Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SetupWIService.exe

Overview

General Information

Sample Name:SetupWIService.exe
Analysis ID:775485
MD5:1927469a9b3fe32f0a7c8216f444bf7c
SHA1:4f67b5dd3d3388fa4f6af3b0bb629778c27ee94c
SHA256:88c12a9f7e73f96f292fb0ca2b34c86b6d2eae652c5c1169ecc29941937d7d81
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:32
Range:0 - 100

Signatures

Uses netstat to query active network connections and open ports
Gathers network related connection and port information
Query firmware table information (likely to detect VMs)
Modifies the hosts file
Changes security center settings (notifications, updates, antivirus, firewall)
Sets file extension default program settings to executables
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
Contains long sleeps (>= 3 min)
Enables debug privileges
EXE planting / hijacking vulnerabilities found
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Queries information about the installed CPU (vendor, model number etc)
AV process strings found (often used to terminate AV products)
PE file contains an invalid checksum
Drops PE files
Tries to load missing DLLs
Uses taskkill to terminate processes
Queries disk information (often used to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • SetupWIService.exe (PID: 5284 cmdline: C:\Users\user\Desktop\SetupWIService.exe MD5: 1927469A9B3FE32F0A7C8216F444BF7C)
    • cmd.exe (PID: 664 cmdline: cmd /C taskkill /F /IM WIService.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 2312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 4552 cmdline: taskkill /F /IM WIService.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 5480 cmdline: cmd /C taskkill /F /IM WIui.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 5208 cmdline: taskkill /F /IM WIui.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 5128 cmdline: cmd /C taskkill /F /IM wirtpproxy.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 4648 cmdline: taskkill /F /IM wirtpproxy.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 3600 cmdline: cmd /C taskkill /F /IM wiservice-ui.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 5556 cmdline: taskkill /F /IM wiservice-ui.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 4788 cmdline: cmd /C taskkill /F /IM vncsrv.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 4080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 3920 cmdline: taskkill /F /IM vncsrv.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • wiservice.exe (PID: 5472 cmdline: "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --proxyex MD5: 723F23EEFB213A23959A28D1ED11D42D)
    • wiservice.exe (PID: 1836 cmdline: "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --installsvc MD5: 723F23EEFB213A23959A28D1ED11D42D)
    • explorer.exe (PID: 5568 cmdline: C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\proxyex.lnk MD5: AD5296B280E8F522A8A897C96BAB0E1D)
    • explorer.exe (PID: 4144 cmdline: C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exe MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • svchost.exe (PID: 968 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 3388 cmdline: c:\windows\system32\svchost.exe -k unistacksvcgroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5208 cmdline: c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • wiservice.exe (PID: 4700 cmdline: "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --hostsvc MD5: 723F23EEFB213A23959A28D1ED11D42D)
    • wiservice.exe (PID: 4764 cmdline: "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --watchdog MD5: 723F23EEFB213A23959A28D1ED11D42D)
      • NETSTAT.EXE (PID: 4912 cmdline: netstat -ano -p tcp MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)
        • conhost.exe (PID: 5568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • NETSTAT.EXE (PID: 4976 cmdline: netstat -ano -p tcp MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)
        • conhost.exe (PID: 4996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • NETSTAT.EXE (PID: 5856 cmdline: netstat -ano -p tcp MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)
        • conhost.exe (PID: 5868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • NETSTAT.EXE (PID: 4468 cmdline: netstat -ano -p tcp MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)
        • conhost.exe (PID: 5984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • svchost.exe (PID: 4184 cmdline: c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • wiservice.exe (PID: 3416 cmdline: "C:\Program Files (x86)\Wildix\WIService\WIService.exe" MD5: 723F23EEFB213A23959A28D1ED11D42D)
    • NETSTAT.EXE (PID: 5376 cmdline: netstat -ano -p tcp MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)
      • conhost.exe (PID: 5288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • svchost.exe (PID: 5652 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • explorer.exe (PID: 2384 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: AD5296B280E8F522A8A897C96BAB0E1D)
    • wiservice.exe (PID: 4252 cmdline: "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --proxyex MD5: 723F23EEFB213A23959A28D1ED11D42D)
  • explorer.exe (PID: 5184 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: AD5296B280E8F522A8A897C96BAB0E1D)
    • wiservice.exe (PID: 4760 cmdline: "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" MD5: 723F23EEFB213A23959A28D1ED11D42D)
  • SgrmBroker.exe (PID: 996 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: D3170A3F3A9626597EEE1888686E3EA6)
  • svchost.exe (PID: 1400 cmdline: c:\windows\system32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 2576 cmdline: c:\windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 3660 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • MpCmdRun.exe (PID: 5380 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: A267555174BFA53844371226F482B86B)
      • conhost.exe (PID: 5592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: wiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Users\user\Desktop\SetupWIService.exeEXE: cmd.exeJump to behavior

Compliance

barindex
Uses 32bit PE files
Source: SetupWIService.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\SetupWIService.exeEXE: cmd.exeJump to behavior
PE / OLE file has a valid certificate
Source: SetupWIService.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: SetupWIService.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\Projects\wiservice\deploy\win-x86-release\wiservice.pdb source: wiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASMcrypto\rand\randfile.cFilename=RANDFILE.rndPs source: wiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: wiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmp
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00402765 FindFirstFileA,0_2_00402765
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00406313 FindFirstFileA,FindClose,0_2_00406313
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_004057D8 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004057D8

Networking

barindex
Uses netstat to query active network connections and open ports
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 331Content-Type: application/x-www-form-urlencoded
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: wiservice.exe, 0000001A.00000003.456532559.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456280842.0000000001493000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca
Source: wiservice.exe, 0000001A.00000003.488729555.000000000148B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410695367.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456532559.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410568357.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.424161941.0000000001494000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456280842.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.499579135.0000000001491000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.X
Source: wiservice.exe, 00000017.00000002.528558299.00000000044C2000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.381124632.0000000001477000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410666524.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501542333.0000000001450000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501649692.0000000001476000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456218960.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456485795.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361770400.0000000001477000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.488665706.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501401647.0000000001450000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: wiservice.exe, 0000001A.00000003.456159103.00000000014A6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000002.527466388.0000000001486000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501542333.0000000001450000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456250360.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456179043.0000000001451000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361812004.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410695367.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501378884.00000000014A6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410568357.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000002.526949432.0000000001452000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456541397.0000000001458000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501589540.0000000001486000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361757994.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456375063.0000000001451000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501401647.0000000001450000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.424161941.0000000001494000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410543165.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.488723507.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456342456.00000000014A7000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501525875.00000000014A6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456513551.0000000001487000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: wiservice.exe, 0000001A.00000003.381124632.0000000001477000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361770400.0000000001477000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crla
Source: wiservice.exe, 0000001A.00000003.410666524.000000000146E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crlxe
Source: wiservice.exe, 0000001A.00000003.501542333.0000000001450000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501649692.0000000001476000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501401647.0000000001450000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crlxeA
Source: wiservice.exe, 0000001A.00000003.410666524.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000002.527466388.0000000001486000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501542333.0000000001450000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456250360.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456179043.0000000001451000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361812004.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456218960.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456485795.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.424191151.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501378884.00000000014A6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000002.526949432.0000000001452000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.424235111.0000000001476000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501589540.0000000001486000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361757994.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456375063.0000000001451000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501401647.0000000001450000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410543165.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.488723507.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501525875.00000000014A6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456513551.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501455907.0000000001486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
Source: wiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://jimmac.musichall.cz
Source: SetupWIService.exe, SetupWIService.exe, 00000000.00000000.253380165.000000000040A000.00000008.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: SetupWIService.exe, 00000000.00000000.253380165.000000000040A000.00000008.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: wiservice.exe, 0000001A.00000003.467025367.00000000014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.com
Source: wiservice.exe, 0000001A.00000003.456375063.0000000001451000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501401647.0000000001450000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.424161941.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com
Source: wiservice.exe, 0000001A.00000003.501401647.0000000001450000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com#
Source: wiservice.exe, 00000017.00000002.528477199.00000000041D0000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000017.00000002.528497117.00000000041D8000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456159103.00000000014A6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.381124632.0000000001477000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000002.527466388.0000000001486000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456250360.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410695367.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501378884.00000000014A6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410568357.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361770400.0000000001477000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456151572.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456523277.000000000148B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.381142482.0000000001479000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410531742.0000000001482000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361742957.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456270353.000000000148B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501370286.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501589540.0000000001486000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.424161941.0000000001494000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.488437791.000000000144D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410554525.000000000148B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: wiservice.exe, 0000001A.00000003.424161941.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.comA
Source: wiservice.exe, 0000001A.00000003.501542333.0000000001450000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501649692.0000000001476000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456218960.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456485795.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000002.526949432.0000000001452000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.488665706.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501401647.0000000001450000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.comer
Source: wiservice.exe, 0000001A.00000003.456179043.0000000001451000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.comu
Source: wiservice.exe, 0000001A.00000003.410695367.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410568357.0000000001493000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.comv
Source: wiservice.exe, 0000001A.00000003.501401647.0000000001450000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com
Source: wiservice.exe, 0000001A.00000003.456218960.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456485795.000000000146E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0.1:988
Source: wiservice.exe, 00000017.00000002.528477199.00000000041D0000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000017.00000002.528497117.00000000041D8000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.381124632.0000000001477000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410666524.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000002.527466388.0000000001486000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501542333.0000000001450000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456250360.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456179043.0000000001451000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361812004.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.424191151.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501378884.00000000014A6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361770400.0000000001477000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000002.526949432.0000000001452000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456151572.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456523277.000000000148B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.381142482.0000000001479000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410531742.0000000001482000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361742957.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.424235111.0000000001476000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456270353.000000000148B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501370286.00000000014A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com09
Source: svchost.exe, 00000019.00000002.336849459.0000028211613000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bingmapsportal.com
Source: wiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.gimp.orgg
Source: svchost.exe, 00000014.00000002.522519332.00000298D083E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%s.dnet.xboxlive.com
Source: svchost.exe, 00000014.00000002.522519332.00000298D083E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%s.xboxlive.com
Source: svchost.exe, 00000014.00000002.522519332.00000298D083E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com
Source: svchost.exe, 00000014.00000002.522519332.00000298D083E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.comt
Source: svchost.exe, 00000019.00000003.336606467.0000028211660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
Source: wiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.526256114.0000000001488000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000003.320239556.00000000014C1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000003.320322856.00000000014C6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/
Source: wiservice.exe, 0000001F.00000003.320239556.00000000014C1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001F.00000003.320322856.00000000014C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace//e0
Source: wiservice.exe, 00000015.00000002.526256114.0000000001488000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/pG
Source: wiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/sysInfo.txtignored_processed_--dumpSend
Source: svchost.exe, 00000014.00000002.522519332.00000298D083E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bn2.notify.windows.com/v2/register/xplatform/device
Source: svchost.exe, 00000014.00000002.522519332.00000298D083E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://co4-df.notify.windows.com/v2/register/xplatform/device
Source: wiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: svchost.exe, 00000019.00000003.336614965.000002821165A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000019.00000002.336948474.000002821165C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336614965.000002821165A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 00000019.00000003.336606467.0000028211660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
Source: svchost.exe, 00000019.00000002.336907549.000002821163D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
Source: svchost.exe, 00000019.00000002.336948474.000002821165C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336614965.000002821165A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
Source: svchost.exe, 00000019.00000003.336606467.0000028211660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
Source: svchost.exe, 00000019.00000003.336575813.0000028211648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.336938385.000002821164E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: svchost.exe, 00000019.00000002.336948474.000002821165C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336614965.000002821165A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 00000019.00000003.336606467.0000028211660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
Source: svchost.exe, 00000019.00000002.336907549.000002821163D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
Source: svchost.exe, 00000019.00000003.336606467.0000028211660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
Source: svchost.exe, 00000019.00000003.336606467.0000028211660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
Source: svchost.exe, 00000019.00000003.336606467.0000028211660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
Source: svchost.exe, 00000019.00000002.336918393.0000028211642000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336651251.0000028211640000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
Source: svchost.exe, 00000019.00000002.336918393.0000028211642000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336651251.0000028211640000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
Source: svchost.exe, 00000019.00000003.336606467.0000028211660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
Source: svchost.exe, 00000019.00000002.336948474.000002821165C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336651251.0000028211640000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336614965.000002821165A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
Source: svchost.exe, 00000019.00000003.336614965.000002821165A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
Source: svchost.exe, 00000019.00000002.336948474.000002821165C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336614965.000002821165A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000019.00000002.336948474.000002821165C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336614965.000002821165A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000019.00000003.336644255.0000028211645000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336651251.0000028211640000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336614965.000002821165A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t
Source: svchost.exe, 00000019.00000003.336606467.0000028211660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
Source: svchost.exe, 00000019.00000002.336907549.000002821163D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000019.00000003.307877117.0000028211631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: wiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Analytics/wiservice
Source: wiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Analytics/wiserviceappNamedataextextensionapppbxhostnameuserconte
Source: wiservice.exe, 0000001A.00000003.410666524.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000002.527466388.0000000001486000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501542333.0000000001450000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456250360.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456179043.0000000001451000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361812004.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.424191151.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501378884.00000000014A6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000002.526949432.0000000001452000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.424235111.0000000001476000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501589540.0000000001486000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361757994.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456375063.0000000001451000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501401647.0000000001450000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410543165.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.488723507.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501525875.00000000014A6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456513551.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501455907.0000000001486000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.488476902.0000000001453000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.467055385.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: svchost.exe, 00000019.00000002.336907549.000002821163D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
Source: svchost.exe, 00000019.00000002.336849459.0000028211613000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.336907549.000002821163D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
Source: svchost.exe, 00000019.00000003.307877117.0000028211631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000019.00000003.336644255.0000028211645000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000019.00000003.307877117.0000028211631000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.336898752.000002821163A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Source: svchost.exe, 00000019.00000003.336575813.0000028211648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.336938385.000002821164E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen
Source: unknownHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 331Content-Type: application/x-www-form-urlencoded
Source: unknownDNS traffic detected: queries for: feedback.wildix.com
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00405275 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405275

