff887cb6350
                                                                                                                0x7ff887cb6355
                                                                                                                0x7ff887cb6358
                                                                                                                0x7ff887cb635a
                                                                                                                0x7ff887cb6371
                                                                                                                0x7ff887cb637e
                                                                                                                0x7ff887cb6394
                                                                                                                0x7ff887cb639d
                                                                                                                0x7ff887cb63ab
                                                                                                                0x7ff887cb63bb
                                                                                                                0x7ff887cb63c1
                                                                                                                0x7ff887cb63c6
                                                                                                                0x7ff887cb63c9
                                                                                                                0x7ff887cb63cb
                                                                                                                0x7ff887cb63d7
                                                                                                                0x7ff887cb63db
                                                                                                                0x7ff887cb63df
                                                                                                                0x7ff887cb63e6
                                                                                                                0x7ff887cb63e8
                                                                                                                0x7ff887cb63ed
                                                                                                                0x7ff887cb63ef
                                                                                                                0x7ff887cb63f7
                                                                                                                0x7ff887cb6421

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LockShared$?flush@?$basic_ostream@AcquireD@std@@@std@@EventReleaseU?$char_traits@V12@
                                                                                                                • String ID:
                                                                                                                • API String ID: 3106982728-0
                                                                                                                • Opcode ID: 7797e0108a4ce0f3a894cfd757563918a1455e9daf6e17ce4efd5d9c6d1a6bcd
                                                                                                                • Instruction ID: 74d1a9b2c60b3ca547065c036cbcbe0bd9daedcc9a5a5828947443a6dc25f031
                                                                                                                • Opcode Fuzzy Hash: 7797e0108a4ce0f3a894cfd757563918a1455e9daf6e17ce4efd5d9c6d1a6bcd
                                                                                                                • Instruction Fuzzy Hash: FD41AE32A49A4292EB11DF65E4001AEB772FB86BD4F404032EE4D53755DF3CDA95C780
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA9100 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E00007FF87FF887CA9100(long long __rbx, long long* __rcx, void* __rdx, signed int __r8, long long __r14) {
				void* _t21;
				void* _t22;
				void* _t25;
				void* _t41;
				long long _t42;
				long long* _t46;
				signed long long _t51;
				unsigned long long _t61;
				void* _t65;
				int _t72;
				long long _t75;
				unsigned long long _t76;
				void* _t78;
				long long _t87;
				void* _t89;

				 *((long long*)(_t78 + 0x10)) = __rbx;
				 *((long long*)(_t78 + 0x18)) = _t75;
				_t76 =  *((intOrPtr*)(__rcx + 0x18));
				_t46 = __rcx;
				if (__r8 - _t76 > 0) goto 0x87ca9145;
				if (_t76 - 0x10 < 0) goto 0x87ca9130;
				 *((long long*)(__rcx + 0x10)) = __r8;
				_t21 = memmove(_t89, _t65, _t72);
				 *((char*)( *((intOrPtr*)(__rcx)) + __r8)) = 0;
				goto 0x87ca9234;
				if (__r8 - 0xffffffff > 0) goto 0x87ca9251;
				 *((long long*)(_t78 - 0x20 + 0x40)) = __r14;
				_t51 = __r8 | 0x0000000f;
				if (_t51 - 0xffffffff > 0) goto 0x87ca91a3;
				_t61 = _t76 >> 1;
				if (_t76 - 0xffffffff - _t61 > 0) goto 0x87ca91a3;
				_t41 = _t61 + _t76;
				_t8 = ( <  ? _t41 : _t51) + 1; // 0x100000001
				_t42 = _t8;
				if (_t42 - 0x1000 < 0) goto 0x87ca91c9;
				_t9 = _t42 + 0x27; // 0x100000028
				if (_t9 - _t42 <= 0) goto 0x87ca9257;
				goto 0x87ca91ad;
				_t22 = E00007FF87FF887CC56A8(_t21, _t42, 0x27);
				if (_t42 == 0) goto 0x87ca924a;
				_t10 = _t42 + 0x27; // 0x27
				 *((long long*)((_t10 & 0xffffffe0) - 8)) = _t42;
				goto 0x87ca91de;
				if (_t42 == 0) goto 0x87ca91db;
				E00007FF87FF887CC56A8(_t22, _t42, _t42);
				_t87 = _t42;
				goto 0x87ca91de;
				r14d = 0;
				 *((long long*)(_t46 + 0x10)) = __r8;
				 *((long long*)(_t46 + 0x18)) =  <  ? _t41 : _t51;
				memmove(??, ??, ??);
				 *((char*)(_t87 + __r8)) = 0;
				if (_t76 - 0x10 < 0) goto 0x87ca922c;
				_t15 = _t76 + 1; // 0x10
				if (_t15 - 0x1000 < 0) goto 0x87ca9227;
				if ( *_t46 -  *((intOrPtr*)( *_t46 - 8)) - 8 - 0x1f > 0) goto 0x87ca924a;
				_t25 = E00007FF87FF887CC56E4();
				 *_t46 = _t87;
				return _t25;
			}


















                                                                                                                0x7ff887ca9100
                                                                                                                0x7ff887ca9105
                                                                                                                0x7ff887ca9112
                                                                                                                0x7ff887ca911c
                                                                                                                0x7ff887ca9122
                                                                                                                0x7ff887ca912b
                                                                                                                0x7ff887ca9130
                                                                                                                0x7ff887ca9137
                                                                                                                0x7ff887ca913c
                                                                                                                0x7ff887ca9140
                                                                                                                0x7ff887ca9152
                                                                                                                0x7ff887ca915b
                                                                                                                0x7ff887ca9160
                                                                                                                0x7ff887ca9167
                                                                                                                0x7ff887ca916f
                                                                                                                0x7ff887ca9178
                                                                                                                0x7ff887ca917a
                                                                                                                0x7ff887ca9188
                                                                                                                0x7ff887ca9188
                                                                                                                0x7ff887ca9192
                                                                                                                0x7ff887ca9194
                                                                                                                0x7ff887ca919b
                                                                                                                0x7ff887ca91a1
                                                                                                                0x7ff887ca91ad
                                                                                                                0x7ff887ca91b5
                                                                                                                0x7ff887ca91bb
                                                                                                                0x7ff887ca91c3
                                                                                                                0x7ff887ca91c7
                                                                                                                0x7ff887ca91cc
                                                                                                                0x7ff887ca91d1
                                                                                                                0x7ff887ca91d6
                                                                                                                0x7ff887ca91d9
                                                                                                                0x7ff887ca91db
                                                                                                                0x7ff887ca91e1
                                                                                                                0x7ff887ca91e8
                                                                                                                0x7ff887ca91ef
                                                                                                                0x7ff887ca91f4
                                                                                                                0x7ff887ca91fd
                                                                                                                0x7ff887ca9202
                                                                                                                0x7ff887ca920d
                                                                                                                0x7ff887ca9222
                                                                                                                0x7ff887ca9227
                                                                                                                0x7ff887ca922c
                                                                                                                0x7ff887ca9249

                                                                                                                APIs
                                                                                                                • memmove.VCRUNTIME140(?,00000000,?,00007FF887CB2B4F,?,?,?,?,?,?,?,?,?,?,00000000,00007FF887CC4980), ref: 00007FF887CA9137
                                                                                                                • memmove.VCRUNTIME140(?,00000000,?,00007FF887CB2B4F,?,?,?,?,?,?,?,?,?,?,00000000,00007FF887CC4980), ref: 00007FF887CA91EF
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,00007FF887CB2B4F,?,?,?,?,?,?,?,?,?,?,00000000,00007FF887CC4980), ref: 00007FF887CA924A
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887CA9257
                                                                                                                  • Part of subcall function 00007FF887CC56A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887CA8F4E), ref: 00007FF887CC56C2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2075926362-0
                                                                                                                • Opcode ID: c2b970fc547b330d9855479c807baebc7d2066d06c889b2b930ac0434c1c65f7
                                                                                                                • Instruction ID: af01ae848f1eadf0c70a6af4787396cba26cdb6b65fc831e16d7b67abd82e7d0
                                                                                                                • Opcode Fuzzy Hash: c2b970fc547b330d9855479c807baebc7d2066d06c889b2b930ac0434c1c65f7
                                                                                                                • Instruction Fuzzy Hash: 1631CEA2B49A8688FF589B11E64927CA6B2BB54FD5F540631DB2D07BC6DE7CE481C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CAD4C0 Relevance: 6.1, APIs: 4, Instructions: 82COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 29%
                                                                                                                			E00007FF87FF887CAD4C0(long long __rax, long long __rbx, signed long long* __rcx, void* __rdx, long long __rsi) {
				void* _t18;
				void* _t20;
				long long _t30;
				signed long long _t32;
				signed long long* _t35;
				void* _t39;
				long long _t41;
				void* _t45;
				signed long long _t52;
				long long _t54;
				signed long long _t55;
				void* _t57;

				 *((long long*)(_t57 + 0x10)) = __rbx;
				 *((long long*)(_t57 + 0x18)) = _t54;
				 *((long long*)(__rcx)) = __rax;
				_t35 = __rcx;
				 *((long long*)(__rcx + 0x10)) = __rax;
				 *((long long*)(__rcx + 0x18)) = __rax;
				_t55 =  *((intOrPtr*)(__rdx + 0x10));
				if ( *((long long*)(__rdx + 0x18)) - 0x10 < 0) goto 0x87cad4f0;
				 *((long long*)(_t57 - 0x20 + 0x30)) = __rsi;
				if (_t55 - 0x10 >= 0) goto 0x87cad508;
				asm("movups xmm0, [edi]");
				asm("movups [ecx], xmm0");
				goto 0x87cad577;
				_t52 =  >  ? 0xffffffff : _t55 | 0x0000000f;
				_t39 = _t52 + 1;
				if (_t39 - 0x1000 < 0) goto 0x87cad55b;
				_t30 = _t39 + 0x27;
				if (_t30 - _t39 <= 0) goto 0x87cad597;
				_t18 = E00007FF87FF887CC56A8(0, _t30, _t30);
				_t41 = _t30;
				if (_t30 == 0) goto 0x87cad554;
				_t32 = _t30 + 0x00000027 & 0xffffffe0;
				 *((long long*)(_t32 - 8)) = _t41;
				goto 0x87cad565;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				if (_t41 == 0) goto 0x87cad565;
				E00007FF87FF887CC56A8(_t18, _t32, _t41);
				 *_t35 = _t32;
				_t20 = memmove(_t45, ??);
				_t35[2] = _t55;
				_t35[3] = _t52;
				return _t20;
			}