Spam, unwanted Advertisements and Ransom Demands

barindex
Modifies the hosts file
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: SetupWIService.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_0040326B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326B
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00406FC40_2_00406FC4
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_004067ED0_2_004067ED
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_73911A980_2_73911A98
Source: C:\Windows\System32\svchost.exeSection loaded: xboxlivetitleid.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cdpsgshims.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: windowscoredeviceinfo.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windowscoredeviceinfo.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windowscoredeviceinfo.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windowscoredeviceinfo.dll
Source: C:\Users\user\Desktop\SetupWIService.exeFile read: C:\Users\user\Desktop\SetupWIService.exeJump to behavior
Source: SetupWIService.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SetupWIService.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SetupWIService.exe C:\Users\user\Desktop\SetupWIService.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --proxyex
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --installsvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
Source: unknownProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --hostsvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
Source: unknownProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\WIService.exe"
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\proxyex.lnk
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --watchdog
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exe
Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --proxyex
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe"
Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --proxyexJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --installsvcJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\proxyex.lnkJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --watchdogJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --proxyex
Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Users\user\Desktop\SetupWIService.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Uninstall.lnk.0.drLNK file: ..\..\..\..\..\..\..\Program Files (x86)\Wildix\WIService\uninstall.exe
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_0040326B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326B
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIService.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIui.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wirtpproxy.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wiservice-ui.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vncsrv.exe")
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIui.exe")
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeFile created: C:\Users\user\AppData\Roaming\WildixJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nspBEE7.tmpJump to behavior
Source: classification engineClassification label: mal48.troj.adwa.spyw.evad.winEXE@71/20@1/3
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00402138 CoCreateInstance,MultiByteToWideChar,0_2_00402138
Source: C:\Users\user\Desktop\SetupWIService.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00404530 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404530
Source: wiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: wiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5288:120:WilError_01
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.desktop-integration.service
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5124:120:WilError_01
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.svchost
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.desktop-integration.proxyex
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5592:120:WilError_01
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.watchdog
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2312:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5524:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4996:120:WilError_01
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WIS
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5868:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4080:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5568:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5984:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5632:120:WilError_01
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files (x86)\WildixJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe
Source: unknownProcess created: C:\Windows\explorer.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe
Source: unknownProcess created: C:\Windows\explorer.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exeJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: SetupWIService.exeStatic file information: File size 4383096 > 1048576
Source: SetupWIService.exeStatic PE information: certificate valid
Source: SetupWIService.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Projects\wiservice\deploy\win-x86-release\wiservice.pdb source: wiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASMcrypto\rand\randfile.cFilename=RANDFILE.rndPs source: wiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: wiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmp
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_73912F60 push eax; ret 0_2_73912F8E
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_73911A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_73911A98
Source: nsExec.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x8b0f
Source: uninstall.exe.0.drStatic PE information: real checksum: 0x432552 should be: 0x512d8
Source: System.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xd8f8
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files (x86)\Wildix\WIService\uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsuBFA3.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsuBFA3.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files (x86)\Wildix\WIService\wiservice.exeJump to dropped file

Boot Survival

barindex
Sets file extension default program settings to executables
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\callto\shell\open\command C:\Program Files (x86)\Wildix\WIService\wiservice.exe %1Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sip\shell\open\command C:\Program Files (x86)\Wildix\WIService\wiservice.exe %1Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wildix\shell\open\command C:\Program Files (x86)\Wildix\WIService\wiservice.exe %1Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_CURRENT_USER_Classes\wiservice.callto\shell\open\command C:\Program Files (x86)\Wildix\WIService\wiservice.exe %1Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tel\shell\open\command C:\Program Files (x86)\Wildix\WIService\wiservice.exe %1Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildixJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIServiceJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnkJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Windows\System32\svchost.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exe TID: 5632Thread sleep count: 4882 > 30Jump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exe TID: 5632Thread sleep time: -48820s >= -30000sJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exe TID: 1948Thread sleep time: -46860s >= -30000sJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exe TID: 684Thread sleep count: 6221 > 30
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exe TID: 684Thread sleep time: -62210s >= -30000s
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exe TID: 1672Thread sleep count: 3074 > 30
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exe TID: 1672Thread sleep time: -30740s >= -30000s
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exe TID: 4520Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files (x86)\Wildix\WIService\uninstall.exeJump to dropped file
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeWindow / User API: threadDelayed 4882Jump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeWindow / User API: threadDelayed 4686Jump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeWindow / User API: threadDelayed 1239Jump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeWindow / User API: threadDelayed 1178Jump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeWindow / User API: threadDelayed 6221
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeWindow / User API: threadDelayed 3074
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00402765 FindFirstFileA,0_2_00402765
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00406313 FindFirstFileA,FindClose,0_2_00406313
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_004057D8 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004057D8
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\SetupWIService.exeAPI call chain: ExitProcess graph end nodegraph_0-4269
Source: C:\Users\user\Desktop\SetupWIService.exeAPI call chain: ExitProcess graph end nodegraph_0-4271
Source: explorer.exe, 00000020.00000002.522237582.0000000000987000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\b8b}
Source: svchost.exe, 00000010.00000002.521689652.000001682DA00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService
Source: svchost.exe, 00000010.00000002.522422317.000001682DA68000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.522850083.00000298D086E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000015.00000002.526256114.0000000001488000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000002.522269799.0000022135C29000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001F.00000003.319417701.00000000014FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_73911A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_73911A98
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeCode function: 17_2_00878A00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,17_2_00878A00
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeCode function: 23_2_00878A00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,23_2_00878A00

HIPS / PFW / Operating System Protection Evasion

barindex
Modifies the hosts file
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Users\user\Desktop\SetupWIService.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeCode function: 17_2_0087A26B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,17_2_0087A26B
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_0040326B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326B

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Modifies the hosts file
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
Changes security center settings (notifications, updates, antivirus, firewall)
Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : FirewallProduct
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiSpywareProduct
Source: wiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: avp.exe

Stealing of Sensitive Information

barindex
Gathers network related connection and port information
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts11
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
File and Directory Permissions Modification		OS Credential Dumping1
System Time Discovery		Remote Services11
Archive Collected Data		Exfiltration Over Other Network Medium11
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
System Shutdown/Reboot
Default Accounts1
Native API		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		11
Disable or Modify Tools		LSASS Memory2
System Network Connections Discovery		Remote Desktop Protocol1
Clipboard Data		Exfiltration Over Bluetooth2
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)1
Registry Run Keys / Startup Folder		1
Access Token Manipulation		1
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)11
Process Injection		1
DLL Side-Loading		NTDS35
System Information Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon Script1
Registry Run Keys / Startup Folder		1
DLL Search Order Hijacking		LSA Secrets131
Security Software Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common12
Masquerading		Cached Domain Credentials1
Process Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items131
Virtualization/Sandbox Evasion		DCSync131
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
Access Token Manipulation		Proc Filesystem1
Application Window Discovery		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)11
Process Injection		/etc/passwd and /etc/shadow1
Remote System Discovery		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork Sniffing1
System Network Configuration Discovery		Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 775485 Sample: SetupWIService.exe Startdate: 29/12/2022 Architecture: WINDOWS Score: 48 82 Uses netstat to query active network connections and open ports 2->82 84 Gathers network related connection and port information 2->84 8 SetupWIService.exe 35 42 2->8         started        12 wiservice.exe 12 2->12         started        14 wiservice.exe 12 2->14         started        17 11 other processes 2->17 process3 dnsIp4 68 C:\Program Files (x86)\...\wiservice.exe, PE32 8->68 dropped 70 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 8->70 dropped 72 C:\Users\user\AppData\Local\...\System.dll, PE32 8->72 dropped 74 C:\Program Files (x86)\...\uninstall.exe, PE32 8->74 dropped 90 Sets file extension default program settings to executables 8->90 19 wiservice.exe 1 6 8->19         started        23 cmd.exe 1 8->23         started        25 cmd.exe 1 8->25         started        38 6 other processes 8->38 27 wiservice.exe 12->27         started        78 feedback.wildix.com 3.64.145.227, 443, 49703 AMAZON-02US United States 14->78 92 Gathers network related connection and port information 14->92 30 NETSTAT.EXE 14->30         started        80 192.168.2.1 unknown unknown 17->80 94 Query firmware table information (likely to detect VMs) 17->94 96 Changes security center settings (notifications, updates, antivirus, firewall) 17->96 32 MpCmdRun.exe 17->32         started        34 wiservice.exe 17->34         started        36 wiservice.exe 17->36         started        file5 signatures6 process7 dnsIp8 66 C:\Windows\System32\drivers\etc\hosts, ASCII 19->66 dropped 86 Modifies the hosts file 19->86 52 2 other processes 23->52 54 2 other processes 25->54 76 127.0.0.1 unknown unknown 27->76 88 Gathers network related connection and port information 27->88 40 NETSTAT.EXE 27->40         started        42 NETSTAT.EXE 27->42         started        44 NETSTAT.EXE 27->44         started        46 NETSTAT.EXE 27->46         started        48 conhost.exe 30->48         started        50 conhost.exe 32->50         started        56 6 other processes 38->56 file9 signatures10 process11 process12 58 conhost.exe 40->58         started        60 conhost.exe 42->60         started        62 conhost.exe 44->62         started        64 conhost.exe 46->64         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SetupWIService.exe2%ReversingLabs
SetupWIService.exe1%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Wildix\WIService\uninstall.exe4%ReversingLabs
C:\Program Files (x86)\Wildix\WIService\wiservice.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsuBFA3.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsuBFA3.tmp\nsExec.dll0%ReversingLabs

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
0.2.SetupWIService.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
0.0.SetupWIService.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://ocsp.sectigo.com090%URL Reputationsafe
http://ocsp.sectigo.com090%URL Reputationsafe
http://www.gimp.orgg0%URL Reputationsafe
http://ocsp.sectigo.com0%URL Reputationsafe
https://activity.windows.comt0%URL Reputationsafe
https://activity.windows.comt0%URL Reputationsafe
https://%s.xboxlive.com0%URL Reputationsafe
https://dynamic.t0%URL Reputationsafe
http://jimmac.musichall.cz0%URL Reputationsafe
https://%s.dnet.xboxlive.com0%URL Reputationsafe
https://%s.dnet.xboxlive.com0%URL Reputationsafe
http://ocsp.sectigo.com0.1:9880%Avira URL Cloudsafe
http://crl.comodoca0%Avira URL Cloudsafe
http://ocsp.com0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
feedback.wildix.com
3.64.145.227
truefalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://feedback.wildix.com/api/v1/Analytics/wiservicefalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://feedback.wildix.com/api/v1/Analytics/wiserviceappNamedataextextensionapppbxhostnameusercontewiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmpfalse
        		high
        https://dev.ditu.live.com/REST/v1/Routes/svchost.exe, 00000019.00000002.336907549.000002821163D000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 00000019.00000003.336606467.0000028211660000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashxsvchost.exe, 00000019.00000002.336907549.000002821163D000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://backtrace.wildix.com/api/v1/IntegrationService/Trace/pGwiservice.exe, 00000015.00000002.526256114.0000000001488000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://dev.ditu.live.com/REST/v1/Traffic/Incidents/svchost.exe, 00000019.00000002.336948474.000002821165C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336614965.000002821165A000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://t0.tiles.ditu.live.com/tiles/gensvchost.exe, 00000019.00000003.336575813.0000028211648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.336938385.000002821164E000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://dev.virtualearth.net/REST/v1/Routes/Walkingsvchost.exe, 00000019.00000003.336606467.0000028211660000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://backtrace.wildix.com/api/v1/IntegrationService/Trace/sysInfo.txtignored_processed_--dumpSendwiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmpfalse
                        		high
                        https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=svchost.exe, 00000019.00000002.336918393.0000028211642000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336651251.0000028211640000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://curl.haxx.se/docs/http-cookies.htmlwiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmpfalse
                            		high
                            https://dev.ditu.live.com/mapcontrol/logging.ashxsvchost.exe, 00000019.00000003.336606467.0000028211660000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://dev.ditu.live.com/REST/v1/Imagery/Copyright/svchost.exe, 00000019.00000003.336614965.000002821165A000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://dev.virtualearth.net/REST/v1/Transit/Schedules/svchost.exe, 00000019.00000002.336918393.0000028211642000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336651251.0000028211640000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://crl.comodocawiservice.exe, 0000001A.00000003.456532559.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456280842.0000000001493000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://backtrace.wildix.com/api/v1/IntegrationService/Trace//e0wiservice.exe, 0000001F.00000003.320239556.00000000014C1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001F.00000003.320322856.00000000014C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.bingmapsportal.comsvchost.exe, 00000019.00000002.336849459.0000028211613000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000019.00000002.336907549.000002821163D000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://ocsp.sectigo.com0.1:988wiservice.exe, 0000001A.00000003.456218960.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456485795.000000000146E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		low
                                        https://backtrace.wildix.com/api/v1/IntegrationService/Trace/wiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.526256114.0000000001488000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000003.320239556.00000000014C1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000003.320322856.00000000014C6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmpfalse
                                          		high
                                          https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashxsvchost.exe, 00000019.00000003.336606467.0000028211660000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#wiservice.exe, 0000001A.00000003.410666524.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000002.527466388.0000000001486000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501542333.0000000001450000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456250360.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456179043.0000000001451000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361812004.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456218960.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456485795.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.424191151.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501378884.00000000014A6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000002.526949432.0000000001452000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.424235111.0000000001476000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501589540.0000000001486000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361757994.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456375063.0000000001451000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501401647.0000000001450000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410543165.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.488723507.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501525875.00000000014A6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456513551.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501455907.0000000001486000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://sectigo.com/CPS0wiservice.exe, 0000001A.00000003.410666524.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000002.527466388.0000000001486000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501542333.0000000001450000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456250360.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456179043.0000000001451000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361812004.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.424191151.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501378884.00000000014A6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000002.526949432.0000000001452000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.424235111.0000000001476000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501589540.0000000001486000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361757994.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456375063.0000000001451000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501401647.0000000001450000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410543165.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.488723507.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501525875.00000000014A6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456513551.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501455907.0000000001486000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.488476902.0000000001453000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.467055385.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=svchost.exe, 00000019.00000003.336644255.0000028211645000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://ocsp.sectigo.com09wiservice.exe, 00000017.00000002.528477199.00000000041D0000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000017.00000002.528497117.00000000041D8000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.381124632.0000000001477000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410666524.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000002.527466388.0000000001486000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501542333.0000000001450000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456250360.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456179043.0000000001451000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361812004.0000000001493000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.424191151.000000000146E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501378884.00000000014A6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361770400.0000000001477000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000002.526949432.0000000001452000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456151572.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456523277.000000000148B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.381142482.0000000001479000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.410531742.0000000001482000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.361742957.0000000001487000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.424235111.0000000001476000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.456270353.000000000148B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.501370286.00000000014A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.gimp.orggwiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://dev.virtualearth.net/REST/v1/Routes/svchost.exe, 00000019.00000002.336907549.000002821163D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=svchost.exe, 00000019.00000003.307877117.0000028211631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?svchost.exe, 00000019.00000002.336948474.000002821165C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336651251.0000028211640000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336614965.000002821165A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://nsis.sf.net/NSIS_ErrorErrorSetupWIService.exe, 00000000.00000000.253380165.000000000040A000.00000008.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpfalse
                                                      		high
                                                      http://ocsp.sectigo.comwiservice.exe, 0000001A.00000003.501401647.0000000001450000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=svchost.exe, 00000019.00000002.336849459.0000028211613000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.336907549.000002821163D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://activity.windows.comtsvchost.exe, 00000014.00000002.522519332.00000298D083E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://%s.xboxlive.comsvchost.exe, 00000014.00000002.522519332.00000298D083E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		low
                                                        https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=svchost.exe, 00000019.00000003.336575813.0000028211648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.336938385.000002821164E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://dev.virtualearth.net/REST/v1/Locationssvchost.exe, 00000019.00000003.336606467.0000028211660000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=svchost.exe, 00000019.00000003.307877117.0000028211631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://dev.virtualearth.net/mapcontrol/logging.ashxsvchost.exe, 00000019.00000003.336606467.0000028211660000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=svchost.exe, 00000019.00000002.336948474.000002821165C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336614965.000002821165A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 00000019.00000002.336948474.000002821165C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336614965.000002821165A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://nsis.sf.net/NSIS_ErrorSetupWIService.exe, SetupWIService.exe, 00000000.00000000.253380165.000000000040A000.00000008.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                      		high
                                                                      https://dynamic.tsvchost.exe, 00000019.00000003.336644255.0000028211645000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336651251.0000028211640000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336614965.000002821165A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://ocsp.comwiservice.exe, 0000001A.00000003.467025367.00000000014A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 00000019.00000003.336606467.0000028211660000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://jimmac.musichall.czwiservice.exe, 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.284099252.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000000.299073344.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000013.00000002.315334409.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000000.303468768.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000015.00000002.524835794.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000017.00000000.306896832.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.524921094.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.315146393.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.316467326.00000000008C8000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000021.00000000.318015370.00000000008C8000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://t0.ssl.ak.tiles.virtualearth.net/tiles/gensvchost.exe, 00000019.00000003.307877117.0000028211631000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.336898752.000002821163A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=svchost.exe, 00000019.00000002.336948474.000002821165C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336614965.000002821165A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://activity.windows.comsvchost.exe, 00000014.00000002.522519332.00000298D083E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://dev.ditu.live.com/REST/v1/Locationssvchost.exe, 00000019.00000003.336606467.0000028211660000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://%s.dnet.xboxlive.comsvchost.exe, 00000014.00000002.522519332.00000298D083E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                		low
                                                                                https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 00000019.00000002.336948474.000002821165C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.336614965.000002821165A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=svchost.exe, 00000019.00000003.336614965.000002821165A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high