                                                                                                                0x7ff887cad4c0
                                                                                                                0x7ff887cad4c5
                                                                                                                0x7ff887cad4d4
                                                                                                                0x7ff887cad4d7
                                                                                                                0x7ff887cad4da
                                                                                                                0x7ff887cad4de
                                                                                                                0x7ff887cad4e7
                                                                                                                0x7ff887cad4eb
                                                                                                                0x7ff887cad4f0
                                                                                                                0x7ff887cad4f9
                                                                                                                0x7ff887cad4fb
                                                                                                                0x7ff887cad503
                                                                                                                0x7ff887cad506
                                                                                                                0x7ff887cad51c
                                                                                                                0x7ff887cad520
                                                                                                                0x7ff887cad52b
                                                                                                                0x7ff887cad52d
                                                                                                                0x7ff887cad534
                                                                                                                0x7ff887cad539
                                                                                                                0x7ff887cad53e
                                                                                                                0x7ff887cad544
                                                                                                                0x7ff887cad54a
                                                                                                                0x7ff887cad54e
                                                                                                                0x7ff887cad552
                                                                                                                0x7ff887cad554
                                                                                                                0x7ff887cad55a
                                                                                                                0x7ff887cad55e
                                                                                                                0x7ff887cad560
                                                                                                                0x7ff887cad569
                                                                                                                0x7ff887cad572
                                                                                                                0x7ff887cad577
                                                                                                                0x7ff887cad57e
                                                                                                                0x7ff887cad596

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF887CAE21C,?,?,?,00007FF887CBD6C2), ref: 00007FF887CAD554
                                                                                                                • memmove.VCRUNTIME140(?,?,?,00007FF887CAE21C,?,?,?,00007FF887CBD6C2), ref: 00007FF887CAD572
                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887CAD597
                                                                                                                • __std_exception_copy.VCRUNTIME140(?,?,?,?,?,?,?,00007FF887CAE21C,?,?,?,00007FF887CBD6C2), ref: 00007FF887CAD5C4
                                                                                                                  • Part of subcall function 00007FF887CC56A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887CA8F4E), ref: 00007FF887CC56C2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Concurrency::cancel_current_task__std_exception_copy_invalid_parameter_noinfo_noreturnmallocmemmove
                                                                                                                • String ID:
                                                                                                                • API String ID: 3686582625-0
                                                                                                                • Opcode ID: 15b018261a7cf0bc8f6df710f8455fdf24a97d8064d944bfca37451ac74d772f
                                                                                                                • Instruction ID: 5180d44525aa8947d95ff2573ceca4e89b9b340ce10ffda29fc5963e2350dede
                                                                                                                • Opcode Fuzzy Hash: 15b018261a7cf0bc8f6df710f8455fdf24a97d8064d944bfca37451ac74d772f
                                                                                                                • Instruction Fuzzy Hash: BD31DCA2A49B4185EB159F55E5401AC63B2FB18BE8F588630EA6C07BC9DF3CE1D1C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA8C80 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memchr.VCRUNTIME140(00000001,00000000,?,00007FF887CA45CE), ref: 00007FF887CA8CAA
                                                                                                                • memmove.VCRUNTIME140(00000001,00000000,?,00007FF887CA45CE), ref: 00007FF887CA8D4F
                                                                                                                  • Part of subcall function 00007FF887CABA30: memmove.VCRUNTIME140 ref: 00007FF887CABA87
                                                                                                                • memchr.VCRUNTIME140(00000001,00000000,?,00007FF887CA45CE), ref: 00007FF887CA8CF5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memchrmemmove
                                                                                                                • String ID: unmatched '}' in format string
                                                                                                                • API String ID: 1132781299-1164737745
                                                                                                                • Opcode ID: e3a4b6110c697d36bd24bbe5557a8b97f08152c800b349514c7e98e6efbc01b0
                                                                                                                • Instruction ID: ecfd62185a7530f105f27384f49adcf73cf52e7a5fb18bca287aadcbdc8c1640
                                                                                                                • Opcode Fuzzy Hash: e3a4b6110c697d36bd24bbe5557a8b97f08152c800b349514c7e98e6efbc01b0
                                                                                                                • Instruction Fuzzy Hash: B92171A2B58A8182EB26DF16E9442ADA7B2FB45FD4F194032CF4D07789EE3CD542C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD6A20 Relevance: 6.1, APIs: 4, Instructions: 63COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 16%
                                                                                                                			E00007FF87FF887CD6A20(void* __ecx, void* __edx, void* __rax, long long __rbx, void* __rcx, long long __rdi, long long __rsi, long long _a8, long long _a16, long long _a24) {
				void* _t40;
				intOrPtr* _t46;
				intOrPtr _t59;
				void* _t62;

				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t62 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x10)) == 0) goto 0x87cd6b03;
				E00007FF87FF887CD6690( *((intOrPtr*)(__rcx + 0x10)), __rax, __rbx, __rcx, __rcx);
				if ( *((intOrPtr*)(_t62 + 0x10)) != 0) goto 0x87cd6a54;
				goto 0x87cd6ad4;
				 *((intOrPtr*)(_t62 + 0x10)) = 0;
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				_t46 =  *((intOrPtr*)(_t62 + 0x18));
				_t59 =  *((intOrPtr*)(_t62 + 0x20));
				if (_t46 == _t59) goto 0x87cd6a9f;
				asm("o16 nop [eax+eax]");
				 *((char*)( *_t46 + 0x14)) = 1;
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				if (_t46 + 8 != _t59) goto 0x87cd6a80;
				E00007FF87FF887CD4250(_t46 + 8,  *((intOrPtr*)(_t62 + 0x18)),  *((intOrPtr*)(_t62 + 0x20)), _t62);
				 *((long long*)(_t62 + 0x20)) =  *((intOrPtr*)(_t62 + 0x18));
				_t40 =  *((intOrPtr*)(_t62 + 0x30)) - 1 - 0xfffffffd;
				if (_t40 > 0) goto 0x87cd6acc;
				CloseHandle(??);
				 *((long long*)(_t62 + 0x30)) = 0;
				asm("lock xadd [esi], eax");
				asm("bt eax, 0x1e");
				if (_t40 < 0) goto 0x87cd6b03;
				if (0x80000000 - 0x80000000 <= 0) goto 0x87cd6b03;
				asm("lock bts dword [esi], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x87cd6b03;
				E00007FF87FF887CBD940(_t62);
				return SetEvent(??);
			}







                                                                                                                0x7ff887cd6a20
                                                                                                                0x7ff887cd6a25
                                                                                                                0x7ff887cd6a2a
                                                                                                                0x7ff887cd6a35
                                                                                                                0x7ff887cd6a3d
                                                                                                                0x7ff887cd6a43
                                                                                                                0x7ff887cd6a4d
                                                                                                                0x7ff887cd6a4f
                                                                                                                0x7ff887cd6a54
                                                                                                                0x7ff887cd6a5b
                                                                                                                0x7ff887cd6a62
                                                                                                                0x7ff887cd6a68
                                                                                                                0x7ff887cd6a6c
                                                                                                                0x7ff887cd6a73
                                                                                                                0x7ff887cd6a75
                                                                                                                0x7ff887cd6a86
                                                                                                                0x7ff887cd6a8a
                                                                                                                0x7ff887cd6a90
                                                                                                                0x7ff887cd6a9d
                                                                                                                0x7ff887cd6aab
                                                                                                                0x7ff887cd6ab4
                                                                                                                0x7ff887cd6ac0
                                                                                                                0x7ff887cd6ac4
                                                                                                                0x7ff887cd6ac6
                                                                                                                0x7ff887cd6acc
                                                                                                                0x7ff887cd6ad9
                                                                                                                0x7ff887cd6add
                                                                                                                0x7ff887cd6ae1
                                                                                                                0x7ff887cd6ae8
                                                                                                                0x7ff887cd6aea
                                                                                                                0x7ff887cd6aef
                                                                                                                0x7ff887cd6af4
                                                                                                                0x7ff887cd6b18

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ReleaseSemaphore$CloseEventHandleObjectSingleWait
                                                                                                                • String ID:
                                                                                                                • API String ID: 568734227-0
                                                                                                                • Opcode ID: 9236d54c9f8004cdcccdb61e91e6bfd2483121a615e91c4b9fed31d8ba419f9e
                                                                                                                • Instruction ID: 3f140ed51ee1aad4476b5690c2024936c7a237f1ec2f0cd0305718eac48b3836
                                                                                                                • Opcode Fuzzy Hash: 9236d54c9f8004cdcccdb61e91e6bfd2483121a615e91c4b9fed31d8ba419f9e
                                                                                                                • Instruction Fuzzy Hash: 77211A22A58A4282EB708B25E44436E7B72FB85BD4F145131EB9E53B96DF3CE445C740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA1B70 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmovememset
                                                                                                                • String ID: 0123456789ABCDEF$0123456789abcdef
                                                                                                                • API String ID: 1288253900-885041942
                                                                                                                • Opcode ID: 0103df9f0cf36cab03a71a0973b504f73d6bc333af0cbd4df2281995c3c09994
                                                                                                                • Instruction ID: ec5abc65e195829211c5e1140ffc73198ee1c874ed17ff780cccf5273d21865e
                                                                                                                • Opcode Fuzzy Hash: 0103df9f0cf36cab03a71a0973b504f73d6bc333af0cbd4df2281995c3c09994
                                                                                                                • Instruction Fuzzy Hash: 762149A6A49B8582DB25CF06E5402ADBB72FB49FC4B189572DF8D07B66DE3CE051C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA1AA0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmovememset
                                                                                                                • String ID: 0123456789ABCDEF$0123456789abcdef
                                                                                                                • API String ID: 1288253900-885041942
                                                                                                                • Opcode ID: 3243a9616e88c44d7496df093ef204c03e19f444df9bf1332a5cfe5c19237609
                                                                                                                • Instruction ID: 99d0c0165d3e7ca2491c309219bc944da2dbb8d505a22689e78ff455cec95c75
                                                                                                                • Opcode Fuzzy Hash: 3243a9616e88c44d7496df093ef204c03e19f444df9bf1332a5cfe5c19237609
                                                                                                                • Instruction Fuzzy Hash: 10216FA2B45B8582DB24CF06E9401ADBB72FB48BC4B188032DF8D47B66DE3CD451C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD9E50 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionLockSharedThrow$AcquireRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 1623387717-0
                                                                                                                • Opcode ID: 821d38cad4e8f632898ec663a9c87fc73b7f9fa64378656b3521347ee09f09fd
                                                                                                                • Instruction ID: 60e20c10e2208221664cfa929e27150fba20445f802cf07c9b59b278b864a5d4
                                                                                                                • Opcode Fuzzy Hash: 821d38cad4e8f632898ec663a9c87fc73b7f9fa64378656b3521347ee09f09fd
                                                                                                                • Instruction Fuzzy Hash: 6B016D67B04B4086EB18DB32E95137D2762FB89BC9F188435DE0D0B796CF38E056C200
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD8850 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionLockSharedThrow$AcquireRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 1623387717-0
                                                                                                                • Opcode ID: c832f7f00a28b77cced1eefa34c85cae082805bf7e02fe3fa8d7180f7810be2b
                                                                                                                • Instruction ID: 11b4322b25d568aafd1889bd23bc68cce5ca3a69eed88b3e55a3f47f54759f99
                                                                                                                • Opcode Fuzzy Hash: c832f7f00a28b77cced1eefa34c85cae082805bf7e02fe3fa8d7180f7810be2b
                                                                                                                • Instruction Fuzzy Hash: 3DF08C6BA04B0486EB18DF32E90137D2772FB89BC8F188431DE4D0B69ACF38E056C200
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD89D0 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionLockSharedThrow$AcquireRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 1623387717-0
                                                                                                                • Opcode ID: 57b2854b0f65e5e374a08cde8f6c634fec4e12c1195dc384bbd9ce2569a39ea6
                                                                                                                • Instruction ID: 65af1507fcf37cb04169529675c9cc0a42d2f0cc5cb036b66c0054102bef0808
                                                                                                                • Opcode Fuzzy Hash: 57b2854b0f65e5e374a08cde8f6c634fec4e12c1195dc384bbd9ce2569a39ea6
                                                                                                                • Instruction Fuzzy Hash: 4CF06D67A04B0486DB28DF32E94137D1662FB89BD9F189431DE4D07686CF38D0568200
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD8920 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionLockSharedThrow$AcquireRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 1623387717-0
                                                                                                                • Opcode ID: b30508edd93f378d34823121abbe860d8cef95497a92132c4ce0266ae7febd1f
                                                                                                                • Instruction ID: fdf58a1cd08047c52962aa281e617f9cc078103523c6ec9e76e437569016698d
                                                                                                                • Opcode Fuzzy Hash: b30508edd93f378d34823121abbe860d8cef95497a92132c4ce0266ae7febd1f
                                                                                                                • Instruction Fuzzy Hash: DDF0816BA04B4586DB28DF32E90137D1772FB89BC8F188431DE4D0B696CF38D116C200
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CCD940 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF887CCA323,?,?,00000038,?,00000000,00007FF887CCA52E,?,?,00000008,00007FF887CB8792), ref: 00007FF887CCD950
                                                                                                                • SleepConditionVariableSRW.KERNEL32(?,?,?,00007FF887CCA323,?,?,00000038,?,00000000,00007FF887CCA52E,?,?,00000008,00007FF887CB8792), ref: 00007FF887CCD987
                                                                                                                • ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FF887CCA323,?,?,00000038,?,00000000,00007FF887CCA52E,?,?,00000008,00007FF887CB8792), ref: 00007FF887CCD9A2
                                                                                                                • ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FF887CCA323,?,?,00000038,?,00000000,00007FF887CCA52E,?,?,00000008,00007FF887CB8792), ref: 00007FF887CCD9BA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExclusiveLock$Release$AcquireConditionSleepVariable
                                                                                                                • String ID:
                                                                                                                • API String ID: 3114648011-0
                                                                                                                • Opcode ID: 1028a7427bf02d8bddc8bc0c960c5e31dbe1d0c13ec5fc794dc8297f47e69b9b
                                                                                                                • Instruction ID: 4bae318548ab0a5e7f611fa9d00e7d99ddef01259ee30f78f15e1a1dffe3b492
                                                                                                                • Opcode Fuzzy Hash: 1028a7427bf02d8bddc8bc0c960c5e31dbe1d0c13ec5fc794dc8297f47e69b9b
                                                                                                                • Instruction Fuzzy Hash: D201B1A1E8C94640EB218B21E8542BC2BB37F56BC9FC800B2C5AC431E6CF5CD9CAC710
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CB3370 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 157COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E00007FF87FF887CB3370(long long __rbx, long long __rcx, intOrPtr* __rdx, long long __rdi, intOrPtr* __r8) {
				void* _t39;
				signed long long _t51;
				long long _t53;
				intOrPtr _t78;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t92;

				 *((long long*)(_t87 + 0x10)) = __rbx;
				 *((long long*)(_t87 + 0x18)) = __rdi;
				_t85 = _t87 - 0x57;
				_t51 =  *0x87ceec78; // 0x53a27ff7578c
				 *(_t85 + 0x4f) = _t51 ^ _t87 - 0x000000b0;
				 *((long long*)(_t85 - 9)) = __rcx;
				 *((intOrPtr*)(_t85 - 0x29)) = 0;
				 *((long long*)(__rcx)) = __rdi;
				 *((long long*)(__rcx + 0x10)) = __rdi;
				 *((long long*)(__rcx + 0x18)) = 0xf;
				 *((intOrPtr*)(__rcx)) = dil;
				 *((intOrPtr*)(_t85 - 0x29)) = 1;
				_t53 =  *((intOrPtr*)(__rdx + 0x10));
				if (_t53 == 0) goto 0x87cb34b5;
				_t92 =  *((intOrPtr*)(__rdx + 0x18));
				if (_t92 - 0x10 < 0) goto 0x87cb33d7;
				if ( *((char*)(_t53 +  *((intOrPtr*)(__rdx)) - 1)) != 0x5c) goto 0x87cb34b5;
				if (_t92 - 0x10 < 0) goto 0x87cb33eb;
				 *((long long*)(_t85 + 0x1f)) =  *((intOrPtr*)(__rdx));
				 *((long long*)(_t85 + 0x27)) = _t53;
				if ( *((long long*)(__r8 + 0x18)) - 0x10 < 0) goto 0x87cb3400;
				 *((long long*)(_t85 + 0x2f)) =  *((intOrPtr*)(__r8));
				 *((long long*)(_t85 + 0x37)) =  *((intOrPtr*)(__r8 + 0x10));
				 *((long long*)(_t85 - 0x39)) = 0x1ce;
				 *((long long*)(_t85 - 0x31)) = _t85 + 0x1f;
				asm("movaps xmm0, [ebp-0x39]");
				asm("movdqa [ebp-0x19], xmm0");
				 *((long long*)(_t85 - 0x39)) = 0x87cdcf28;
				 *((long long*)(_t85 - 0x31)) = 4;
				E00007FF87FF887CA49B0(__rcx, _t85 - 1, __rdi, _t83);
				if (__rcx != _t85 - 1) goto 0x87cb352a;
				_t78 =  *((intOrPtr*)(_t85 + 0x17));
				if (_t78 - 0x10 < 0) goto 0x87cb3491;
				if (_t78 + 1 - 0x1000 < 0) goto 0x87cb348c;
				if ( *((intOrPtr*)(_t85 - 1)) -  *((intOrPtr*)( *((intOrPtr*)(_t85 - 1)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87cb35bd;
				return E00007FF87FF887CC5E20(E00007FF87FF887CC56E4(), _t39,  *(_t85 + 0x4f) ^ _t87 - 0x000000b0);
			}











                                                                                                                0x7ff887cb3370
                                                                                                                0x7ff887cb3375
                                                                                                                0x7ff887cb337b
                                                                                                                0x7ff887cb3387
                                                                                                                0x7ff887cb3391
                                                                                                                0x7ff887cb3398
                                                                                                                0x7ff887cb339e
                                                                                                                0x7ff887cb33a1
                                                                                                                0x7ff887cb33a4
                                                                                                                0x7ff887cb33a8
                                                                                                                0x7ff887cb33b0
                                                                                                                0x7ff887cb33b3
                                                                                                                0x7ff887cb33ba
                                                                                                                0x7ff887cb33c1
                                                                                                                0x7ff887cb33ca
                                                                                                                0x7ff887cb33d2
                                                                                                                0x7ff887cb33dc
                                                                                                                0x7ff887cb33e6
                                                                                                                0x7ff887cb33eb
                                                                                                                0x7ff887cb33ef
                                                                                                                0x7ff887cb33fb
                                                                                                                0x7ff887cb3404
                                                                                                                0x7ff887cb3408
                                                                                                                0x7ff887cb340c
                                                                                                                0x7ff887cb3418
                                                                                                                0x7ff887cb341c
                                                                                                                0x7ff887cb3420
                                                                                                                0x7ff887cb342c
                                                                                                                0x7ff887cb3430
                                                                                                                0x7ff887cb3444
                                                                                                                0x7ff887cb3450
                                                                                                                0x7ff887cb3456
                                                                                                                0x7ff887cb345e
                                                                                                                0x7ff887cb3471
                                                                                                                0x7ff887cb3486
                                                                                                                0x7ff887cb34b4

                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CB35BD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: {}{}${}{}{}
                                                                                                                • API String ID: 3668304517-2846689003
                                                                                                                • Opcode ID: 0d7b17ab96c54cfedc1e4bcf5ec5a0e7c0eb481e5a7dedd758c77a306ae59aa9
                                                                                                                • Instruction ID: cef2eb5eac930cebb89f32e83553f04bd0ed5adbd61650125f1b8f282a4bfd66
                                                                                                                • Opcode Fuzzy Hash: 0d7b17ab96c54cfedc1e4bcf5ec5a0e7c0eb481e5a7dedd758c77a306ae59aa9
                                                                                                                • Instruction Fuzzy Hash: 7B613472B49B4589EB04CF68E4843AC33B6FB48B88F504135EB5D13A99EF78D299C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CAFE60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 23%
                                                                                                                			E00007FF87FF887CAFE60(void* __ebp, long long __rbx, void* __rcx, long long __rsi, void* __rbp, long long _a16, long long _a24) {
				void* _v8;
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v74;
				short _v76;
				intOrPtr _v80;
				char _v88;
				signed long long _v96;
				signed long long _v104;
				intOrPtr _t36;
				void* _t46;
				signed long long _t62;
				signed long long _t63;
				signed long long _t75;
				void* _t78;
				intOrPtr _t92;
				intOrPtr _t96;
				void* _t104;
				void* _t107;
				void* _t110;

				_t78 = __rcx;
				_a16 = __rbx;
				_a24 = __rsi;
				_t62 =  *0x87ceec78; // 0x53a27ff7578c
				_t63 = _t62 ^ _t104 - 0x00000080;
				_v24 = _t63;
				_t4 = _t78 + 0x60; // 0x60
				E00007FF87FF887CC56A8(E00007FF87FF887CB3D90(_t46, __rbx,  &_v56, __rsi, __rbp, _t107, _t110), _t63,  &_v56);
				_t75 = _t63;
				_v104 = _t63;
				if (_t63 == 0) goto 0x87caff5a;
				asm("xorps xmm0, xmm0");
				asm("movups [eax], xmm0");
				 *((intOrPtr*)(_t63 + 8)) = 1;
				 *((intOrPtr*)(_t63 + 0xc)) = 1;
				 *_t75 = 0x87cdc988;
				_t9 = _t75 + 0x10; // 0x10
				_v64 = 0xf;
				_v72 = 0xe;
				asm("movsd xmm0, [0x2ca17]");
				asm("movsd [esp+0x30], xmm0");
				_t36 = M00007FF87FF887CDC908; // 0x6f507861
				_v80 = _t36;
				_v76 =  *0x87cdc90c & 0x0000ffff;
				_v74 = 0;
				E00007FF87FF887CAD640(0x87cdc988, _t75, _t9,  &_v88, _t63);
				_t92 = _v64;
				if (_t92 - 0x10 < 0) goto 0x87caff5c;
				if (_t92 + 1 - 0x1000 < 0) goto 0x87caff53;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87caff53;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887CC56E4();
				goto 0x87caff5c;
				_t19 = _t75 + 0x10; // 0x10
				_v104 = _t19;
				_v96 = _t75;
				E00007FF87FF887CAC830(_t75, _t4,  &_v104, _t63);
				if (_v96 == 0) goto 0x87caffb6;
				asm("lock xadd [ecx+0x8], eax");
				if (0xffffffff != 1) goto 0x87caffb6;
				 *((intOrPtr*)( *_v96))();
				asm("lock xadd [ebx+0xc], edi");
				if (0xffffffff != 1) goto 0x87caffb6;
				 *((intOrPtr*)( *_v96 + 8))();
				_t96 = _v32;
				if (_t96 - 0x10 < 0) goto 0x87cafff6;
				if (_t96 + 1 - 0x1000 < 0) goto 0x87cafff1;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87cafff1;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887CC5E20(E00007FF87FF887CC56E4(), 0x118, _v24 ^ _t104 - 0x00000080);
			}


