                                                                                    World Map of Contacted IPs

                                                                                    • No. of IPs < 25%
                                                                                    • 25% < No. of IPs < 50%
                                                                                    • 50% < No. of IPs < 75%
                                                                                    • 75% < No. of IPs

                                                                                    Public IPs

                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                    3.64.145.227
                                                                                    		feedback.wildix.comUnited States
                                                                                    		16509AMAZON-02USfalse

                                                                                    Private

                                                                                    IP
                                                                                    192.168.2.1
                                                                                    127.0.0.1

                                                                                    General Information

                                                                                    Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                    Analysis ID:775485
                                                                                    Start date and time:2022-12-29 16:06:00 +01:00
                                                                                    Joe Sandbox Product:CloudBasic
                                                                                    Overall analysis duration:0h 11m 24s
                                                                                    Hypervisor based Inspection enabled:false
                                                                                    Report type:full
                                                                                    Sample file name:SetupWIService.exe
                                                                                    Cookbook file name:default.jbs
                                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                    Number of analysed new started processes analysed:48
                                                                                    Number of new started drivers analysed:0
                                                                                    Number of existing processes analysed:0
                                                                                    Number of existing drivers analysed:0
                                                                                    Number of injected processes analysed:0
                                                                                    Technologies:
                                                                                    • HCA enabled
                                                                                    • EGA enabled
                                                                                    • HDC enabled
                                                                                    • AMSI enabled
                                                                                    Analysis Mode:default
                                                                                    Analysis stop reason:Timeout
                                                                                    Detection:MAL
                                                                                    Classification:mal48.troj.adwa.spyw.evad.winEXE@71/20@1/3
                                                                                    EGA Information:
                                                                                    • Successful, ratio: 33.3%
                                                                                    HDC Information:
                                                                                    • Successful, ratio: 85.2% (good quality ratio 83.9%)
                                                                                    • Quality average: 87.5%
                                                                                    • Quality standard deviation: 20.8%
                                                                                    HCA Information:Failed
                                                                                    Cookbook Comments:
                                                                                    • Found application associated with file extension: .exe

                                                                                    Warnings

                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com
                                                                                    • Execution Graph export aborted for target wiservice.exe, PID 3416 because there are no executed function
                                                                                    • Execution Graph export aborted for target wiservice.exe, PID 5472 because there are no executed function
                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                    Simulations

                                                                                    Behavior and APIs

                                                                                    TimeTypeDescription
                                                                                    16:07:11AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run WIService C:\Program Files (x86)\Wildix\WIService\WIService.exe
                                                                                    16:08:29API Interceptor1x Sleep call for process: MpCmdRun.exe modified

                                                                                    Joe Sandbox View / Context

                                                                                    IPs

                                                                                    No context

                                                                                    Domains

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                    feedback.wildix.comSetupWIService.exeGet hashmaliciousBrowse
                                                                                    • 54.93.167.246
                                                                                    SetupWIService.exeGet hashmaliciousBrowse
                                                                                    • 54.93.167.246
                                                                                    SetupWIService.exeGet hashmaliciousBrowse
                                                                                    • 35.157.107.60
                                                                                    SetupWIService.exeGet hashmaliciousBrowse
                                                                                    • 35.157.107.60

                                                                                    ASNs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                    AMAZON-02UShttps://www.hidrobal.net/c/blogs/find_entry?p_1_id=0&noSuchEntryRedirect=https://click.snapchat.com/aVHG?af_web_dp=https://data-feminism.mitpress.mit.edu//iscw.hu/usa/Get hashmaliciousBrowse
                                                                                    • 34.246.127.31
                                                                                    https://cym-rt-resources.s3-eu-west-1.amazonaws.com/Blindside.exeGet hashmaliciousBrowse
                                                                                    • 52.92.0.74
                                                                                    http://www.estevescaricaturas.com/Get hashmaliciousBrowse
                                                                                    • 13.224.103.104
                                                                                    EeC7Idn093.exeGet hashmaliciousBrowse
                                                                                    • 18.197.239.5
                                                                                    Payment_Confirmation_pdf.htmlGet hashmaliciousBrowse
                                                                                    • 13.224.103.67
                                                                                    https://1drv.ms/o/s!BDqukysqVsJyhDZCO8BJm2-s2I27?e=MmuF3jnYI0epuAADoZAuhg&at=9Get hashmaliciousBrowse
                                                                                    • 13.224.98.168
                                                                                    yBBiO6a8F4.elfGet hashmaliciousBrowse
                                                                                    • 52.79.204.122
                                                                                    6KAYQOZCoQ.elfGet hashmaliciousBrowse
                                                                                    • 18.175.238.173
                                                                                    SecuriteInfo.com.Win64.CrypterX-gen.10026.27258.exeGet hashmaliciousBrowse
                                                                                    • 76.223.105.230
                                                                                    https://lginddmm.darkmaster.shop/Get hashmaliciousBrowse
                                                                                    • 15.188.231.170
                                                                                    WCSetupv1.21.1023.18317_Upgrade.msi_malwareGet hashmaliciousBrowse
                                                                                    • 108.138.2.189
                                                                                    MYorfmVq9Z.exeGet hashmaliciousBrowse
                                                                                    • 54.217.118.81
                                                                                    nqJYyi2PgF.exeGet hashmaliciousBrowse
                                                                                    • 75.2.60.5
                                                                                    BESetupv1.20.111.24004_Upgrade.msi_malwareGet hashmaliciousBrowse
                                                                                    • 13.224.98.86
                                                                                    6zzjX9f2er.exeGet hashmaliciousBrowse
                                                                                    • 3.121.139.82
                                                                                    https://obaidani.lt.emlnk.com/Prod/link-tracker?notrack=1&redirectUrl=aHR0cHMlM0ElMkYlMkY1ZWppZW03aGllNzIzZXQ2Z2J3eW1rbXVkdHBtemxoN2M1djJ3bnRpbjRoMzUyZHlxLWlwZnMtdzNzLWxpbmsudHJhbnNsYXRlLmdvb2clMkYlM0ZfeF90cl9ocCUzRGJhZnliZWlkbGIlMjZfeF90cl9zbCUzRGF1dG8lMjZfeF90cl90bCUzRGVuJTI2X3hfdHJfaGwlM0Rlbi1VUyUyNl94X3RyX3B0byUzRHdhcHA=&sig=A1McGLM679HT6rRwjjaDccxK1YAkQUUhmW5K4NMXGRTe&iat=1671710008&a=%7C%7C612433256%7C%7C&account=obaidani%2Eactivehosted%2Ecom&email=hrDAW%2F183X7xunUZUCx6XPlMy%2BOWWuyaZunZiCXh6gI%3D&s=c7ffae626568a2ba1d0b1cfe9e48e5ad&i=7A9A1A22#randy@rms-companies.comGet hashmaliciousBrowse
                                                                                    • 3.126.56.137
                                                                                    Burlador ADB.exeGet hashmaliciousBrowse
                                                                                    • 52.67.16.71
                                                                                    http://tech-center.comGet hashmaliciousBrowse
                                                                                    • 3.6.51.58
                                                                                    file.exeGet hashmaliciousBrowse
                                                                                    • 3.5.134.125
                                                                                    http://us-dotbids.comGet hashmaliciousBrowse
                                                                                    • 3.248.100.224

                                                                                    JA3 Fingerprints

                                                                                    No context

                                                                                    Dropped Files

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                    C:\Users\user\AppData\Local\Temp\nsuBFA3.tmp\System.dllSetupWIService.exeGet hashmaliciousBrowse
                                                                                      SetupWIService.exeGet hashmaliciousBrowse
                                                                                        yENafYsHns.exeGet hashmaliciousBrowse
                                                                                          yENafYsHns.exeGet hashmaliciousBrowse
                                                                                            NFEP-CONFIDENTIALITY AGREEMENT(NDA).exeGet hashmaliciousBrowse
                                                                                              NFEP-CONFIDENTIALITY AGREEMENT(NDA).exeGet hashmaliciousBrowse
                                                                                                07aTSiH01G.exeGet hashmaliciousBrowse
                                                                                                  07aTSiH01G.exeGet hashmaliciousBrowse
                                                                                                    Shipment Document BLINV and packing list.jpg.exeGet hashmaliciousBrowse
                                                                                                      Shipment Document BLINV and packing list.jpg.exeGet hashmaliciousBrowse
                                                                                                        ENQ2957387940 xlsx.scr.exeGet hashmaliciousBrowse
                                                                                                          ENQ2957387940 xlsx.scr.exeGet hashmaliciousBrowse
                                                                                                            DOC85945003805010 PDF.exeGet hashmaliciousBrowse
                                                                                                              DOC85945003805010 PDF.exeGet hashmaliciousBrowse
                                                                                                                OUTSTANDING PI#220800035 SOA OCT.exeGet hashmaliciousBrowse
                                                                                                                  OUTSTANDING PI#220800035 SOA OCT.exeGet hashmaliciousBrowse
                                                                                                                    RFQ NO # 577131022.pif.exeGet hashmaliciousBrowse
                                                                                                                      RFQ NO # 577131022.pif.exeGet hashmaliciousBrowse
                                                                                                                        PO-57064.scr.exeGet hashmaliciousBrowse
                                                                                                                          STATEMENT OF ACCOUNTS - SEPTEMBER 2022.exeGet hashmaliciousBrowse

                                                                                                                            Created / dropped Files

                                                                                                                            C:\Program Files (x86)\Wildix\WIService\proxyex.lnk

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Tue Jul 7 09:43:58 2020, mtime=Thu Dec 29 23:07:20 2022, atime=Tue Jul 7 09:43:58 2020, length=7814576, window=hide
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1143
                                                                                                                            Entropy (8bit):4.66894370869141
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:8x7o9rMJVdOEr2sApfyMFXdBvUUsOggs7aB6m:8V4rYVdOVr5ycdS15uB6
                                                                                                                            MD5:D39C503A0708169F24ED8EDD0FFEEBC7
                                                                                                                            SHA1:06280FC57CE7ACA9820B13949A6E22211E95DD23
                                                                                                                            SHA-256:B6BE54093AE1ED3C3F4C4A6C99E25E9F35ED724D386A7FC8FBBDC6CE107C85FA
                                                                                                                            SHA-512:5AEFFAE4BDE172B209829311FEFAEA8970EDB919F13AB688D058B1A784E63FAFE590E2DF452E9DC830C6F6865DD45722234D253536A6BA654AA3367CC9831F06
                                                                                                                            Malicious:false
                                                                                                                            Preview:L..................F.... .....KT...,.......KT...=w..........................P.O. .:i.....+00.../C:\.....................1......U....PROGRA~2.........L..U......................V.......%.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....T.1......U....Wildix..>......U...U......?S......................%.W.i.l.d.i.x.....\.1......U....WISERV~1..D......U...U......ZT....................A...W.I.S.e.r.v.i.c.e.....h.2..=w..P}U .WISERV~1.EXE..L.......P}U.U......_T........................w.i.s.e.r.v.i.c.e...e.x.e.......d...............-.......c...................C:\Program Files (x86)\Wildix\WIService\wiservice.exe......\.w.i.s.e.r.v.i.c.e...e.x.e.'.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e...-.-.p.r.o.x.y.e.x.........*................@Z|...K.J.........`.......X.......494126...........!a..%.H.VZAj.................-..!a..%.H.VZAj.................-.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.