                                                                                                                0x7ff887cafe60
                                                                                                                0x7ff887cafe60
                                                                                                                0x7ff887cafe65
                                                                                                                0x7ff887cafe72
                                                                                                                0x7ff887cafe79
                                                                                                                0x7ff887cafe7c
                                                                                                                0x7ff887cafe81
                                                                                                                0x7ff887cafe97
                                                                                                                0x7ff887cafe9c
                                                                                                                0x7ff887cafe9f
                                                                                                                0x7ff887cafea7
                                                                                                                0x7ff887cafead
                                                                                                                0x7ff887cafeb0
                                                                                                                0x7ff887cafeb3
                                                                                                                0x7ff887cafeba
                                                                                                                0x7ff887cafec8
                                                                                                                0x7ff887cafecb
                                                                                                                0x7ff887cafecf
                                                                                                                0x7ff887cafed8
                                                                                                                0x7ff887cafee1
                                                                                                                0x7ff887cafee9
                                                                                                                0x7ff887cafeef
                                                                                                                0x7ff887cafef5
                                                                                                                0x7ff887caff00
                                                                                                                0x7ff887caff05
                                                                                                                0x7ff887caff12
                                                                                                                0x7ff887caff18
                                                                                                                0x7ff887caff21
                                                                                                                0x7ff887caff35
                                                                                                                0x7ff887caff4a
                                                                                                                0x7ff887caff4c
                                                                                                                0x7ff887caff52
                                                                                                                0x7ff887caff53
                                                                                                                0x7ff887caff58
                                                                                                                0x7ff887caff5c
                                                                                                                0x7ff887caff60
                                                                                                                0x7ff887caff65
                                                                                                                0x7ff887caff72
                                                                                                                0x7ff887caff80
                                                                                                                0x7ff887caff89
                                                                                                                0x7ff887caff91
                                                                                                                0x7ff887caff9e
                                                                                                                0x7ff887caffa0
                                                                                                                0x7ff887caffa8
                                                                                                                0x7ff887caffb2
                                                                                                                0x7ff887caffb6
                                                                                                                0x7ff887caffbf
                                                                                                                0x7ff887caffd3
                                                                                                                0x7ff887caffe8
                                                                                                                0x7ff887caffea
                                                                                                                0x7ff887cafff0
                                                                                                                0x7ff887cb0017

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CB3D90: GetTempPathW.KERNEL32 ref: 00007FF887CB3DDA
                                                                                                                  • Part of subcall function 00007FF887CB3D90: GetLastError.KERNEL32 ref: 00007FF887CB3DE4
                                                                                                                  • Part of subcall function 00007FF887CB3D90: WideCharToMultiByte.KERNEL32 ref: 00007FF887CB3E63
                                                                                                                  • Part of subcall function 00007FF887CB3D90: WideCharToMultiByte.KERNEL32 ref: 00007FF887CB3E9C
                                                                                                                  • Part of subcall function 00007FF887CC56A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887CA8F4E), ref: 00007FF887CC56C2
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887CAFF4C
                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF887CAE1CA), ref: 00007FF887CAFFEA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide_invalid_parameter_noinfo_noreturn$ErrorLastPathTempmalloc
                                                                                                                • String ID: axPort
                                                                                                                • API String ID: 2109269352-2033187772
                                                                                                                • Opcode ID: bf06585e9985f8420429b79c92c471ece2b5f6193859de1342c2103e63c4520f
                                                                                                                • Instruction ID: 574799b40e4579fe01d04b005cf040773a089d66ca81aa0084c51c7e858fd890
                                                                                                                • Opcode Fuzzy Hash: bf06585e9985f8420429b79c92c471ece2b5f6193859de1342c2103e63c4520f
                                                                                                                • Instruction Fuzzy Hash: ED418F72A59B4286EB10CB25E54036EB3B2FB85BE4F104232EA9D47799DF3CD481CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CCFF10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 16%
                                                                                                                			E00007FF87FF887CCFF10(void* __edx, long long __rbx, signed char* __rcx, unsigned int __rdx, long long __rsi, long long __rbp, intOrPtr* __r8, void* __r9, long long _a8, long long _a16, long long _a32) {
				void* _v24;
				signed int _v40;
				char _v1572;
				void* _v1574;
				char _v1576;
				unsigned long long _t45;
				signed long long _t49;
				char* _t53;
				unsigned long long _t54;
				unsigned long long _t55;
				unsigned long long _t71;
				void* _t74;
				void* _t82;
				intOrPtr* _t89;

				_a8 = __rbx;
				_a16 = __rbp;
				_a32 = __rsi;
				_t83 = _t82 - 0x630;
				_t49 =  *0x87ceec78; // 0x53a27ff7578c
				_v40 = _t49 ^ _t82 - 0x00000630;
				r15d = 0x20;
				_t74 = (_t71 >> 2 << 4) + "0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures";
				_t45 = __rdx >> 8;
				if (_t45 == 0) goto 0x87ccffe7;
				_t53 =  &_v1572;
				r9d = 0x100;
				r8d =  *__rcx & 0x000000ff;
				 *((intOrPtr*)(_t53 - 4)) = r15w;
				_t54 = _t53 + 6;
				r8d = r8d & 0x0000000f;
				 *((short*)(_t54 - 8)) =  *((char*)(( *( *__r8 + 4) >> 4) + _t74));
				 *((short*)(_t54 - 6)) =  *((char*)(__r8 + _t74));
				if (_t45 != 0) goto 0x87ccff90;
				__imp__?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEB_W_J@Z();
				if (_t45 != 0) goto 0x87ccff80;
				if (__rbp == 0) goto 0x87cd0038;
				_t89 =  &_v1576;
				 *_t89 = r15w;
				_t55 = _t54 >> 4;
				 *((short*)(_t89 + 2)) =  *((char*)(_t55 + _t74));
				 *((short*)(_t89 + 4)) =  *((char*)(__r8 + _t74));
				if (_t55 - __rbp < 0) goto 0x87ccfff3;
				__imp__?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEB_W_J@Z();
				return E00007FF87FF887CC5E20(1, __rcx[1] & 0xf, _v40 ^ _t83);
			}

















                                                                                                                0x7ff887ccff10
                                                                                                                0x7ff887ccff15
                                                                                                                0x7ff887ccff1a
                                                                                                                0x7ff887ccff24
                                                                                                                0x7ff887ccff2b
                                                                                                                0x7ff887ccff35
                                                                                                                0x7ff887ccff55
                                                                                                                0x7ff887ccff76
                                                                                                                0x7ff887ccff79
                                                                                                                0x7ff887ccff7c
                                                                                                                0x7ff887ccff80
                                                                                                                0x7ff887ccff85
                                                                                                                0x7ff887ccff90
                                                                                                                0x7ff887ccff97
                                                                                                                0x7ff887ccff9c
                                                                                                                0x7ff887ccffa3
                                                                                                                0x7ff887ccffaf
                                                                                                                0x7ff887ccffb8
                                                                                                                0x7ff887ccffc0
                                                                                                                0x7ff887ccffd6
                                                                                                                0x7ff887ccffe5
                                                                                                                0x7ff887ccffea
                                                                                                                0x7ff887ccffec
                                                                                                                0x7ff887ccfffc
                                                                                                                0x7ff887cd0000
                                                                                                                0x7ff887cd000d
                                                                                                                0x7ff887cd0016
                                                                                                                0x7ff887cd0024
                                                                                                                0x7ff887cd0032
                                                                                                                0x7ff887cd0064

                                                                                                                APIs
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887CCFFD6
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887CD0032
                                                                                                                Strings
                                                                                                                • 0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures, xrefs: 00007FF887CCFF5F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ?write@?$basic_ostream@D@std@@@std@@U?$char_traits@V12@
                                                                                                                • String ID: 0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures
                                                                                                                • API String ID: 2277189856-1814974510
                                                                                                                • Opcode ID: f674925d5cb3c8ad1a760e8ed63a0811590771809a40d4119573242e45484e6b
                                                                                                                • Instruction ID: 9874c66ad84542d479bc785ef870233d6e7abee3417b7436db145a594151659e
                                                                                                                • Opcode Fuzzy Hash: f674925d5cb3c8ad1a760e8ed63a0811590771809a40d4119573242e45484e6b
                                                                                                                • Instruction Fuzzy Hash: 8331E237B15AD585EB20CF21E8541ADBBB1FB88BC4F898032DA5D17714DA3DD606CB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CA3040 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00007FF87FF887CA3040() {
				void* _t12;
				signed long long _t17;
				long long _t20;
				long long _t24;
				long long _t25;
				void* _t28;

				 *((long long*)(_t28 + 8)) = _t20;
				 *((long long*)(_t28 + 0x18)) = _t25;
				 *((long long*)(_t28 + 0x20)) = _t24;
				_t17 =  *0x87ceec78; // 0x53a27ff7578c
				 *(_t28 - 0x57 + 0x4f) = _t17 ^ _t28 - 0x000000b0;
				if (_t12 - 0x78 > 0) goto 0x87ca3414;
				goto __rdx;
			}









                                                                                                                0x7ff887ca3040
                                                                                                                0x7ff887ca3045
                                                                                                                0x7ff887ca304a
                                                                                                                0x7ff887ca305c
                                                                                                                0x7ff887ca3066
                                                                                                                0x7ff887ca3074
                                                                                                                0x7ff887ca3093

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionThrow__std_exception_copy
                                                                                                                • String ID: invalid type specifier
                                                                                                                • API String ID: 1552479455-1382033351
                                                                                                                • Opcode ID: 9162a276d7ee1a2c3fcd049e53fe64bbb14d32fab991226d0c814b129e95dbb4
                                                                                                                • Instruction ID: 06ab57065e1dfcf5aec841b547969e8aef51d927dadc16a9229931b8cec86608
                                                                                                                • Opcode Fuzzy Hash: 9162a276d7ee1a2c3fcd049e53fe64bbb14d32fab991226d0c814b129e95dbb4
                                                                                                                • Instruction Fuzzy Hash: 7B3195B3A49B819AE701CB70E8A53AF7B75E755388F8A5032DA4C92796EA2CD105C341
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CCFDC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887CCFE80
                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887CCFEDC
                                                                                                                Strings
                                                                                                                • 0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures, xrefs: 00007FF887CCFE03
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ?write@?$basic_ostream@D@std@@@std@@U?$char_traits@V12@
                                                                                                                • String ID: 0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures
                                                                                                                • API String ID: 2277189856-1814974510
                                                                                                                • Opcode ID: 4d7f9d0057c90d1fc27c6ac1c5151411231a43c20386cb2dde4277619377d6a4
                                                                                                                • Instruction ID: 11c0c9898667c8a44f9407799ca4f39006f2fbc9c6fcf54c1be784c0c9f213e8
                                                                                                                • Opcode Fuzzy Hash: 4d7f9d0057c90d1fc27c6ac1c5151411231a43c20386cb2dde4277619377d6a4
                                                                                                                • Instruction Fuzzy Hash: E431A437B19AD586D7258B21E4156ADBFA1F799BC4F898136DB8D03746CA3CC20AC710
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CC6A70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF887CC75D0: InitializeSRWLock.KERNEL32(?,?,?,?,00000000,00000038,00000000,00007FF887CC77FE,?,?,?,00007FF887CCA349,?,?,00000038,?), ref: 00007FF887CC766E
                                                                                                                • AcquireSRWLockShared.KERNEL32 ref: 00007FF887CC6A94
                                                                                                                • ReleaseSRWLockShared.KERNEL32 ref: 00007FF887CC6AB9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Lock$Shared$AcquireInitializeRelease
                                                                                                                • String ID: [uninitialized]
                                                                                                                • API String ID: 2537410636-2099769388
                                                                                                                • Opcode ID: dbbc3890cb9868c4dacf77921bd243b255cfbd6f5ac2ca3803326c1c02756e1c
                                                                                                                • Instruction ID: dfcfc6fbc82cb63721642c41d5c8ebd97dc07e2519d50e93b62ee6627b47be6d
                                                                                                                • Opcode Fuzzy Hash: dbbc3890cb9868c4dacf77921bd243b255cfbd6f5ac2ca3803326c1c02756e1c
                                                                                                                • Instruction Fuzzy Hash: F8017C32B58A4182EB148F16E64402D2773FB89FE4B189131DE1E17799CF3CE4A1C340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CBF080 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00007FF87FF887CBF080(void* __eax, long long __rbx, char* __r8, void* __r9, long long _a8) {

				_a8 = __rbx;
				if (__r9 == 0) goto 0x87cbf0e1;
				if (__r9 != 1) goto 0x87cbf0ad;
				 *__r8 = 0;
				return __eax;
			}



                                                                                                                0x7ff887cbf080
                                                                                                                0x7ff887cbf093
                                                                                                                0x7ff887cbf099
                                                                                                                0x7ff887cbf09b
                                                                                                                0x7ff887cbf0ac

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: strerror
                                                                                                                • String ID: Unknown error
                                                                                                                • API String ID: 2194627204-83687255
                                                                                                                • Opcode ID: bafc78c85978e829d371cb662a2bc500d72ac259c6d8f698591c9a58c6c7372c
                                                                                                                • Instruction ID: 68ca3022ccb1da9f1046b2dd9298707737c8c1d3329934d235ebd1c2c1fc80fc
                                                                                                                • Opcode Fuzzy Hash: bafc78c85978e829d371cb662a2bc500d72ac259c6d8f698591c9a58c6c7372c
                                                                                                                • Instruction Fuzzy Hash: A3F0CD22B5868181EF588B5AF540BBD2661BB88BC4F8C5032EB5D0735ACE2CD594C300
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FF887CD6E20 Relevance: 5.1, APIs: 4, Instructions: 140COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 56%
                                                                                                                			E00007FF87FF887CD6E20(void* __edx, long long __rax, long long __rbx, long long __rcx, long long __rdx, long long __rdi, long long __rsi, long long __rbp, long long __r8, long long __r9, void* __r11, long long _a8, long long _a16, long long _a24, long long _a32, char _a40) {
				void* _v8;
				long long _v24;
				long long _v32;
				long long _v40;
				intOrPtr _v64;
				long long _v72;
				long long _v80;
				char _v88;
				void* _t53;
				void* _t54;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				long long _t84;
				long long _t85;
				long long _t86;
				intOrPtr* _t87;
				long long _t93;
				intOrPtr* _t100;
				long long _t108;
				long long _t111;
				long long _t112;
				long long _t115;
				long long _t116;
				long long _t126;

				_t84 = __rax;
				_t63 = __edx;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = __rdi;
				_t111 = __r9;
				_t115 = __r8;
				_t126 = __rdx;
				_t108 = __rcx;
				E00007FF87FF887CD6600(__rax, __rcx);
				if (_t84 == 0) goto 0x87cd6eee;
				if (_a40 == 0) goto 0x87cd6e75;
				if ( *((intOrPtr*)(_t84 + 8)) == 0) goto 0x87cd6e75;
				if ( *((intOrPtr*)(_t84 + 0x10)) == 0) goto 0x87cd6e75;
				 *_t84();
				if (__r8 != 0) goto 0x87cd6ede;
				if (__r9 != 0) goto 0x87cd6ede;
				_v88 = __rcx;
				_t58 =  *0x87ceecd0; // 0x27
				if (_t58 == 0xffffffff) goto 0x87cd6e9d;
				TlsGetValue(??);
				_t92 = _t84;
				if (_t84 != 0) goto 0x87cd6ecb;
				E00007FF87FF887CD6750(_t58, _t84, _t84,  *((intOrPtr*)(_t84 + 8)),  *((intOrPtr*)(_t84 + 0x10)), __r9);
				_t59 =  *0x87ceecd0; // 0x27
				if (_t59 != 0xffffffff) goto 0x87cd6ec2;
				_t9 = _t92 + 0x28; // 0x28
				E00007FF87FF887CD63D0(__edx, _t84, _t9,  &_v88, _t108, __r9);
				goto 0x87cd6ffb;
				TlsGetValue(??);
				_t93 = _t84;
				_t11 = _t93 + 0x28; // 0x28
				E00007FF87FF887CD63D0(_t63, _t93, _t11,  &_v88, _t108, _t111);
				goto 0x87cd6ffb;
				 *_t93 = _t126;
				 *((long long*)(_t93 + 8)) = _t115;
				 *((long long*)(_t93 + 0x10)) = _t111;
				goto 0x87cd6ffb;
				if (_t115 != 0) goto 0x87cd6efc;
				if (_t111 == 0) goto 0x87cd6ffb;
				_t60 =  *0x87ceecd0; // 0x27
				if (_t60 == 0xffffffff) goto 0x87cd6f14;
				TlsGetValue(??);
				if (_t84 != 0) goto 0x87cd6f2f;
				E00007FF87FF887CD6750(_t60, _t84, _t84, _t11,  &_v88, _t111);
				_t61 =  *0x87ceecd0; // 0x27
				if (_t61 != 0xffffffff) goto 0x87cd6f29;
				_t85 = _t93;
				goto 0x87cd6f2f;
				_t53 = TlsGetValue(??);
				_v40 = _t126;
				_v32 = _t115;
				_v24 = _t111;
				_t18 = _t85 + 0x28; // 0x28
				_t112 = _t18;
				_t116 =  *_t112;
				_t86 = _a8;
				_v72 = _t86;
				_v64 = 0;
				if ( *((intOrPtr*)(_t86 + 0x19)) != 0) goto 0x87cd6f88;
				asm("o16 nop [eax+eax]");
				_v72 = _t86;
				if ( *((intOrPtr*)(_t86 + 0x20)) - _t108 >= 0) goto 0x87cd6f75;
				_v64 = 0;
				_t87 =  *((intOrPtr*)(_t86 + 0x10));
				goto 0x87cd6f83;
				_v64 = 1;
				_t100 = _t87;
				if ( *((intOrPtr*)( *_t87 + 0x19)) == 0) goto 0x87cd6f60;
				if ( *((intOrPtr*)(_t100 + 0x19)) != 0) goto 0x87cd6f93;
				if (_t108 -  *((intOrPtr*)(_t100 + 0x20)) >= 0) goto 0x87cd6ffb;
				if ( *((intOrPtr*)(_t112 + 8)) == 0xffffffff) goto 0x87cd7016;
				_v88 = _t112;
				_v80 = _t93;
				_t54 = E00007FF87FF887CC56A8(_t53, 0xffffffff, _t100);
				 *0x40000000000001F = _t108;
				asm("movups xmm0, [esp+0x50]");
				asm("movups [eax+0x28], xmm0");
				asm("movsd xmm1, [esp+0x60]");
				asm("movsd [eax+0x38], xmm1");
				 *0xffffffff = _t116;
				 *0x400000000000007 = _t116;
				 *0x40000000000000F = _t116;
				 *0x400000000000017 = 0;
				asm("movups xmm0, [esp+0x30]");
				asm("movaps [esp+0x20], xmm0");
				return E00007FF87FF887CCC920(_t54, _t93, _t112,  &_v88, _t108, 0xffffffff);
			}





