                                                                                                                            C:\Program Files (x86)\Wildix\WIService\resources\cdr.db

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3025001, page size 1024, file counter 3238, database pages 1081, cookie 0x1c0, schema 4, UTF-8, version-valid-for 3238
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1106944
                                                                                                                            Entropy (8bit):6.241085330769342
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:Z012wYTfqBoW+X3wUfJ0HORmsi18vFZrutsPdBx5G59IdYb6Vb3ysZOOdFkUtet9:LTSoW+68Wkdl3CcbCROdF2w8dXSMJYU
                                                                                                                            MD5:C640C0C1357E16FCBCBB318D13F5D608
                                                                                                                            SHA1:B695D1D3CBAA0A48D99D17F32368B22CCF4ACBD7
                                                                                                                            SHA-256:6C78F1E3CE4F0D69A60EBA69590CC971AFDD91959B0F6B50BCC1FBB4C55C2149
                                                                                                                            SHA-512:2C2869560312F2510CFE008167581C0051EA8C733B368E15DC7B379312350BBC12FE127D925BD6A5AF92151197E24DC343B73B8B80E06BC06A92B67E6D06ED00
                                                                                                                            Malicious:false
                                                                                                                            Preview:SQLite format 3......@ .......9..................................................................(i...........9...............................................................................................................n...%%...tableEVENTS_STATSEVENTS_STATS.CREATE TABLE EVENTS_STATS (...ID INTEGER NOT NULL,...DAY INTEGER NOT NULL,...DATE DATE NOT NULL,...MIN_ID INTEGER NOT NULL,...MAX_ID INTEGER NOT NULL,...COMPLETE TINYINT NOT NULL,...PRIMARY KEY (ID)..).f...++...tableCOUNTRIES_AREASCOUNTRIES_AREAS.CREATE TABLE COUNTRIES_AREAS (...ID INTEGER NOT NULL,...COUNTRY_ID SMALLINT NOT NULL,...NAME VARCHAR(255) NOT NULL,...NUMBER VARCHAR(255) NOT NULL,...LENGTH TINYINT,...PRIMARY KEY (ID)..)."........tableCOUNTRIESCOUNTRIES.CREATE TABLE COUNTRIES (...ID INTEGER NOT NULL,...NAME VARCHAR(255) NOT NULL,...NUMBER VARCHAR(255) NOT NULL,...PRIMARY KEY (ID)..). ........tableCLASSESCLASSES.CREATE TABLE CLASSES (...ID INTEGER NOT NULL,...NAME VARCHAR(255) NOT NULL,...NAME_LOWER VARC...D;...87...+,.

                                                                                                                            C:\Program Files (x86)\Wildix\WIService\scripts\lib\helper.lua

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):4264
                                                                                                                            Entropy (8bit):4.37287852392456
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:ZS5IxN5WrgEzyhppc4YhQd5b7cIFE6EcGy4Pk8MR:ZS5IYrnyhppc4YhQdNE6E3y4Pk8MR
                                                                                                                            MD5:96BDBA14808F30F48E1D4EE652EB9270
                                                                                                                            SHA1:DF0D0594FC1998BD3BF77B3873F48C9BEA7A84E5
                                                                                                                            SHA-256:BC9DD31AEFBD62AD72C4190694BCA225C90845E7E7FB112CCAE6C5F49A0578AF
                                                                                                                            SHA-512:BDF9E755ED309567F54E795E66D7DB60E52236BA99C4B14988335784C68970BDEE9FA5F12621E8C0045B81967CE4788C8211A8771D282F42211BE717DCF081E0
                                                                                                                            Malicious:false
                                                                                                                            Preview:function get_data_dir().. return wis_get_writable_dir()..end....function split(str, pat).. local str = str or "".... if stdnse ~= nil then.. return stdnse.strsplit(pat, str).. end.... local t = {} -- NOTE: use {n = 0} in Lua-5.0.. local fpat = "(.-)" .. pat.. local last_end = 1.. local s, e, cap = tostring(str):find(fpat, 1).. .. while s do.. if s ~= 1 or cap ~= "" then.. table.insert(t,cap).. end.. .. last_end = e + 1.. s, e, cap = str:find(fpat, last_end).. end.. .. if last_end <= #str then.. cap = str:sub(last_end).. table.insert(t, cap).. end.. .. return t..end....--- Deep copy of a given table..-- @param object A table to be copied..-- @return object A copy of a given table..function tcopy (object).. local lookup_table = {}.. local function _copy(object).. if type(object) ~= "table" then.. return object.. elseif lookup_table[object] then.. return lookup

                                                                                                                            C:\Program Files (x86)\Wildix\WIService\scripts\lib\json.lua

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                            File Type:ASCII text
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):10021
                                                                                                                            Entropy (8bit):4.876845410125218
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:2PrQH4Uz6TQ8AcK4vA5KIGkPTB6UXZPek2phPqTWgObsprgtUlId5XsapwBsgrEN:urnUz6TQ8A94+GkrB60ZPezHb/gIXXse
                                                                                                                            MD5:A85072B5AC6C4021232A7A69C2542F80
                                                                                                                            SHA1:6F7CD3DBEA4CC4A8F591D4E642425945A92FC24F
                                                                                                                            SHA-256:23F8986B692505C186E97304F0B0371A8B1C69BBEFD3537B6D5B04A84644C7C4
                                                                                                                            SHA-512:F2321CDCDF7A059EA59E3E6B77D6FFEC9A035250846B9394893D86FC21516A35E135CCE5A9B0003EF0CD2481E68FE3EED91D3F2A9EA091DFFC2CA1C58BB10788
                                                                                                                            Malicious:false
                                                                                                                            Preview:--.-- json.lua.--.-- Copyright (c) 2019 rxi.--.-- Permission is hereby granted, free of charge, to any person obtaining a copy of.-- this software and associated documentation files (the "Software"), to deal in.-- the Software without restriction, including without limitation the rights to.-- use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies.-- of the Software, and to permit persons to whom the Software is furnished to do.-- so, subject to the following conditions:.--.-- The above copyright notice and this permission notice shall be included in all.-- copies or substantial portions of the Software..--.-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.-- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.-- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.-- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.-- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR

                                                                                                                            C:\Program Files (x86)\Wildix\WIService\scripts\workers\cdrview.lua

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):9915
                                                                                                                            Entropy (8bit):4.9141725051952205
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:SaXVNVsuLLnEwnQYYV+kkizaCpcJ1tYJV3zho7ylcPe4/HewEIG4Lf4StXweHKcJ:LVsuLLnEwQm4o7ylQ+ZzqZAepcr6erYp
                                                                                                                            MD5:5AA940C070C899AAD7649509D75B4761
                                                                                                                            SHA1:3D5BFC13032E6C9FE49C29F3439F1EF8431E249B
                                                                                                                            SHA-256:91711BC1A9C62FB470F066DB838CAC1F2FFEA291C33F4FA8BCFCEF86D3DFCD57
                                                                                                                            SHA-512:A9A671C488EB319DBB6BE46FD61C09ED988D025565BFD02144BAD1113122FC3B857CBCBC78BBBA829D93AF8FF6CF268CE32B9AF83B8676BB6220805CDC5DC608
                                                                                                                            Malicious:false
                                                                                                                            Preview:require "lfs"..require "helper"....json = require "json"..sqlite3 = require "sqlite3"....cdrview = {.. version = "1.0.5",.. con = nil,.. env = nil,.. dbDirName = wis_join_path(get_data_dir(), "cdr"),.. dbFileName = "cdr_%s_%s_%s.db",.. dbSerial = "",.. dbVersion = "",.. dbFile = ""..}....function cdrview.get_connection(self).. if self.con == nil then.. self.env = sqlite3.sqlite3().. self.con, error = self.env:connect(self.dbFile, 2000).. .. if (self.con == nil) then.. return nil, error.. end.. .. self.con:execute("PRAGMA synchronous = OFF").. self.con:execute("PRAGMA cache_size = 20000").. self.con:execute("PRAGMA temp_store = MEMORY").. end.... return self.con, error..end....function cdrview.close_connection(self).. if self.con ~= nil then.. self.con:close().. self.env:close().. self.env = nil.. self.con = nil.. end..end....function cdrview.init_database

                                                                                                                            C:\Program Files (x86)\Wildix\WIService\uninstall.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):329213
                                                                                                                            Entropy (8bit):2.480616162610146
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:hXoKlnzpMyqDQ+IJDDctJUX0DKR+cagfzIWLU/APNlewgteU:VomnzVincQDKgcaqzIW4ASD
                                                                                                                            MD5:36FBAFFA487685FD1A2D22F16387B7E9
                                                                                                                            SHA1:C7056A8AA58CC61B0DBF01D3D443A09456267197
                                                                                                                            SHA-256:32F07C26C57FAD7E762B582A25C758E1AB28F7ED3D093304C5C290829F0AA267
                                                                                                                            SHA-512:2F41427FBE2F9E0CC098C60081416EB6E07C734EADA954D468A8E24E82DB236F7BE6083B73CBF152CB73960CF5CC6C45B76194C4FA36911BB5E74DAE3208F904
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..F..F..F.*....F..G.w.F.*....F..v..F...@..F.Rich.F.........PE..L......].................d...|......k2............@..........................P......R%C...@.................................<...........Xp...........B..!...........................................................................................text....b.......d.................. ..`.rdata..J............h..............@..@.data....U...........|..............@....ndata...................................rsrc...Xp.......r..................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Wildix\WIService\wildix.ico

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                            File Type:MS Windows icon resource - 4 icons, 256x256, 32 bits/pixel, 48x48, 32 bits/pixel
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):285478
                                                                                                                            Entropy (8bit):1.250692577349461
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:KVNjbVfkrTPIfJO4u66nfrCF+b5hO4Mn2peV:0m/YJO46nfWF+bWt2C
                                                                                                                            MD5:1642F550F6A94F846345818E6233F3C1
                                                                                                                            SHA1:655CEB82A153E33E7B5217EE7E8A55D3572EAEF7
                                                                                                                            SHA-256:9D5CDBC8FCF572F907EB052557DA7253972DA20205279E7DF64E49C5C2B42038
                                                                                                                            SHA-512:9670F4F1A838D14696F41A65445C862F988D60A6EB836028C1D5672160E9C326BD800C828A3F9C768D2D5D965CF86E72CEC08CF58DC29624CE2E454FD6638713
                                                                                                                            Malicious:false
                                                                                                                            Preview:............ .( ..F...00.... ..%..n .. .... ......F........ .h....V..(............. ...... ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Wildix\WIService\wiservice.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):7814576
                                                                                                                            Entropy (8bit):6.636077386211362
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:98304:zDqc3ZkCqCCwIvsRq8LwSPg9TFj618F693ZGVJj0As6ZlCZ/mGtw6p+gEWBtT4x+:zOSCF0DwPTFj618F6L7fAGtw8+gH0MnT
                                                                                                                            MD5:723F23EEFB213A23959A28D1ED11D42D
                                                                                                                            SHA1:F791E99DA7185C00F365D2C91EE74099C16FDA8E
                                                                                                                            SHA-256:A460E0D19266D3FED117D27C9ABD9BFE6AC7366EEBB19BB9D22A96D3A9CA8558
                                                                                                                            SHA-512:7ACE5F760193FA56072517FD6E2E8D3FD834F352BBCD3CB66F117CBB3B1007017FF4DCC605AA1833C3C99141A05E0896B3B49C04B1BF1090E983F350E62B8B4A
                                                                                                                            Malicious:true
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........b..............-!..............................................T.......(...........u...(...]..........................Rich............................PE..L....Q._.................lU..2M.......P.......U...@..................................w...@.................................(ok.........b............w..!...`...n....e.p.....................e.....@.e.@.............U..............................text...TkU......lU................. ..`.rdata...a....U..b...pU.............@..@.data.....,...k..v....k.............@....rsrc....b......d...Hm.............@..@.reloc...n...`...p....q.............@..B................................................................................................................................................................................................................................................