                                                                                                                0x7ff887cd6e20
                                                                                                                0x7ff887cd6e20
                                                                                                                0x7ff887cd6e20
                                                                                                                0x7ff887cd6e25
                                                                                                                0x7ff887cd6e2a
                                                                                                                0x7ff887cd6e2f
                                                                                                                0x7ff887cd6e3a
                                                                                                                0x7ff887cd6e3d
                                                                                                                0x7ff887cd6e40
                                                                                                                0x7ff887cd6e43
                                                                                                                0x7ff887cd6e46
                                                                                                                0x7ff887cd6e51
                                                                                                                0x7ff887cd6e5f
                                                                                                                0x7ff887cd6e68
                                                                                                                0x7ff887cd6e71
                                                                                                                0x7ff887cd6e73
                                                                                                                0x7ff887cd6e78
                                                                                                                0x7ff887cd6e7d
                                                                                                                0x7ff887cd6e7f
                                                                                                                0x7ff887cd6e84
                                                                                                                0x7ff887cd6e8d
                                                                                                                0x7ff887cd6e8f
                                                                                                                0x7ff887cd6e95
                                                                                                                0x7ff887cd6e9b
                                                                                                                0x7ff887cd6e9d
                                                                                                                0x7ff887cd6ea2
                                                                                                                0x7ff887cd6eab
                                                                                                                0x7ff887cd6eaf
                                                                                                                0x7ff887cd6eb8
                                                                                                                0x7ff887cd6ebd
                                                                                                                0x7ff887cd6ec2
                                                                                                                0x7ff887cd6ec8
                                                                                                                0x7ff887cd6ecb
                                                                                                                0x7ff887cd6ed4
                                                                                                                0x7ff887cd6ed9
                                                                                                                0x7ff887cd6ede
                                                                                                                0x7ff887cd6ee1
                                                                                                                0x7ff887cd6ee5
                                                                                                                0x7ff887cd6ee9
                                                                                                                0x7ff887cd6ef1
                                                                                                                0x7ff887cd6ef6
                                                                                                                0x7ff887cd6efe
                                                                                                                0x7ff887cd6f07
                                                                                                                0x7ff887cd6f09
                                                                                                                0x7ff887cd6f12
                                                                                                                0x7ff887cd6f14
                                                                                                                0x7ff887cd6f19
                                                                                                                0x7ff887cd6f22
                                                                                                                0x7ff887cd6f24
                                                                                                                0x7ff887cd6f27
                                                                                                                0x7ff887cd6f29
                                                                                                                0x7ff887cd6f2f
                                                                                                                0x7ff887cd6f34
                                                                                                                0x7ff887cd6f39
                                                                                                                0x7ff887cd6f3e
                                                                                                                0x7ff887cd6f3e
                                                                                                                0x7ff887cd6f42
                                                                                                                0x7ff887cd6f45
                                                                                                                0x7ff887cd6f49
                                                                                                                0x7ff887cd6f4e
                                                                                                                0x7ff887cd6f58
                                                                                                                0x7ff887cd6f5a
                                                                                                                0x7ff887cd6f60
                                                                                                                0x7ff887cd6f69
                                                                                                                0x7ff887cd6f6b
                                                                                                                0x7ff887cd6f6f
                                                                                                                0x7ff887cd6f73
                                                                                                                0x7ff887cd6f75
                                                                                                                0x7ff887cd6f7d
                                                                                                                0x7ff887cd6f86
                                                                                                                0x7ff887cd6f8b
                                                                                                                0x7ff887cd6f91
                                                                                                                0x7ff887cd6fa1
                                                                                                                0x7ff887cd6fa3
                                                                                                                0x7ff887cd6fa8
                                                                                                                0x7ff887cd6fb2
                                                                                                                0x7ff887cd6fb8
                                                                                                                0x7ff887cd6fbc
                                                                                                                0x7ff887cd6fc1
                                                                                                                0x7ff887cd6fc5
                                                                                                                0x7ff887cd6fcb
                                                                                                                0x7ff887cd6fd0
                                                                                                                0x7ff887cd6fd3
                                                                                                                0x7ff887cd6fd7
                                                                                                                0x7ff887cd6fdb
                                                                                                                0x7ff887cd6fe1
                                                                                                                0x7ff887cd6fe6
                                                                                                                0x7ff887cd7015

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000016.00000002.712686511.00007FF887CA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887CA0000, based on PE: true
                                                                                                                • Associated: 00000016.00000002.712670729.00007FF887CA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.712991994.00007FF887CDB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713116386.00007FF887CEE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713137166.00007FF887CEF000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713164287.00007FF887CF1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000016.00000002.713188255.00007FF887CF3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_22_2_7ff887ca0000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value
                                                                                                                • String ID:
                                                                                                                • API String ID: 3702945584-0
                                                                                                                • Opcode ID: 157aea084b2188a04319823bb61cbbf73f5139dd45d3b24a669f6f3012e22f66
                                                                                                                • Instruction ID: c768694305ed810f488e686063bffbadffd3bc551e26366520667c0dbe65d4d4
                                                                                                                • Opcode Fuzzy Hash: 157aea084b2188a04319823bb61cbbf73f5139dd45d3b24a669f6f3012e22f66
                                                                                                                • Instruction Fuzzy Hash: AA514A32A88B8186E7759F15E44016D7BB2FB89BD4F144235EA9D13BA6DF3CE451C700
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:12.6%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:3
                                                                                                                Total number of Limit Nodes:0
                                                                                                                execution_graph 1298 7ff81a682149 1299 7ff81a682157 SearchPathW 1298->1299 1301 7ff81a6823ec 1299->1301

                                                                                                                Callgraph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                • Opacity -> Relevance
                                                                                                                • Disassembly available
                                                                                                                callgraph 0 Function_00007FF81A680769 1 Function_00007FF81A680168 5 Function_00007FF81A680158 1->5 2 Function_00007FF81A6804F1 3 Function_00007FF81A6801F0 4 Function_00007FF81A6812D9 22 Function_00007FF81A6801B8 4->22 6 Function_00007FF81A6801D8 6->22 7 Function_00007FF81A6806E7 8 Function_00007FF81A6801E5 9 Function_00007FF81A681062 9->22 10 Function_00007FF81A6801E0 10->22 11 Function_00007FF81A680160 11->1 11->5 12 Function_00007FF81A68074F 13 Function_00007FF81A6806CD 14 Function_00007FF81A6804CC 23 Function_00007FF81A6800B8 14->23 26 Function_00007FF81A6800C0 14->26 39 Function_00007FF81A6800A0 14->39 15 Function_00007FF81A6824CA 37 Function_00007FF81A6801A0 15->37 16 Function_00007FF81A682149 48 Function_00007FF81A68247A 16->48 17 Function_00007FF81A6800C8 17->1 17->5 18 Function_00007FF81A681748 18->5 19 Function_00007FF81A680BD1 19->6 19->10 19->22 20 Function_00007FF81A6818BC 20->3 32 Function_00007FF81A6816B0 20->32 33 Function_00007FF81A6800B0 20->33 40 Function_00007FF81A681620 20->40 46 Function_00007FF81A680208 20->46 21 Function_00007FF81A6807BA 21->11 21->17 21->26 28 Function_00007FF81A680128 21->28 21->37 38 Function_00007FF81A680120 21->38 45 Function_00007FF81A680108 21->45 22->22 24 Function_00007FF81A6815B8 24->22 25 Function_00007FF81A681443 25->22 26->1 26->5 27 Function_00007FF81A6800A8 28->22 29 Function_00007FF81A6801A8 29->22 30 Function_00007FF81A680735 31 Function_00007FF81A6806B3 32->1 32->5 34 Function_00007FF81A68079D 35 Function_00007FF81A68069C 36 Function_00007FF81A68071B 37->22 38->1 38->5 40->11 41 Function_00007FF81A68258D 42 Function_00007FF81A68210A 42->29 43 Function_00007FF81A680609 44 Function_00007FF81A680B88 44->26 44->29 45->1 45->5 47 Function_00007FF81A681815 49 Function_00007FF81A680B79 50 Function_00007FF81A681605 50->11 51 Function_00007FF81A681785 52 Function_00007FF81A680783 53 Function_00007FF81A680701

                                                                                                                Executed Functions

                                                                                                                Function 00007FF81A682149 Relevance: 1.8, APIs: 1, Instructions: 332COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000017.00000002.417582487.00007FF81A680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF81A680000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_23_2_7ff81a680000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PathSearch
                                                                                                                • String ID:
                                                                                                                • API String ID: 2203818243-0
                                                                                                                • Opcode ID: 4bf27cdb2d32a38a65c22fb808e58545d0149a1f9e974a6e3849716f572703e6
                                                                                                                • Instruction ID: 3340bc233601c0678bcb7c92b123fb0deda824176a2d40df0728fedf24666369
                                                                                                                • Opcode Fuzzy Hash: 4bf27cdb2d32a38a65c22fb808e58545d0149a1f9e974a6e3849716f572703e6
                                                                                                                • Instruction Fuzzy Hash: BBB1CD30518A8D8FDBA9DF28C8557E97BE1FF59350F10426AE84EC7282DF34A945CB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:15.9%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:4
                                                                                                                Total number of Limit Nodes:0
                                                                                                                execution_graph 1239 7ff81a652149 1241 7ff81a652157 1239->1241 1240 7ff81a652385 SearchPathW 1242 7ff81a6523ec 1240->1242 1241->1240 1241->1241

                                                                                                                Callgraph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                • Opacity -> Relevance
                                                                                                                • Disassembly available
                                                                                                                callgraph 0 Function_00007FF81A650168 8 Function_00007FF81A650158 0->8 1 Function_00007FF81A6505E9 2 Function_00007FF81A650669 3 Function_00007FF81A6501F0 4 Function_00007FF81A6506F0 5 Function_00007FF81A6504F1 6 Function_00007FF81A650772 7 Function_00007FF81A6501DF 9 Function_00007FF81A650758 10 Function_00007FF81A6501D8 11 Function_00007FF81A6511E5 57 Function_00007FF81A650178 11->57 12 Function_00007FF81A6501E0 12->57 13 Function_00007FF81A650160 13->0 13->8 14 Function_00007FF81A651062 14->57 15 Function_00007FF81A6504CC 26 Function_00007FF81A6500B8 15->26 31 Function_00007FF81A6500C0 15->31 43 Function_00007FF81A6500A0 15->43 16 Function_00007FF81A6500C8 16->0 16->8 17 Function_00007FF81A651748 17->8 18 Function_00007FF81A652149 59 Function_00007FF81A65247A 18->59 19 Function_00007FF81A6524CA 44 Function_00007FF81A6501A0 19->44 20 Function_00007FF81A6506D6 21 Function_00007FF81A650AD6 21->44 22 Function_00007FF81A650BD1 22->10 22->12 22->57 23 Function_00007FF81A6506BC 24 Function_00007FF81A65073E 25 Function_00007FF81A65203E 27 Function_00007FF81A6520B8 27->3 36 Function_00007FF81A6516B0 27->36 37 Function_00007FF81A6500B0 27->37 28 Function_00007FF81A6507BA 28->16 28->31 34 Function_00007FF81A650128 28->34 42 Function_00007FF81A650120 28->42 48 Function_00007FF81A650108 28->48 29 Function_00007FF81A650B44 29->44 30 Function_00007FF81A651247 30->57 31->0 31->8 32 Function_00007FF81A651443 32->57 33 Function_00007FF81A6500A8 35 Function_00007FF81A650A2A 36->0 36->8 38 Function_00007FF81A651E9C 38->3 38->36 38->37 39 Function_00007FF81A650B1A 40 Function_00007FF81A650724 41 Function_00007FF81A6506A5 42->0 42->8 45 Function_00007FF81A65078C 46 Function_00007FF81A65258D 47 Function_00007FF81A650B88 47->31 48->0 48->8 49 Function_00007FF81A650208 50 Function_00007FF81A650609 51 Function_00007FF81A65210A 52 Function_00007FF81A65070A 53 Function_00007FF81A651815 54 Function_00007FF81A651911 54->3 54->36 54->37 54->49 55 Function_00007FF81A650A92 55->13 55->44 56 Function_00007FF81A6515FD 58 Function_00007FF81A650B79 60 Function_00007FF81A651605 60->13 61 Function_00007FF81A651785 62 Function_00007FF81A651901 63 Function_00007FF81A651F81 63->3 63->36 63->37

                                                                                                                Executed Functions

                                                                                                                Function 00007FF81A652149 Relevance: 1.8, APIs: 1, Instructions: 332COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001B.00000002.421337155.00007FF81A650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF81A650000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_27_2_7ff81a650000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PathSearch
                                                                                                                • String ID:
                                                                                                                • API String ID: 2203818243-0
                                                                                                                • Opcode ID: 3b5bf5874d0c2e825f9f8c46e93bdded284291f723cf29f84d237eaa59abe642
                                                                                                                • Instruction ID: 79b7ab44adbd0984472ea6b678f41e47c90283497a657339fe6270d9f36586e7
                                                                                                                • Opcode Fuzzy Hash: 3b5bf5874d0c2e825f9f8c46e93bdded284291f723cf29f84d237eaa59abe642
                                                                                                                • Instruction Fuzzy Hash: 01B1BD31918A8D8FDBA9DF28C8457E977E1EF59350F10426AE84EC7281CF35A9458B81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:12.2%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:3
                                                                                                                Total number of Limit Nodes:0
                                                                                                                execution_graph 1286 7ff81a6521c7 1287 7ff81a6521f1 SearchPathW 1286->1287 1289 7ff81a6523ec 1287->1289

                                                                                                                Callgraph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                • Opacity -> Relevance
                                                                                                                • Disassembly available
                                                                                                                callgraph 0 Function_00007FF81A650168 4 Function_00007FF81A650158 0->4 1 Function_00007FF81A6501F0 2 Function_00007FF81A6504F1 3 Function_00007FF81A6501D8 22 Function_00007FF81A6501B8 3->22 5 Function_00007FF81A6512D9 5->22 6 Function_00007FF81A65245A 7 Function_00007FF81A650764 8 Function_00007FF81A6501E5 9 Function_00007FF81A6501E0 9->22 10 Function_00007FF81A650160 10->0 10->4 11 Function_00007FF81A651062 11->22 12 Function_00007FF81A6506E3 13 Function_00007FF81A6500C8 13->0 13->4 14 Function_00007FF81A651748 14->4 15 Function_00007FF81A6506C9 16 Function_00007FF81A6524CA 37 Function_00007FF81A6501A0 16->37 17 Function_00007FF81A65074B 18 Function_00007FF81A650BD1 18->3 18->9 18->22 19 Function_00007FF81A6518BC 19->1 32 Function_00007FF81A6516B0 19->32 33 Function_00007FF81A6500B0 19->33 40 Function_00007FF81A651620 19->40 45 Function_00007FF81A650208 19->45 20 Function_00007FF81A6521BF 21 Function_00007FF81A6500B8 22->22 23 Function_00007FF81A6515B8 23->22 24 Function_00007FF81A6507BA 24->10 24->13 26 Function_00007FF81A6500C0 24->26 30 Function_00007FF81A650128 24->30 24->37 38 Function_00007FF81A650120 24->38 44 Function_00007FF81A650108 24->44 25 Function_00007FF81A6521C7 53 Function_00007FF81A65247A 25->53 26->0 26->4 27 Function_00007FF81A651443 27->22 28 Function_00007FF81A6506AF 29 Function_00007FF81A6500A8 30->22 31 Function_00007FF81A6501A8 31->22 32->0 32->4 34 Function_00007FF81A650731 35 Function_00007FF81A650798 36 Function_00007FF81A650698 37->22 38->0 38->4 39 Function_00007FF81A6500A0 40->10 41 Function_00007FF81A65048D 41->21 41->26 41->29 41->39 42 Function_00007FF81A65258D 43 Function_00007FF81A650B88 43->26 43->31 44->0 44->4 46 Function_00007FF81A650609 47 Function_00007FF81A65210A 47->31 48 Function_00007FF81A651815 49 Function_00007FF81A650717 50 Function_00007FF81A6506FD 51 Function_00007FF81A65077E 52 Function_00007FF81A650B79 54 Function_00007FF81A651605 54->10 55 Function_00007FF81A651785

                                                                                                                Executed Functions

                                                                                                                Function 00007FF81A6521C7 Relevance: 1.8, APIs: 1, Instructions: 252COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.425547643.00007FF81A650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF81A650000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff81a650000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PathSearch
                                                                                                                • String ID:
                                                                                                                • API String ID: 2203818243-0
                                                                                                                • Opcode ID: 10ff876c1bab7d89b39402a5d2683477b9941a4ee1dff92b0cf2b4459c40b644
                                                                                                                • Instruction ID: bd936d784db81484b56b93f5b1e2223474b8559e3b78ea19eaa2acf1058919be
                                                                                                                • Opcode Fuzzy Hash: 10ff876c1bab7d89b39402a5d2683477b9941a4ee1dff92b0cf2b4459c40b644
                                                                                                                • Instruction Fuzzy Hash: B5816C31528A4D8FDBA8DF28C8457E977E1FF98751F10426EE80EC7291CF74A9858B81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Callgraph

                                                                                                                Executed Functions

                                                                                                                Function 00007FF81A672149 Relevance: 1.8, APIs: 1, Instructions: 332COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001F.00000002.438566637.00007FF81A670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF81A670000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_31_2_7ff81a670000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PathSearch
                                                                                                                • String ID:
                                                                                                                • API String ID: 2203818243-0
                                                                                                                • Opcode ID: 70e864d1b099c88fbf0b9baf1b94ecd3505a66e01b3631840747352b709eface
                                                                                                                • Instruction ID: 21faf9f6ecb6740efdf21e327cd23c0dc2cbaa228714579a860b3979f54f8e67
                                                                                                                • Opcode Fuzzy Hash: 70e864d1b099c88fbf0b9baf1b94ecd3505a66e01b3631840747352b709eface
                                                                                                                • Instruction Fuzzy Hash: 25B19D71528A8D8FDBA9DF28C8457E977E1FF59350F10426ED84EC7281CF34A9858B81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Callgraph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                • Opacity -> Relevance
                                                                                                                • Disassembly available
                                                                                                                callgraph 0 Function_00007FF81A650168 8 Function_00007FF81A650158 0->8 1 Function_00007FF81A6505E9 2 Function_00007FF81A650669 3 Function_00007FF81A6501F0 4 Function_00007FF81A6506F0 5 Function_00007FF81A6504F1 6 Function_00007FF81A650772 7 Function_00007FF81A6501DF 9 Function_00007FF81A650758 10 Function_00007FF81A6501D8 11 Function_00007FF81A6511E5 57 Function_00007FF81A650178 11->57 12 Function_00007FF81A6501E0 12->57 13 Function_00007FF81A650160 13->0 13->8 14 Function_00007FF81A651062 14->57 15 Function_00007FF81A6504CC 26 Function_00007FF81A6500B8 15->26 31 Function_00007FF81A6500C0 15->31 43 Function_00007FF81A6500A0 15->43 16 Function_00007FF81A6500C8 16->0 16->8 17 Function_00007FF81A651748 17->8 18 Function_00007FF81A652149 59 Function_00007FF81A65247A 18->59 19 Function_00007FF81A6524CA 44 Function_00007FF81A6501A0 19->44 20 Function_00007FF81A6506D6 21 Function_00007FF81A650AD6 21->44 22 Function_00007FF81A650BD1 22->10 22->12 22->57 23 Function_00007FF81A6506BC 24 Function_00007FF81A65073E 25 Function_00007FF81A65203E 27 Function_00007FF81A6520B8 27->3 36 Function_00007FF81A6516B0 27->36 37 Function_00007FF81A6500B0 27->37 28 Function_00007FF81A6507BA 28->16 28->31 34 Function_00007FF81A650128 28->34 42 Function_00007FF81A650120 28->42 48 Function_00007FF81A650108 28->48 29 Function_00007FF81A650B44 29->44 30 Function_00007FF81A651247 30->57 31->0 31->8 32 Function_00007FF81A651443 32->57 33 Function_00007FF81A6500A8 35 Function_00007FF81A650A2A 36->0 36->8 38 Function_00007FF81A651E9C 38->3 38->36 38->37 39 Function_00007FF81A650B1A 40 Function_00007FF81A650724 41 Function_00007FF81A6506A5 42->0 42->8 45 Function_00007FF81A65078C 46 Function_00007FF81A65258D 47 Function_00007FF81A650B88 47->31 48->0 48->8 49 Function_00007FF81A650208 50 Function_00007FF81A650609 51 Function_00007FF81A65210A 52 Function_00007FF81A65070A 53 Function_00007FF81A651815 54 Function_00007FF81A651911 54->3 54->36 54->37 54->49 55 Function_00007FF81A650A92 55->13 55->44 56 Function_00007FF81A6515FD 58 Function_00007FF81A650B79 60 Function_00007FF81A651605 60->13 61 Function_00007FF81A651785 62 Function_00007FF81A651901 63 Function_00007FF81A651F81 63->3 63->36 63->37

                                                                                                                Executed Functions

                                                                                                                Function 00007FF81A652149 Relevance: 1.8, APIs: 1, Instructions: 334COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 189 7ff81a652149-7ff81a652155 190 7ff81a652158-7ff81a652169 189->190 191 7ff81a652157 189->191 192 7ff81a65216c-7ff81a652226 190->192 193 7ff81a65216b 190->193 191->190 197 7ff81a652228-7ff81a652230 192->197 198 7ff81a652233-7ff81a652238 192->198 193->192 197->198 199 7ff81a65223a-7ff81a652242 198->199 200 7ff81a652245-7ff81a65224a 198->200 199->200 201 7ff81a65224c-7ff81a652254 200->201 202 7ff81a652257-7ff81a652266 200->202 201->202 203 7ff81a65226c-7ff81a65229d 202->203 204 7ff81a65230e-7ff81a652316 202->204 212 7ff81a65229f-7ff81a6522a1 203->212 213 7ff81a6522f6 203->213 205 7ff81a65235d-7ff81a65236c 204->205 206 7ff81a652318-7ff81a652357 204->206 207 7ff81a6522ea-7ff81a6522f1 205->207 208 7ff81a652372-7ff81a65237f 205->208 206->205 210 7ff81a652385-7ff81a6523ea SearchPathW 207->210 208->210 216 7ff81a6523ec 210->216 217 7ff81a6523f2-7ff81a652407 210->217 214 7ff81a6522da-7ff81a6522e8 212->214 215 7ff81a6522a3-7ff81a6522b5 212->215 221 7ff81a6522fb-7ff81a6522fc 213->221 220 7ff81a6522fe-7ff81a652308 214->220 218 7ff81a6522b9-7ff81a6522cc 215->218 219 7ff81a6522b7 215->219 216->217 225 7ff81a65242c-7ff81a65245e call 7ff81a65247a 217->225 226 7ff81a652409-7ff81a65242b 217->226 218->218 223 7ff81a6522ce-7ff81a6522d6 218->223 219->218 220->204 221->220 223->214 230 7ff81a652465-7ff81a652479 225->230 231 7ff81a652460 225->231 226->225 231->230
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000021.00000002.443117315.00007FF81A650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF81A650000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_33_2_7ff81a650000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PathSearch
                                                                                                                • String ID:
                                                                                                                • API String ID: 2203818243-0
                                                                                                                • Opcode ID: bc1891aa4eeadf91ffe938453d2daed872acb4ac9b21ca86b9af945ceb03497e
                                                                                                                • Instruction ID: abc949b56433cd1e1c383d29beb869b8d05268c16d940cf0eb2b0aca5cba9d4b
                                                                                                                • Opcode Fuzzy Hash: bc1891aa4eeadf91ffe938453d2daed872acb4ac9b21ca86b9af945ceb03497e
                                                                                                                • Instruction Fuzzy Hash: E9B1AE31918A8D8FDBA9DF28C8457E977D1FF59350F10426EE84EC7282CE35A945CB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Callgraph