                                                                                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnk

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu Dec 29 23:07:09 2022, mtime=Thu Dec 29 23:07:09 2022, atime=Thu Dec 29 23:07:09 2022, length=329213, window=hide
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2131
                                                                                                                            Entropy (8bit):3.469700680951828
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:8egCMJVdOEr2f5XApfyMxdBT/dB5dBTrFDUUsJg7s7aB6m:8egCYVdOVf5w5yQdF/dPdFrF41i1B6
                                                                                                                            MD5:0D35018915D7033567D563F23116F0C3
                                                                                                                            SHA1:E4315035CB76C62F5D36E5994244C0320DEB216D
                                                                                                                            SHA-256:97AD07C6D9D14E59406E812E85EF59EEE44309F6C79446947F9707A1742A37CC
                                                                                                                            SHA-512:175F91B0A90E4A3AAB656546679AF69917854340FD00071DEA7005EE390D67DADFBDF4ACABD78D099E11C9AD7C24FF9DA854B1FD046045706E39881A0A92B9FE
                                                                                                                            Malicious:false
                                                                                                                            Preview:L..................F.@.. ....@&.......(.......(..................................P.O. .:i.....+00.../C:\.....................1......U....PROGRA~2.........L..U......................V.......%.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....T.1......U....Wildix..>......U...U......?S......................%.W.i.l.d.i.x.....\.1......U....WISERV~1..D......U...U......ZT....................A...W.I.S.e.r.v.i.c.e.....h.2......U.. .UNINST~1.EXE..L......U...U...... .....................z...u.n.i.n.s.t.a.l.l...e.x.e.......d...............-.......c...................C:\Program Files (x86)\Wildix\WIService\uninstall.exe..G.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.u.n.i.n.s.t.a.l.l...e.x.e.'.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.5.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.u.n.i.n.s.t.a.l.l...e.x.e.........%Pr

                                                                                                                            C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (2494), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2494
                                                                                                                            Entropy (8bit):5.246305083360714
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:cAn/TLtfGgzmQLeUp/B8HVFSkC9+TTafs:pTLtf9zmQ8skAs
                                                                                                                            MD5:50A872F5B1DBC061D121B0B1BFFC2249
                                                                                                                            SHA1:B060528EBE84D6429F0F10C4AABF32BC37E4C668
                                                                                                                            SHA-256:4E87052CC7A7897857C8A6E6FDDFB71EB97A8B3C08188A12198E9D80CB89F264
                                                                                                                            SHA-512:DA27D3C084F75819FB6B9C90108389F2B20DAE5D2494CAB6BD4F325B7E977732AEE37D0CFB89C4CE85A3399E672B8A484A7270BDABCC1B6C05C75073CFA904C7
                                                                                                                            Malicious:false
                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8"?><updateStore><sessionVariables><permanent><AUOptions dataType="3">1</AUOptions><AllowMUUpdateService dataType="3">0</AllowMUUpdateService><AreUpdatesPausedByPolicy dataType="11">False</AreUpdatesPausedByPolicy><AttentionRequiredReason dataType="19">0</AttentionRequiredReason><CurrentState dataType="19">1</CurrentState><FirstScanAttemptTime dataType="21">132399969272148706</FirstScanAttemptTime><FlightEnabled dataType="3">0</FlightEnabled><LastError dataType="19">0</LastError><LastErrorState dataType="19">0</LastErrorState><LastErrorStateType dataType="11">False</LastErrorStateType><LastMeteredScanTime dataType="21">132399969272304939</LastMeteredScanTime><LastScanAttemptTime dataType="21">132399969272148706</LastScanAttemptTime><LastScanDeferredReason dataType="19">1</LastScanDeferredReason><LastScanDeferredTime dataType="21">133051593686244000</LastScanDeferredTime><LastScanFailureError dataType="3">-2147023838</LastScanFailureError><LastScanFailu

                                                                                                                            C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (2494), with no line terminators
                                                                                                                            Category:modified
                                                                                                                            Size (bytes):2494
                                                                                                                            Entropy (8bit):5.246305083360714
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:cAn/TLtfGgzmQLeUp/B8HVFSkC9+TTafs:pTLtf9zmQ8skAs
                                                                                                                            MD5:50A872F5B1DBC061D121B0B1BFFC2249
                                                                                                                            SHA1:B060528EBE84D6429F0F10C4AABF32BC37E4C668
                                                                                                                            SHA-256:4E87052CC7A7897857C8A6E6FDDFB71EB97A8B3C08188A12198E9D80CB89F264
                                                                                                                            SHA-512:DA27D3C084F75819FB6B9C90108389F2B20DAE5D2494CAB6BD4F325B7E977732AEE37D0CFB89C4CE85A3399E672B8A484A7270BDABCC1B6C05C75073CFA904C7
                                                                                                                            Malicious:false
                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8"?><updateStore><sessionVariables><permanent><AUOptions dataType="3">1</AUOptions><AllowMUUpdateService dataType="3">0</AllowMUUpdateService><AreUpdatesPausedByPolicy dataType="11">False</AreUpdatesPausedByPolicy><AttentionRequiredReason dataType="19">0</AttentionRequiredReason><CurrentState dataType="19">1</CurrentState><FirstScanAttemptTime dataType="21">132399969272148706</FirstScanAttemptTime><FlightEnabled dataType="3">0</FlightEnabled><LastError dataType="19">0</LastError><LastErrorState dataType="19">0</LastErrorState><LastErrorStateType dataType="11">False</LastErrorStateType><LastMeteredScanTime dataType="21">132399969272304939</LastMeteredScanTime><LastScanAttemptTime dataType="21">132399969272148706</LastScanAttemptTime><LastScanDeferredReason dataType="19">1</LastScanDeferredReason><LastScanDeferredTime dataType="21">133051593686244000</LastScanDeferredTime><LastScanFailureError dataType="3">-2147023838</LastScanFailureError><LastScanFailu

                                                                                                                            C:\ProgramData\Wildix\WIService\wwdsettings.json

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                                                                            File Type:JSON data
                                                                                                                            Category:modified
                                                                                                                            Size (bytes):127
                                                                                                                            Entropy (8bit):4.534660063797104
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:iX0p16O9JZvAJHf9KDyLIInpZNXtAi7T2S1QA:00p4GsVK+EyxyaqS1z
                                                                                                                            MD5:A87C7F43F89043A6E62A901A07630B9E
                                                                                                                            SHA1:F6F20EFDABF8DBBA41B92996685EB4D899BFFE77
                                                                                                                            SHA-256:4DE8611CB7B459A3E4097777B77EF2B1A52F93A65F16D04B22738C8503577D11
                                                                                                                            SHA-512:7EDF34CE40D3175E5AB58E07CDE979D795ABEA716439718A551977D5F0D5EF4EF4CDE30132F63E8A0C1B18D31054DD57D8DC58690EA2116E1FBAE556FC5C0AA6
                                                                                                                            Malicious:false
                                                                                                                            Preview:{. "garbage_lifespan_days": 30,. "log_level": "info",. "log_system": true,. "log_verbose": false,. "version": "2.15.2.1".}

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsuBFA3.tmp\System.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):11776
                                                                                                                            Entropy (8bit):5.854901984552606
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:qPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4U:F7VpNo8gmOyRsVc4
                                                                                                                            MD5:0063D48AFE5A0CDC02833145667B6641
                                                                                                                            SHA1:E7EB614805D183ECB1127C62DECB1A6BE1B4F7A8
                                                                                                                            SHA-256:AC9DFE3B35EA4B8932536ED7406C29A432976B685CC5322F94EF93DF920FEDE7
                                                                                                                            SHA-512:71CBBCAEB345E09306E368717EA0503FE8DF485BE2E95200FEBC61BCD8BA74FB4211CD263C232F148C0123F6C6F2E3FD4EA20BDECC4070F5208C35C6920240F0
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Joe Sandbox View:
                                                                                                                            • Filename: SetupWIService.exe, Detection: malicious, Browse
                                                                                                                            • Filename: SetupWIService.exe, Detection: malicious, Browse
                                                                                                                            • Filename: yENafYsHns.exe, Detection: malicious, Browse
                                                                                                                            • Filename: yENafYsHns.exe, Detection: malicious, Browse
                                                                                                                            • Filename: NFEP-CONFIDENTIALITY AGREEMENT(NDA).exe, Detection: malicious, Browse
                                                                                                                            • Filename: NFEP-CONFIDENTIALITY AGREEMENT(NDA).exe, Detection: malicious, Browse
                                                                                                                            • Filename: 07aTSiH01G.exe, Detection: malicious, Browse
                                                                                                                            • Filename: 07aTSiH01G.exe, Detection: malicious, Browse
                                                                                                                            • Filename: Shipment Document BLINV and packing list.jpg.exe, Detection: malicious, Browse
                                                                                                                            • Filename: Shipment Document BLINV and packing list.jpg.exe, Detection: malicious, Browse
                                                                                                                            • Filename: ENQ2957387940 xlsx.scr.exe, Detection: malicious, Browse
                                                                                                                            • Filename: ENQ2957387940 xlsx.scr.exe, Detection: malicious, Browse
                                                                                                                            • Filename: DOC85945003805010 PDF.exe, Detection: malicious, Browse
                                                                                                                            • Filename: DOC85945003805010 PDF.exe, Detection: malicious, Browse
                                                                                                                            • Filename: OUTSTANDING PI#220800035 SOA OCT.exe, Detection: malicious, Browse
                                                                                                                            • Filename: OUTSTANDING PI#220800035 SOA OCT.exe, Detection: malicious, Browse
                                                                                                                            • Filename: RFQ NO # 577131022.pif.exe, Detection: malicious, Browse
                                                                                                                            • Filename: RFQ NO # 577131022.pif.exe, Detection: malicious, Browse
                                                                                                                            • Filename: PO-57064.scr.exe, Detection: malicious, Browse
                                                                                                                            • Filename: STATEMENT OF ACCOUNTS - SEPTEMBER 2022.exe, Detection: malicious, Browse
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L......]...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsuBFA3.tmp\modern-header.bmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                            File Type:PC bitmap, Windows 3.x format, 165 x 57 x 24, image size 28272, resolution 2835 x 2835 px/m, cbSize 28326, bits offset 54
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):28326
                                                                                                                            Entropy (8bit):2.5710862958427496
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:R5ZzmIhanXqiRFlbiRoXt7m4ju119MiieiK35JW0U1JIhuauz3A:R5Zz5QX1FtiRytSEu9Miiq5JW9IhuBQ
                                                                                                                            MD5:EE5DCD5040C0616D92FA8E7A3344D455
                                                                                                                            SHA1:D2A13B9E9965C99E9637FFE0CFDC54A791B0944D
                                                                                                                            SHA-256:DAA94974E168B4D92C281BA0B774390C9E052833926E22929CD5A4569A0ECB97
                                                                                                                            SHA-512:23CB22368B444E00EE5EAC5D86427801312550A1ACDF5652756A88205A32E862D9D636877323AA6503DA660107305036AFE7E7C79B9586160362E50AD138DB68
                                                                                                                            Malicious:false
                                                                                                                            Preview:BM.n......6...(.......9...........pn....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsuBFA3.tmp\nsExec.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):6656
                                                                                                                            Entropy (8bit):5.150852446596736
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:4BNbUVOFvfcxEAxxxJzxLp+eELeoMEskzYzeHd0+uoyVeNSsX4:EUVOFvf9ABJFHE+FkEad0PLVeN
                                                                                                                            MD5:293165DB1E46070410B4209519E67494
                                                                                                                            SHA1:777B96A4F74B6C34D43A4E7C7E656757D1C97F01
                                                                                                                            SHA-256:49B7477DB8DD22F8CF2D41EE2D79CE57797F02E8C7B9E799951A6C710384349A
                                                                                                                            SHA-512:97012139F2DA5868FE8731C0B0BCB3CFDA29ED10C2E6E2336B504480C9CD9FB8F4728CCA23F1E0BD577D75DAA542E59F94D1D341F4E8AAEEBC7134BF61288C19
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........PE..L......]...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\Wildix\WIService\wiscfg.txt

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):51
                                                                                                                            Entropy (8bit):3.8279202393045604
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:z0NcDdvRfsd7E0doD0dcUy:wNcDTkd7ZoAe
                                                                                                                            MD5:972AA5C4C9155F54D596404A41F7B397
                                                                                                                            SHA1:3AA6356CE61A99F836C334733A14C27C24CE90D4
                                                                                                                            SHA-256:B7F80383257471F6B123595AD2D15FE0497A8E67F6B39039B8D0FB004B42F3EC
                                                                                                                            SHA-512:8F454344984D62152CB70679D9F5BEBA28892821EF876193CD8754D89C3A6569D64267DD671257C874E4D5DCA6AFFA9F8A64BB39301D0C3A75E96DBD8F03A52A
                                                                                                                            Malicious:false
                                                                                                                            Preview:websocket:8888;hi:9889;ss:9888;oa:9890;lotus:9891..

                                                                                                                            C:\Users\user\AppData\Roaming\Wildix\WIService\wissettings.json

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                                                                            File Type:JSON data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):578
                                                                                                                            Entropy (8bit):4.825023235707763
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Jh0vpUU2JEGtUwX4v9WYVKu06NE5pMpjSm1F2:JMZWIvr8H5nm1F2
                                                                                                                            MD5:DE31C2A4965FE35BEA4EF7D7340E8210
                                                                                                                            SHA1:47CCFB088F4E1DEAD9DF69F08D32F0649DC78747
                                                                                                                            SHA-256:17645E25C43B5DD1280AD5F2B62877A424A9D25EE9C6A007CB630B0F3A284BE3
                                                                                                                            SHA-512:3272A987BF29169C14883682D3F04F0694578C3620FD3F36D707AE2BC2A8FF0838247F1194006ACF31B092F2FF5CD6CC5C2A7EA56792E8910E9C0AA7A6EF91AE
                                                                                                                            Malicious:false
                                                                                                                            Preview:{. "activityDetection": {. "enable": false,. "interval": 0. },. "activity_detection_force_disable": false,. "authorizedApps": null,. "connection_issue": "none",. "ext": "",. "garbage_lifespan_days": 14,. "http_max_threads": 4,. "http_min_threads": 1,. "log_level": "info",. "log_max_kb": 10240,. "log_str": "61rlumDUCm2oR2ueMSHAkMLlQNs2jzSG",. "log_system": false,. "log_traffic": false,. "log_verbose": false,. "lua_max_threads": 8,. "lua_min_threads": 2,. "pbx": "",. "version": "2.15.2.1",. "whitelist": null,. "ws_check_port_before_listen": true.}

                                                                                                                            C:\Windows\Logs\waasmedic\waasmedic.20221230_000728_236.etl

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):8192
                                                                                                                            Entropy (8bit):2.74257629066312
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:K18zr52q+WKlb7kUkb7kEpfb7klrb7ksb7kbIl9lCb7k0tplOb7k1b7k/b7kwrbH:x2bVl0Uk0y0d0s0U9I0ClO010/0o09O
                                                                                                                            MD5:B6899D9B58C50743B651A031377F76A4
                                                                                                                            SHA1:A207EBE07268679D146AC63B25F231EC20833E04
                                                                                                                            SHA-256:8E7C90003BA71AFB2B24CD57973153F9A7F5C483B8AEB050F99CCA5A1A650F57
                                                                                                                            SHA-512:D873B038481A1A39CB3AFCF02DE70F9A310C86FDF7277BA302EE785E9863055E170303D0714A8314799F15B17B1D4D826C74113025E191F7B1584BC55DD52411
                                                                                                                            Malicious:false
                                                                                                                            Preview:....................................................!............................................................B..............Zb....... ..........................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1.............................................................WW...... .....................E.C.C.B.1.7.5.F.-.1.E.B.2.-.4.3.D.A.-.B.F.B.5.-.A.8.D.5.8.A.4.0.A.4.D.7...C.:.\.W.i.n.d.o.w.s.\.l.o.g.s.\.w.a.a.s.m.e.d.i.c.\.w.a.a.s.m.e.d.i.c...2.0.2.2.1.2.3.0._.0.0.0.7.2.8._.2.3.6...e.t.l.............P.P.............................................................................9.B.........17134.1.amd64fre.rs4_release.180410-1804............5.@.........OYo."(.s..O........WaaSMedicSvc.pdb............................................................................................................................................................................................................................