                                                                                                                Executed Functions

                                                                                                                Function 00007FF81A682149 Relevance: 1.8, APIs: 1, Instructions: 328COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000023.00000002.447922489.00007FF81A680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF81A680000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_35_2_7ff81a680000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PathSearch
                                                                                                                • String ID:
                                                                                                                • API String ID: 2203818243-0
                                                                                                                • Opcode ID: 2c43dc4e2b28c2e668abce9cf4fa4b4ae821522e2e3dc1b67e6fa855b10e5a2d
                                                                                                                • Instruction ID: b8123194712d8d3fab71b962a0ba00e6134a5bda403d7f92de96818c0fc42631
                                                                                                                • Opcode Fuzzy Hash: 2c43dc4e2b28c2e668abce9cf4fa4b4ae821522e2e3dc1b67e6fa855b10e5a2d
                                                                                                                • Instruction Fuzzy Hash: 24B1AD31518A8D8FEBA8DF28C8557E977E1FF59310F10426EE85EC7282DF34A9458B81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Callgraph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                • Opacity -> Relevance
                                                                                                                • Disassembly available
                                                                                                                callgraph 0 Function_00007FF81A670168 4 Function_00007FF81A670158 0->4 1 Function_00007FF81A670769 2 Function_00007FF81A6701F0 3 Function_00007FF81A6704F1 5 Function_00007FF81A6701D8 22 Function_00007FF81A6701B8 5->22 6 Function_00007FF81A6712D9 6->22 7 Function_00007FF81A6706E7 8 Function_00007FF81A6701E5 9 Function_00007FF81A671062 9->22 10 Function_00007FF81A6701E0 10->22 11 Function_00007FF81A670160 11->0 11->4 12 Function_00007FF81A67074F 13 Function_00007FF81A6706CD 14 Function_00007FF81A6724CA 36 Function_00007FF81A6701A0 14->36 15 Function_00007FF81A6700C8 15->0 15->4 16 Function_00007FF81A671748 16->4 17 Function_00007FF81A672149 48 Function_00007FF81A67247A 17->48 18 Function_00007FF81A6704D1 25 Function_00007FF81A6700C0 18->25 38 Function_00007FF81A6700A0 18->38 19 Function_00007FF81A670BD1 19->5 19->10 19->22 20 Function_00007FF81A6718BC 20->2 31 Function_00007FF81A6716B0 20->31 32 Function_00007FF81A6700B0 20->32 39 Function_00007FF81A671620 20->39 45 Function_00007FF81A670208 20->45 21 Function_00007FF81A6707BA 21->11 21->15 21->25 27 Function_00007FF81A670128 21->27 21->36 37 Function_00007FF81A670120 21->37 44 Function_00007FF81A670108 21->44 22->22 23 Function_00007FF81A6715B8 23->22 24 Function_00007FF81A671443 24->22 25->0 25->4 26 Function_00007FF81A6700A8 27->22 28 Function_00007FF81A6701A8 28->22 29 Function_00007FF81A670735 30 Function_00007FF81A6706B3 31->0 31->4 33 Function_00007FF81A67069C 34 Function_00007FF81A67079D 35 Function_00007FF81A67071B 36->22 37->0 37->4 39->11 40 Function_00007FF81A67258D 41 Function_00007FF81A67048D 41->26 42 Function_00007FF81A67210A 42->28 43 Function_00007FF81A670B88 43->25 43->28 44->0 44->4 46 Function_00007FF81A670609 47 Function_00007FF81A671815 49 Function_00007FF81A670B79 50 Function_00007FF81A671605 50->11 51 Function_00007FF81A671785 52 Function_00007FF81A670783 53 Function_00007FF81A670701

                                                                                                                Executed Functions

                                                                                                                Function 00007FF81A672149 Relevance: 1.8, APIs: 1, Instructions: 328COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 273 7ff81a672149-7ff81a672155 274 7ff81a672158-7ff81a672169 273->274 275 7ff81a672157 273->275 276 7ff81a67216c-7ff81a672226 274->276 277 7ff81a67216b 274->277 275->274 281 7ff81a672228-7ff81a672230 276->281 282 7ff81a672233-7ff81a672238 276->282 277->276 281->282 283 7ff81a67223a-7ff81a672242 282->283 284 7ff81a672245-7ff81a67224a 282->284 283->284 285 7ff81a67224c-7ff81a672254 284->285 286 7ff81a672257-7ff81a672266 284->286 285->286 287 7ff81a67230e-7ff81a672316 286->287 288 7ff81a67226c-7ff81a67229d 286->288 289 7ff81a67235d-7ff81a67236c 287->289 290 7ff81a672318-7ff81a672357 287->290 294 7ff81a67229f-7ff81a6722a1 288->294 295 7ff81a6722f6 288->295 291 7ff81a6722ea-7ff81a6722f1 289->291 292 7ff81a672372-7ff81a67237f 289->292 290->289 296 7ff81a672385-7ff81a6723ea SearchPathW 291->296 292->296 298 7ff81a6722da-7ff81a6722e8 294->298 299 7ff81a6722a3-7ff81a6722b5 294->299 306 7ff81a6722fb-7ff81a6722fc 295->306 300 7ff81a6723ec 296->300 301 7ff81a6723f2-7ff81a672407 296->301 305 7ff81a6722fe-7ff81a672308 298->305 303 7ff81a6722b9-7ff81a6722cc 299->303 304 7ff81a6722b7 299->304 300->301 309 7ff81a67242c-7ff81a67245e call 7ff81a67247a 301->309 310 7ff81a672409-7ff81a67242b 301->310 303->303 307 7ff81a6722ce-7ff81a6722d6 303->307 304->303 305->287 306->305 307->298 314 7ff81a672465-7ff81a672479 309->314 315 7ff81a672460 309->315 310->309 315->314
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000025.00000002.452533310.00007FF81A670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF81A670000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_37_2_7ff81a670000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PathSearch
                                                                                                                • String ID:
                                                                                                                • API String ID: 2203818243-0
                                                                                                                • Opcode ID: c7f31be92516241fdf2bb6a76b062ca6f775e9bb25738f651088389465efacee
                                                                                                                • Instruction ID: 39bbea6dce109df82b34e5f25b068a203e020cc1be7adb186927aa8af2d5da5b
                                                                                                                • Opcode Fuzzy Hash: c7f31be92516241fdf2bb6a76b062ca6f775e9bb25738f651088389465efacee
                                                                                                                • Instruction Fuzzy Hash: 97B19D71928A8D8FEBA8DF28D8457E977E1FF59310F10426AD84EC7281DF34A945CB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Callgraph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                • Opacity -> Relevance
                                                                                                                • Disassembly available
                                                                                                                callgraph 0 Function_00007FF81A6606E9 1 Function_00007FF81A660168 7 Function_00007FF81A660158 1->7 2 Function_00007FF81A66076B 3 Function_00007FF81A6604F1 4 Function_00007FF81A6601F0 5 Function_00007FF81A6612D9 20 Function_00007FF81A6601B8 5->20 6 Function_00007FF81A6601D8 8 Function_00007FF81A6601E0 9 Function_00007FF81A660160 9->1 9->7 10 Function_00007FF81A661062 10->20 11 Function_00007FF81A6606CF 12 Function_00007FF81A662149 48 Function_00007FF81A66247A 12->48 13 Function_00007FF81A6600C8 13->1 13->7 14 Function_00007FF81A661748 14->7 15 Function_00007FF81A6624CA 35 Function_00007FF81A6601A0 15->35 16 Function_00007FF81A660BD1 16->6 16->8 16->20 17 Function_00007FF81A660751 18 Function_00007FF81A6618BC 18->4 30 Function_00007FF81A6616B0 18->30 31 Function_00007FF81A6600B0 18->31 38 Function_00007FF81A661620 18->38 44 Function_00007FF81A660208 18->44 19 Function_00007FF81A6600B8 21 Function_00007FF81A6615B8 21->20 22 Function_00007FF81A6607BA 22->9 22->13 23 Function_00007FF81A6600C0 22->23 26 Function_00007FF81A660128 22->26 22->35 36 Function_00007FF81A660120 22->36 43 Function_00007FF81A660108 22->43 23->1 23->7 24 Function_00007FF81A661443 24->20 25 Function_00007FF81A6600A8 26->20 27 Function_00007FF81A6601A8 28 Function_00007FF81A6606B5 29 Function_00007FF81A660737 30->1 30->7 32 Function_00007FF81A66071D 33 Function_00007FF81A66079F 34 Function_00007FF81A66069E 36->1 36->7 37 Function_00007FF81A6600A0 38->9 39 Function_00007FF81A66048D 39->19 39->23 39->25 39->37 40 Function_00007FF81A66258D 41 Function_00007FF81A660609 42 Function_00007FF81A660B88 42->23 42->27 43->1 43->7 45 Function_00007FF81A66210A 45->27 46 Function_00007FF81A661815 47 Function_00007FF81A660B79 49 Function_00007FF81A660785 50 Function_00007FF81A661605 50->9 51 Function_00007FF81A661785 52 Function_00007FF81A660703

                                                                                                                Executed Functions

                                                                                                                Function 00007FF81A662149 Relevance: 1.8, APIs: 1, Instructions: 332COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000027.00000002.457360614.00007FF81A660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF81A660000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_39_2_7ff81a660000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PathSearch
                                                                                                                • String ID:
                                                                                                                • API String ID: 2203818243-0
                                                                                                                • Opcode ID: e4f99332677343eb1ddfa433db5a0a961f8dd505f11bc5d02788331dcdc988c2
                                                                                                                • Instruction ID: cd3beecd55b92e843e29375a5d7b9309c78b16ce49fd7930750382347bad2e91
                                                                                                                • Opcode Fuzzy Hash: e4f99332677343eb1ddfa433db5a0a961f8dd505f11bc5d02788331dcdc988c2
                                                                                                                • Instruction Fuzzy Hash: 30B1AD31918A8D8FEBA8DF28D8457E977E1FF59310F10426AD84EC7291CF34A945CB82
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%