                                                                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                            Category:modified
                                                                                                                            Size (bytes):10874
                                                                                                                            Entropy (8bit):3.164802014022913
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:cY+38+DJl+ibJ6+ioJJ+i3N+WtT+E9tD+Ett3d+E3z5+6I3+zJq+V:j+s+v+b+P+m+0+Q+q+q+73+zw+V
                                                                                                                            MD5:69480CF2126743B037EC833F8EEEC478
                                                                                                                            SHA1:10C2F5B2760E3FFCBF240A6D87C620EE7F6E7FC7
                                                                                                                            SHA-256:7A738F476BA29AB2D23A00CEDA16294F1474EA7950EA905F0373AADDFEA797F3
                                                                                                                            SHA-512:C2B3F16E5BB047FA2557EE4FC7EE89AEEC18A0189D0E5D744D731884EA01D11FA319C97FF4BC6448D36EAC40ED72715DD9152CC88593841BD181D0F23773CADF
                                                                                                                            Malicious:false
                                                                                                                            Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. T.h.u. .. J.u.n. .. 2.7. .. 2.0.1.9. .0.1.:.2.9.:.4.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....E.R.R.O.R.:. .M.p.W.D.E.n.a.b.l.e.(.T.R.U.E.). .f.a.i.l.e.d. .(.8.0.0.7.0.4.E.C.).....M.p.C.m.d.R.u.n.:. .E.n.d. .T.i.m.e.:. .. T.h.u. .. J.u.n. .. 2.7. .. 2.0.1.9. .0.1.:.2.9.:.4.9.....-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.............-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

                                                                                                                            C:\Windows\System32\drivers\etc\hosts

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                                                                            File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                            Category:modified
                                                                                                                            Size (bytes):857
                                                                                                                            Entropy (8bit):4.712765723284222
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTto:vDZhyoZWM9rU5fFcr
                                                                                                                            MD5:9AC77B45979A66F73EDB70B72908A616
                                                                                                                            SHA1:8B22CFA695F10D31B8300C06790B728A4E209324
                                                                                                                            SHA-256:A7777E702D4BEAD5529BFC2D026BFA2088BB64A5504DAFB57EF308CE92469E20
                                                                                                                            SHA-512:C01644C1C13F7126ED455D76A63CD3CEEB314D74265256B07AC7120F6DA512B1B632D4F21167B9E8C7AD106F75D1F20809A7B129BE6871441F8F3FF6A390CFFF
                                                                                                                            Malicious:true
                                                                                                                            Preview:# Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost...127.0.0.1..wildixintegration.eu.

                                                                                                                            Static File Info

                                                                                                                            General

                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                            Entropy (8bit):7.835913460840649
                                                                                                                            TrID:
                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                            File name:SetupWIService.exe
                                                                                                                            File size:4383096
                                                                                                                            MD5:1927469a9b3fe32f0a7c8216f444bf7c
                                                                                                                            SHA1:4f67b5dd3d3388fa4f6af3b0bb629778c27ee94c
                                                                                                                            SHA256:88c12a9f7e73f96f292fb0ca2b34c86b6d2eae652c5c1169ecc29941937d7d81
                                                                                                                            SHA512:8d0ce9d76c838812840b71b484678663b77ddec5f2876aa3de4d7010bc71a1832a17b6a3f82d113cd892ad8d502a287b051db07b321e08ccc241259ca164e473
                                                                                                                            SSDEEP:49152:FuJDiUob4l/1DjRRFBY+QCRqrjsvLMx0+QgoPfjM8MwqFcwlh+A+l4gJ/PftpQTJ:FuJ2UobOjFBX690jM79Fc0hp+pPfkw49
                                                                                                                            TLSH:CB1623959924C896DD1230F189B6A5FCB3E1DC952E387C22466773CD3E76EC2E037688
                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.w.F.*.....F...v...F...@...F.Rich..F.........PE..L......].................d...|......k2............@

                                                                                                                            File Icon

                                                                                                                            Icon Hash:1031b3aaaaccccc9

                                                                                                                            Static PE Info

                                                                                                                            General

                                                                                                                            Entrypoint:0x40326b
                                                                                                                            Entrypoint Section:.text
                                                                                                                            Digitally signed:true
                                                                                                                            Imagebase:0x400000
                                                                                                                            Subsystem:windows gui
                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                            Time Stamp:0x5DF6D4F0 [Mon Dec 16 00:50:56 2019 UTC]
                                                                                                                            TLS Callbacks:
                                                                                                                            CLR (.Net) Version:
                                                                                                                            OS Version Major:4
                                                                                                                            OS Version Minor:0
                                                                                                                            File Version Major:4
                                                                                                                            File Version Minor:0
                                                                                                                            Subsystem Version Major:4
                                                                                                                            Subsystem Version Minor:0
                                                                                                                            Import Hash:e9c0657252137ac61c1eeeba4c021000

                                                                                                                            Authenticode Signature

                                                                                                                            Signature Valid:true
                                                                                                                            Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                                            Signature Validation Error:The operation completed successfully
                                                                                                                            Error Number:0
                                                                                                                            Not Before, Not After
                                                                                                                            • 9/10/2018 5:00:00 PM 9/10/2021 4:59:59 PM
                                                                                                                            Subject Chain
                                                                                                                            • CN=Wildix EE OU, O=Wildix EE OU, STREET="Roosikrantsi, 2 - K309", L=Tallinn, S=Estonia, PostalCode=10119, C=IT
                                                                                                                            Version:3
                                                                                                                            Thumbprint MD5:D86660A70313A4B44379368A3359F6DC
                                                                                                                            Thumbprint SHA-1:740E47D942E3484FC1B7F799905D9C49BD111DAA
                                                                                                                            Thumbprint SHA-256:E9428FDFC636C8EE09E3C8814D3C8677C01B362525E255EE33A5AD10535C6C4A
                                                                                                                            Serial:56A07594F7C4C0EDAAB3DAB03BEAA73E

                                                                                                                            Entrypoint Preview

                                                                                                                            Instruction
                                                                                                                            sub esp, 00000184h
                                                                                                                            push ebx
                                                                                                                            push esi
                                                                                                                            push edi
                                                                                                                            xor ebx, ebx
                                                                                                                            push 00008001h
                                                                                                                            mov dword ptr [esp+18h], ebx
                                                                                                                            mov dword ptr [esp+10h], 0040A198h
                                                                                                                            mov dword ptr [esp+20h], ebx
                                                                                                                            mov byte ptr [esp+14h], 00000020h
                                                                                                                            call dword ptr [004080A0h]
                                                                                                                            call dword ptr [0040809Ch]
                                                                                                                            and eax, BFFFFFFFh
                                                                                                                            cmp ax, 00000006h
                                                                                                                            mov dword ptr [0042F40Ch], eax
                                                                                                                            je 00007F58B8A02ED3h
                                                                                                                            push ebx
                                                                                                                            call 00007F58B8A05FBBh
                                                                                                                            cmp eax, ebx
                                                                                                                            je 00007F58B8A02EC9h
                                                                                                                            push 00000C00h
                                                                                                                            call eax
                                                                                                                            mov esi, 00408298h
                                                                                                                            push esi
                                                                                                                            call 00007F58B8A05F37h
                                                                                                                            push esi
                                                                                                                            call dword ptr [00408098h]
                                                                                                                            lea esi, dword ptr [esi+eax+01h]
                                                                                                                            cmp byte ptr [esi], bl
                                                                                                                            jne 00007F58B8A02EADh
                                                                                                                            push 0000000Ah
                                                                                                                            call 00007F58B8A05F8Fh
                                                                                                                            push 00000008h
                                                                                                                            call 00007F58B8A05F88h
                                                                                                                            push 00000006h
                                                                                                                            mov dword ptr [0042F404h], eax
                                                                                                                            call 00007F58B8A05F7Ch
                                                                                                                            cmp eax, ebx
                                                                                                                            je 00007F58B8A02ED1h
                                                                                                                            push 0000001Eh
                                                                                                                            call eax
                                                                                                                            test eax, eax
                                                                                                                            je 00007F58B8A02EC9h
                                                                                                                            or byte ptr [0042F40Fh], 00000040h
                                                                                                                            push ebp
                                                                                                                            call dword ptr [00408040h]
                                                                                                                            push ebx
                                                                                                                            call dword ptr [00408284h]
                                                                                                                            mov dword ptr [0042F4D8h], eax
                                                                                                                            push ebx
                                                                                                                            lea eax, dword ptr [esp+38h]
                                                                                                                            push 00000160h
                                                                                                                            push eax
                                                                                                                            push ebx
                                                                                                                            push 00429830h
                                                                                                                            call dword ptr [00408178h]
                                                                                                                            push 0040A188h

                                                                                                                            Rich Headers

                                                                                                                            Programming Language:
                                                                                                                            • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                            Data Directories

                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x853c0xa0.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x3d0000x47058.rsrc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x42bfc80x21b0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x80000x294.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                            Sections

                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                            .text0x10000x62ff0x6400False0.672421875data6.457821426487787IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                            .rdata0x80000x134a0x1400False0.459765625data5.238921057104071IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .data0xa0000x255180x600False0.4557291666666667data4.049203760121162IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            .ndata0x300000xd0000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            .rsrc0x3d0000x470580x47200False0.048845287785588755data1.3027496736142952IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                            Resources

                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                            RT_ICON0x3d2e00x42028Device independent bitmap graphic, 256 x 512 x 32, image size 270336EnglishUnited States
                                                                                                                            RT_ICON0x7f3080x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                                                                            RT_ICON0x818b00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                                                                            RT_ICON0x829580x568Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                                                                            RT_ICON0x82ec00x468dataEnglishUnited States
                                                                                                                            RT_ICON0x833280x2e8dataEnglishUnited States
                                                                                                                            RT_ICON0x836100x128dataEnglishUnited States
                                                                                                                            RT_DIALOG0x837380x200dataEnglishUnited States
                                                                                                                            RT_DIALOG0x839380xf8dataEnglishUnited States
                                                                                                                            RT_DIALOG0x83a300xa0dataEnglishUnited States
                                                                                                                            RT_DIALOG0x83ad00xeedataEnglishUnited States
                                                                                                                            RT_GROUP_ICON0x83bc00x68dataEnglishUnited States
                                                                                                                            RT_MANIFEST0x83c280x42eXML 1.0 document, ASCII text, with very long lines (1070), with no line terminatorsEnglishUnited States

                                                                                                                            Imports

                                                                                                                            DLLImport
                                                                                                                            KERNEL32.dllGetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetFileAttributesA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileTime, GetFileAttributesA, SetCurrentDirectoryA, MoveFileA, GetFullPathNameA, GetShortPathNameA, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, DeleteFileA, FindFirstFileA, FindNextFileA, FindClose, SetFilePointer, GetPrivateProfileStringA, WritePrivateProfileStringA, MulDiv, MultiByteToWideChar, FreeLibrary, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
                                                                                                                            USER32.dllGetSystemMenu, SetClassLongA, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, LoadImageA, CreateDialogParamA, SetTimer, SetWindowTextA, SetForegroundWindow, ShowWindow, SetWindowLongA, SendMessageTimeoutA, FindWindowExA, IsWindow, AppendMenuA, TrackPopupMenu, CreatePopupMenu, DrawTextA, EndPaint, DestroyWindow, wsprintfA, PostQuitMessage
                                                                                                                            GDI32.dllSelectObject, SetTextColor, SetBkMode, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, GetDeviceCaps, SetBkColor
                                                                                                                            SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
                                                                                                                            ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                                            COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                            ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                            Possible Origin

                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                            EnglishUnited States

                                                                                                                            Network Behavior

                                                                                                                            Network Port Distribution

                                                                                                                            TCP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Dec 29, 2022 16:07:24.009186029 CET49703443192.168.2.33.64.145.227
                                                                                                                            Dec 29, 2022 16:07:24.009275913 CET443497033.64.145.227192.168.2.3
                                                                                                                            Dec 29, 2022 16:07:24.009943962 CET49703443192.168.2.33.64.145.227
                                                                                                                            Dec 29, 2022 16:07:24.012269974 CET49703443192.168.2.33.64.145.227
                                                                                                                            Dec 29, 2022 16:07:24.012315989 CET443497033.64.145.227192.168.2.3
                                                                                                                            Dec 29, 2022 16:07:24.089986086 CET443497033.64.145.227192.168.2.3
                                                                                                                            Dec 29, 2022 16:07:24.090831995 CET49703443192.168.2.33.64.145.227
                                                                                                                            Dec 29, 2022 16:07:24.090895891 CET443497033.64.145.227192.168.2.3
                                                                                                                            Dec 29, 2022 16:07:24.092381001 CET443497033.64.145.227192.168.2.3
                                                                                                                            Dec 29, 2022 16:07:24.092518091 CET49703443192.168.2.33.64.145.227
                                                                                                                            Dec 29, 2022 16:07:24.094681025 CET49703443192.168.2.33.64.145.227
                                                                                                                            Dec 29, 2022 16:07:24.094732046 CET443497033.64.145.227192.168.2.3
                                                                                                                            Dec 29, 2022 16:07:24.094865084 CET443497033.64.145.227192.168.2.3
                                                                                                                            Dec 29, 2022 16:07:24.094985962 CET49703443192.168.2.33.64.145.227
                                                                                                                            Dec 29, 2022 16:07:24.095000982 CET443497033.64.145.227192.168.2.3
                                                                                                                            Dec 29, 2022 16:07:24.188210011 CET443497033.64.145.227192.168.2.3
                                                                                                                            Dec 29, 2022 16:07:24.188317060 CET49703443192.168.2.33.64.145.227
                                                                                                                            Dec 29, 2022 16:07:24.224694014 CET49703443192.168.2.33.64.145.227
                                                                                                                            Dec 29, 2022 16:07:24.224766016 CET443497033.64.145.227192.168.2.3
                                                                                                                            Dec 29, 2022 16:07:24.225012064 CET49703443192.168.2.33.64.145.227

                                                                                                                            UDP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Dec 29, 2022 16:07:23.955455065 CET6062553192.168.2.38.8.8.8
                                                                                                                            Dec 29, 2022 16:07:23.975960970 CET53606258.8.8.8192.168.2.3

                                                                                                                            DNS Queries

                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                            Dec 29, 2022 16:07:23.955455065 CET192.168.2.38.8.8.80x7194Standard query (0)feedback.wildix.comA (IP address)IN (0x0001)false

                                                                                                                            DNS Answers

                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                            Dec 29, 2022 16:07:23.975960970 CET8.8.8.8192.168.2.30x7194No error (0)feedback.wildix.com3.64.145.227A (IP address)IN (0x0001)false
                                                                                                                            Dec 29, 2022 16:07:23.975960970 CET8.8.8.8192.168.2.30x7194No error (0)feedback.wildix.com54.93.167.246A (IP address)IN (0x0001)false

                                                                                                                            HTTP Request Dependency Graph

                                                                                                                            • feedback.wildix.com

                                                                                                                            HTTPS Proxied Packets

                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            0192.168.2.3497033.64.145.227443C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            2022-12-29 15:07:24 UTC0OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                                                                            Host: feedback.wildix.com
                                                                                                                            Accept: */*
                                                                                                                            Content-Length: 331
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            2022-12-29 15:07:24 UTC0OUTData Raw: 65 76 65 6e 74 3d 77 69 53 65 72 76 69 63 65 53 74 61 72 74 65 64 26 64 61 74 61 3d 7b 22 61 70 70 4e 61 6d 65 22 3a 22 77 69 73 65 72 76 69 63 65 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 2e 31 35 2e 32 2e 31 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 6d 65 73 73 61 67 65 49 64 22 3a 22 4b 34 4b 37 43 46 50 4f 61 71 34 70 73 57 4a 76 6d 63 32 7a 6f 77 58 79 36 32 70 38 39 69 4e 4a 22 2c 22 6f 73 22 3a 22 57 69 6e 64 6f 77 73 5f 4e 54 22 2c 22 6f 73 42 75 69 6c 64 22 3a 22 22 2c 22 6f 73 4e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 45 6e 74 65 72 70 72 69 73 65 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 37 31 33 34 22 2c 22 70 62 78 22 3a 22 22 2c 22 70 69 64 22 3a 33 34 31 36 2c 22 72
                                                                                                                            Data Ascii: event=wiServiceStarted&data={"appName":"wiservice","version":"2.15.2.1"}&context={"extension":"","messageId":"K4K7CFPOaq4psWJvmc2zowXy62p89iNJ","os":"Windows_NT","osBuild":"","osName":"Windows 10 Enterprise","osVersion":"10.0.17134","pbx":"","pid":3416,"r
                                                                                                                            2022-12-29 15:07:24 UTC0INHTTP/1.1 200 OK
                                                                                                                            Date: Thu, 29 Dec 2022 15:07:24 GMT
                                                                                                                            Content-Type: text/html;charset=UTF-8
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            Server: nginx/1.16.1
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Access-Control-Allow-Headers: accept, authorization, content-type
                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                            P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                                                                            2022-12-29 15:07:24 UTC0INData Raw: 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: 0


                                                                                                                            Statistics

                                                                                                                            CPU Usage

                                                                                                                            Click to jump to process

                                                                                                                            Memory Usage

                                                                                                                            Click to jump to process

                                                                                                                            High Level Behavior Distribution

                                                                                                                            Click to dive into process behavior distribution

                                                                                                                            Behavior

                                                                                                                            Click to jump to process

                                                                                                                            System Behavior

                                                                                                                            General

                                                                                                                            Target ID:0
                                                                                                                            Start time:16:06:57
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                            Imagebase:0x400000
                                                                                                                            File size:4383096 bytes
                                                                                                                            MD5 hash:1927469A9B3FE32F0A7C8216F444BF7C
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:1
                                                                                                                            Start time:16:06:58
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:cmd /C taskkill /F /IM WIService.exe
                                                                                                                            Imagebase:0xb0000
                                                                                                                            File size:232960 bytes
                                                                                                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:2
                                                                                                                            Start time:16:06:58
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff745070000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:3
                                                                                                                            Start time:16:06:59
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:taskkill /F /IM WIService.exe
                                                                                                                            Imagebase:0x12a0000
                                                                                                                            File size:74752 bytes
                                                                                                                            MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:4
                                                                                                                            Start time:16:07:01
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:cmd /C taskkill /F /IM WIui.exe
                                                                                                                            Imagebase:0xb0000
                                                                                                                            File size:232960 bytes
                                                                                                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:5
                                                                                                                            Start time:16:07:01
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff745070000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:6
                                                                                                                            Start time:16:07:01
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:taskkill /F /IM WIui.exe
                                                                                                                            Imagebase:0x12a0000
                                                                                                                            File size:74752 bytes
                                                                                                                            MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:7
                                                                                                                            Start time:16:07:02
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:cmd /C taskkill /F /IM wirtpproxy.exe
                                                                                                                            Imagebase:0xb0000
                                                                                                                            File size:232960 bytes
                                                                                                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:8
                                                                                                                            Start time:16:07:03
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff745070000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:9
                                                                                                                            Start time:16:07:03
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:taskkill /F /IM wirtpproxy.exe
                                                                                                                            Imagebase:0x12a0000
                                                                                                                            File size:74752 bytes
                                                                                                                            MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:10
                                                                                                                            Start time:16:07:04
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:cmd /C taskkill /F /IM wiservice-ui.exe
                                                                                                                            Imagebase:0xb0000
                                                                                                                            File size:232960 bytes
                                                                                                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:11
                                                                                                                            Start time:16:07:04
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff745070000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:12
                                                                                                                            Start time:16:07:04
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:taskkill /F /IM wiservice-ui.exe
                                                                                                                            Imagebase:0x12a0000
                                                                                                                            File size:74752 bytes
                                                                                                                            MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:13
                                                                                                                            Start time:16:07:05
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:cmd /C taskkill /F /IM vncsrv.exe
                                                                                                                            Imagebase:0xb0000
                                                                                                                            File size:232960 bytes
                                                                                                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:14
                                                                                                                            Start time:16:07:05
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff745070000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:15
                                                                                                                            Start time:16:07:05
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:taskkill /F /IM vncsrv.exe
                                                                                                                            Imagebase:0x12a0000
                                                                                                                            File size:74752 bytes
                                                                                                                            MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:16
                                                                                                                            Start time:16:07:10
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                                                                                            Imagebase:0x7ff651c80000
                                                                                                                            File size:51288 bytes
                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:17
                                                                                                                            Start time:16:07:10
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --proxyex
                                                                                                                            Imagebase:0x370000
                                                                                                                            File size:7814576 bytes
                                                                                                                            MD5 hash:723F23EEFB213A23959A28D1ED11D42D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Antivirus matches:
                                                                                                                            • Detection: 0%, ReversingLabs

                                                                                                                            General

                                                                                                                            Target ID:18
                                                                                                                            Start time:16:07:10
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k unistacksvcgroup
                                                                                                                            Imagebase:0x7ff651c80000
                                                                                                                            File size:51288 bytes
                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:19
                                                                                                                            Start time:16:07:16
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --installsvc
                                                                                                                            Imagebase:0x370000
                                                                                                                            File size:7814576 bytes
                                                                                                                            MD5 hash:723F23EEFB213A23959A28D1ED11D42D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:20
                                                                                                                            Start time:16:07:19
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
                                                                                                                            Imagebase:0x7ff651c80000
                                                                                                                            File size:51288 bytes
                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:21
                                                                                                                            Start time:16:07:19
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --hostsvc
                                                                                                                            Imagebase:0x370000
                                                                                                                            File size:7814576 bytes
                                                                                                                            MD5 hash:723F23EEFB213A23959A28D1ED11D42D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:22
                                                                                                                            Start time:16:07:20
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
                                                                                                                            Imagebase:0x7ff651c80000
                                                                                                                            File size:51288 bytes
                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:23
                                                                                                                            Start time:16:07:20
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Program Files (x86)\Wildix\WIService\WIService.exe"
                                                                                                                            Imagebase:0x370000
                                                                                                                            File size:7814576 bytes
                                                                                                                            MD5 hash:723F23EEFB213A23959A28D1ED11D42D
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:24
                                                                                                                            Start time:16:07:21
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\explorer.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\proxyex.lnk
                                                                                                                            Imagebase:0x7ff69fe90000
                                                                                                                            File size:3933184 bytes
                                                                                                                            MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:25
                                                                                                                            Start time:16:07:21
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                                                                                                            Imagebase:0x7ff651c80000
                                                                                                                            File size:51288 bytes
                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:26
                                                                                                                            Start time:16:07:22
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --watchdog
                                                                                                                            Imagebase:0x370000
                                                                                                                            File size:7814576 bytes
                                                                                                                            MD5 hash:723F23EEFB213A23959A28D1ED11D42D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:27
                                                                                                                            Start time:16:07:22
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\explorer.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                            Imagebase:0x7ff69fe90000
                                                                                                                            File size:3933184 bytes
                                                                                                                            MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:28
                                                                                                                            Start time:16:07:23
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:netstat -ano -p tcp
                                                                                                                            Imagebase:0x10f0000
                                                                                                                            File size:32768 bytes
                                                                                                                            MD5 hash:4E20FF629119A809BC0E7EE2D18A7FDB
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:29
                                                                                                                            Start time:16:07:23
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff745070000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:30
                                                                                                                            Start time:16:07:23
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\explorer.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                                                                            Imagebase:0x7ff69fe90000
                                                                                                                            File size:3933184 bytes
                                                                                                                            MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:31
                                                                                                                            Start time:16:07:24
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --proxyex
                                                                                                                            Imagebase:0x370000
                                                                                                                            File size:7814576 bytes
                                                                                                                            MD5 hash:723F23EEFB213A23959A28D1ED11D42D
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:32
                                                                                                                            Start time:16:07:24
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\explorer.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                            Imagebase:0x7ff69fe90000
                                                                                                                            File size:3933184 bytes
                                                                                                                            MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:33
                                                                                                                            Start time:16:07:25
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Program Files (x86)\Wildix\WIService\wiservice.exe"
                                                                                                                            Imagebase:0x370000
                                                                                                                            File size:7814576 bytes
                                                                                                                            MD5 hash:723F23EEFB213A23959A28D1ED11D42D
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:34
                                                                                                                            Start time:16:07:26
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\SgrmBroker.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\SgrmBroker.exe
                                                                                                                            Imagebase:0x7ff7b63c0000
                                                                                                                            File size:163336 bytes
                                                                                                                            MD5 hash:D3170A3F3A9626597EEE1888686E3EA6
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:35
                                                                                                                            Start time:16:07:27
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k netsvcs -p
                                                                                                                            Imagebase:0x7ff651c80000
                                                                                                                            File size:51288 bytes
                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:36
                                                                                                                            Start time:16:07:28
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
                                                                                                                            Imagebase:0x7ff651c80000
                                                                                                                            File size:51288 bytes
                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:37
                                                                                                                            Start time:16:07:28
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
                                                                                                                            Imagebase:0x7ff651c80000
                                                                                                                            File size:51288 bytes
                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:38
                                                                                                                            Start time:16:07:47
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:netstat -ano -p tcp
                                                                                                                            Imagebase:0x10f0000
                                                                                                                            File size:32768 bytes
                                                                                                                            MD5 hash:4E20FF629119A809BC0E7EE2D18A7FDB
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:39
                                                                                                                            Start time:16:07:47
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff745070000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:40
                                                                                                                            Start time:16:08:09
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:netstat -ano -p tcp
                                                                                                                            Imagebase:0x10f0000
                                                                                                                            File size:32768 bytes
                                                                                                                            MD5 hash:4E20FF629119A809BC0E7EE2D18A7FDB
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:41
                                                                                                                            Start time:16:08:10
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff745070000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:42
                                                                                                                            Start time:16:08:29
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                                                                                                                            Imagebase:0x7ff60ce40000
                                                                                                                            File size:455656 bytes
                                                                                                                            MD5 hash:A267555174BFA53844371226F482B86B
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:43
                                                                                                                            Start time:16:08:29
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff745070000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:44
                                                                                                                            Start time:16:08:31
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:netstat -ano -p tcp
                                                                                                                            Imagebase:0x10f0000
                                                                                                                            File size:32768 bytes
                                                                                                                            MD5 hash:4E20FF629119A809BC0E7EE2D18A7FDB
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:45
                                                                                                                            Start time:16:08:31
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff745070000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:46
                                                                                                                            Start time:16:08:52
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:netstat -ano -p tcp
                                                                                                                            Imagebase:0x10f0000
                                                                                                                            File size:32768 bytes
                                                                                                                            MD5 hash:4E20FF629119A809BC0E7EE2D18A7FDB
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:47
                                                                                                                            Start time:16:08:52
                                                                                                                            Start date:29/12/2022
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff745070000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            Disassembly

                                                                                                                            Reset < >

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:23.4%
                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                              Signature Coverage:16.9%
                                                                                                                              Total number of Nodes:1515
                                                                                                                              Total number of Limit Nodes:48
                                                                                                                              execution_graph 3815 401d41 3816 401d54 GetDlgItem 3815->3816 3817 401d47 3815->3817 3819 401d4e 3816->3819 3826 402b0a 3817->3826 3820 401d8f GetClientRect LoadImageA SendMessageA 3819->3820 3829 402b2c 3819->3829 3823 4029b8 3820->3823 3824 401deb 3820->3824 3824->3823 3825 401df3 DeleteObject 3824->3825 3825->3823 3835 406032 3826->3835 3828 402b1f 3828->3819 3830 402b38 3829->3830 3831 406032 17 API calls 3830->3831 3832 402b59 3831->3832 3833 402b65 3832->3833 3834 40627a 5 API calls 3832->3834 3833->3820 3834->3833 3845 40603f 3835->3845 3836 406261 3837 406276 3836->3837 3868 406010 lstrcpynA 3836->3868 3837->3828 3839 40623b lstrlenA 3839->3845 3841 406032 10 API calls 3841->3839 3844 406157 GetSystemDirectoryA 3844->3845 3845->3836 3845->3839 3845->3841 3845->3844 3846 40616a GetWindowsDirectoryA 3845->3846 3848 406032 10 API calls 3845->3848 3849 4061e4 lstrcatA 3845->3849 3850 40619e SHGetSpecialFolderLocation 3845->3850 3852 405ef7 3845->3852 3857 40627a 3845->3857 3866 405f6e wsprintfA 3845->3866 3867 406010 lstrcpynA 3845->3867 3846->3845 3848->3845 3849->3845 3850->3845 3851 4061b6 SHGetPathFromIDListA CoTaskMemFree 3850->3851 3851->3845 3869 405e96 3852->3869 3855 405f5a 3855->3845 3856 405f2b RegQueryValueExA RegCloseKey 3856->3855 3863 406286 3857->3863 3858 4062f2 CharPrevA 3859 4062ee 3858->3859 3859->3858 3861 40630d 3859->3861 3860 4062e3 CharNextA 3860->3859 3860->3863 3861->3845 3863->3859 3863->3860 3864 4062d1 CharNextA 3863->3864 3865 4062de CharNextA 3863->3865 3873 4059d3 3863->3873 3864->3863 3865->3860 3866->3845 3867->3845 3868->3837 3870 405ea5 3869->3870 3871 405ea9 3870->3871 3872 405eae RegOpenKeyExA 3870->3872 3871->3855 3871->3856 3872->3871 3874 4059d9 3873->3874 3875 4059ec 3874->3875 3876 4059df CharNextA 3874->3876 3875->3863 3876->3874 4782 401ec3 4783 402b2c 17 API calls 4782->4783 4784 401ec9 4783->4784 4785 402b2c 17 API calls 4784->4785 4786 401ed2 4785->4786 4787 402b2c 17 API calls 4786->4787 4788 401edb 4787->4788 4789 402b2c 17 API calls 4788->4789 4790 401ee4 4789->4790 4791 401423 24 API calls 4790->4791 4792 401eeb 4791->4792 4799 4056f2 ShellExecuteExA 4792->4799 4794 401f29 4795 40641d 5 API calls 4794->4795 4797 402783 4794->4797 4796 401f43 FindCloseChangeNotification 4795->4796 4796->4797 4799->4794 3990 401746 3991 402b2c 17 API calls 3990->3991 3992 40174d 3991->3992 3996 405bd8 3992->3996 3994 401754 3995 405bd8 2 API calls 3994->3995 3995->3994 3997 405be3 GetTickCount GetTempFileNameA 3996->3997 3998 405c10 3997->3998 3999 405c14 3997->3999 3998->3997 3998->3999 3999->3994 4800 401947 4801 402b2c 17 API calls 4800->4801 4802 40194e lstrlenA 4801->4802 4803 4025e4 4802->4803 4000 401f48 4001 402b2c 17 API calls 4000->4001 4002 401f4e 4001->4002 4003 405137 24 API calls 4002->4003 4004 401f58 4003->4004 4013 4056af CreateProcessA 4004->4013 4007 401f7f FindCloseChangeNotification 4011 402783 4007->4011 4010 401f73 4010->4007 4021 405f6e wsprintfA 4010->4021 4014 4056e2 CloseHandle 4013->4014 4015 401f5e 4013->4015 4014->4015 4015->4007 4015->4011 4016 40641d WaitForSingleObject 4015->4016 4017 406437 4016->4017 4018 406449 GetExitCodeProcess 4017->4018 4022 4063e4 4017->4022 4018->4010 4021->4007 4023 406401 PeekMessageA 4022->4023 4024 406411 WaitForSingleObject 4023->4024 4025 4063f7 DispatchMessageA 4023->4025 4024->4017 4025->4023 4804 401fc8 4805 402b2c 17 API calls 4804->4805 4806 401fcf 4805->4806 4807 4063a8 5 API calls 4806->4807 4808 401fde 4807->4808 4809 401ff6 GlobalAlloc 4808->4809 4811 40205e 4808->4811 4810 40200a 4809->4810 4809->4811 4812 4063a8 5 API calls 4810->4812 4813 402011 4812->4813 4814 4063a8 5 API calls 4813->4814 4815 40201b 4814->4815 4815->4811 4819 405f6e wsprintfA 4815->4819 4817 402052 4820 405f6e wsprintfA 4817->4820 4819->4817 4820->4811 4821 4025c8 4822 402b2c 17 API calls 4821->4822 4823 4025cf 4822->4823 4826 405ba9 GetFileAttributesA CreateFileA 4823->4826 4825 4025db 4826->4825 4068 403bca 4069 403be2 4068->4069 4070 403d1d 4068->4070 4069->4070 4071 403bee 4069->4071 4072 403d6e 4070->4072 4073 403d2e GetDlgItem GetDlgItem 4070->4073 4074 403bf9 SetWindowPos 4071->4074 4075 403c0c 4071->4075 4077 403dc8 4072->4077 4085 401389 2 API calls 4072->4085 4139 40409e 4073->4139 4074->4075 4079 403c11 ShowWindow 4075->4079 4080 403c29 4075->4080 4098 403d18 4077->4098 4145 4040ea 4077->4145 4079->4080 4082 403c31 DestroyWindow 4080->4082 4083 403c4b 4080->4083 4081 403d58 KiUserCallbackDispatcher 4142 40140b 4081->4142 4138 404027 4082->4138 4086 403c50 SetWindowLongA 4083->4086 4087 403c61 4083->4087 4088 403da0 4085->4088 4086->4098 4091 403d0a 4087->4091 4092 403c6d GetDlgItem 4087->4092 4088->4077 4093 403da4 SendMessageA 4088->4093 4089 40140b 2 API calls 4108 403dda 4089->4108 4090 404029 DestroyWindow EndDialog 4090->4138 4161 404105 4091->4161 4096 403c80 SendMessageA IsWindowEnabled 4092->4096 4097 403c9d 4092->4097 4093->4098 4095 404058 ShowWindow 4095->4098 4096->4097 4096->4098 4100 403caa 4097->4100 4101 403cf1 SendMessageA 4097->4101 4102 403cbd 4097->4102 4111 403ca2 4097->4111 4099 406032 17 API calls 4099->4108 4100->4101 4100->4111 4101->4091 4105 403cc5 4102->4105 4106 403cda 4102->4106 4104 40409e 18 API calls 4104->4108 4109 40140b 2 API calls 4105->4109 4110 40140b 2 API calls 4106->4110 4107 403cd8 4107->4091 4108->4089 4108->4090 4108->4098 4108->4099 4108->4104 4113 40409e 18 API calls 4108->4113 4129 403f69 DestroyWindow 4108->4129 4109->4111 4112 403ce1 4110->4112 4158 404077 4111->4158 4112->4091 4112->4111 4114 403e55 GetDlgItem 4113->4114 4115 403e72 ShowWindow KiUserCallbackDispatcher 4114->4115 4116 403e6a 4114->4116 4148 4040c0 KiUserCallbackDispatcher 4115->4148 4116->4115 4118 403e9c EnableWindow 4123 403eb0 4118->4123 4119 403eb5 GetSystemMenu EnableMenuItem SendMessageA 4120 403ee5 SendMessageA 4119->4120 4119->4123 4120->4123 4123->4119 4149 4040d3 SendMessageA 4123->4149 4150 403bab 4123->4150 4153 406010 lstrcpynA 4123->4153 4125 403f14 lstrlenA 4126 406032 17 API calls 4125->4126 4127 403f25 SetWindowTextA 4126->4127 4154 401389 4127->4154 4130 403f83 CreateDialogParamA 4129->4130 4129->4138 4131 403fb6 4130->4131 4130->4138 4132 40409e 18 API calls 4131->4132 4133 403fc1 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4132->4133 4134 401389 2 API calls 4133->4134 4135 404007 4134->4135 4135->4098 4136 40400f ShowWindow 4135->4136 4137 4040ea SendMessageA 4136->4137 4137->4138 4138->4095 4138->4098 4140 406032 17 API calls 4139->4140 4141 4040a9 SetDlgItemTextA 4140->4141 4141->4081 4143 401389 2 API calls 4142->4143 4144 401420 4143->4144 4144->4072 4146 404102 4145->4146 4147 4040f3 SendMessageA 4145->4147 4146->4108 4147->4146 4148->4118 4149->4123 4151 406032 17 API calls 4150->4151 4152 403bb9 SetWindowTextA 4151->4152 4152->4123 4153->4125 4156 401390 4154->4156 4155 4013fe 4155->4108 4156->4155 4157 4013cb MulDiv SendMessageA 4156->4157 4157->4156 4159 404084 SendMessageA 4158->4159 4160 40407e 4158->4160 4159->4107 4160->4159 4162 4041c8 4161->4162 4163 40411d GetWindowLongA 4161->4163 4162->4098 4163->4162 4164 404132 4163->4164 4164->4162 4165 404162 4164->4165 4166 40415f GetSysColor 4164->4166 4167 404172 SetBkMode 4165->4167 4168 404168 SetTextColor 4165->4168 4166->4165 4169 404190 4167->4169 4170 40418a GetSysColor 4167->4170 4168->4167 4171 4041a1 4169->4171 4172 404197 SetBkColor 4169->4172 4170->4169 4171->4162 4173 4041b4 DeleteObject 4171->4173 4174 4041bb CreateBrushIndirect 4171->4174 4172->4171 4173->4174 4174->4162 4175 4014ca 4176 405137 24 API calls 4175->4176 4177 4014d1 4176->4177 4827 40254c 4828 402b6c 17 API calls 4827->4828 4829 402556 4828->4829 4830 402b0a 17 API calls 4829->4830 4831 40255f 4830->4831 4832 402586 RegEnumValueA 4831->4832 4833 40257a RegEnumKeyA 4831->4833 4835 402783 4831->4835 4834 40259b RegCloseKey 4832->4834 4833->4834 4834->4835 4837 73911000 4840 7391101b 4837->4840 4847 739114bb 4840->4847 4842 73911020 4843 73911024 4842->4843 4844 73911027 GlobalAlloc 4842->4844 4851 739114e2 wsprintfA 4843->4851 4844->4843 4849 739114c1 4847->4849 4848 739114c7 4848->4842 4849->4848 4850 739114d3 GlobalFree 4849->4850 4850->4842 4854 73911266 4851->4854 4855 73911019 4854->4855 4856 7391126f GlobalAlloc lstrcpynA 4854->4856 4856->4855 4857 4041d4 lstrcpynA lstrlenA 4654 4014d6 4655 402b0a 17 API calls 4654->4655 4656 4014dc Sleep 4655->4656 4658 4029b8 4656->4658 4677 401759 4678 402b2c 17 API calls 4677->4678 4679 401760 4678->4679 4680 401786 4679->4680 4681 40177e 4679->4681 4717 406010 lstrcpynA 4680->4717 4716 406010 lstrcpynA 4681->4716 4684 401784 4688 40627a 5 API calls 4684->4688 4685 401791 4686 4059a8 3 API calls 4685->4686 4687 401797 lstrcatA 4686->4687 4687->4684 4692 4017a3 4688->4692 4689 406313 2 API calls 4689->4692 4690 405b84 2 API calls 4690->4692 4692->4689 4692->4690 4693 4017ba CompareFileTime 4692->4693 4694 40187e 4692->4694 4702 406032 17 API calls 4692->4702 4706 406010 lstrcpynA 4692->4706 4711 40572c MessageBoxIndirectA 4692->4711 4712 401855 4692->4712 4715 405ba9 GetFileAttributesA CreateFileA 4692->4715 4693->4692 4695 405137 24 API calls 4694->4695 4697 401888 4695->4697 4696 405137 24 API calls 4713 40186a 4696->4713 4698 402ffb 31 API calls 4697->4698 4699 40189b 4698->4699 4700 4018af SetFileTime 4699->4700 4701 4018c1 FindCloseChangeNotification 4699->4701 4700->4701 4703 4018d2 4701->4703 4701->4713 4702->4692 4704 4018d7 4703->4704 4705 4018ea 4703->4705 4707 406032 17 API calls 4704->4707 4708 406032 17 API calls 4705->4708 4706->4692 4709 4018df lstrcatA 4707->4709 4710 4018f2 4708->4710 4709->4710 4710->4713 4714 40572c MessageBoxIndirectA 4710->4714 4711->4692 4712->4696 4712->4713 4714->4713 4715->4692 4716->4684 4717->4685 4858 401659 4859 402b2c 17 API calls 4858->4859 4860 40165f 4859->4860 4861 406313 2 API calls 4860->4861 4862 401665 4861->4862 4863 401959 4864 402b0a 17 API calls 4863->4864 4865 401960 4864->4865 4866 402b0a 17 API calls 4865->4866 4867 40196d 4866->4867 4868 402b2c 17 API calls 4867->4868 4869 401984 lstrlenA 4868->4869 4871 401994 4869->4871 4870 4019d4 4871->4870 4875 406010 lstrcpynA 4871->4875 4873 4019c4 4873->4870 4874 4019c9 lstrlenA 4873->4874 4874->4870 4875->4873 4718 4024da 4719 402b6c 17 API calls 4718->4719 4720 4024e4 4719->4720 4721 402b2c 17 API calls 4720->4721 4722 4024ed 4721->4722 4723 4024f7 RegQueryValueExA 4722->4723 4724 402783 4722->4724 4725 402517 4723->4725 4726 40251d RegCloseKey 4723->4726 4725->4726 4729 405f6e wsprintfA 4725->4729 4726->4724 4729->4726 4876 401cda 4877 402b0a 17 API calls 4876->4877 4878 401ce0 IsWindow 4877->4878 4879 401a0e 4878->4879 4880 402cdd 4881 402d05 4880->4881 4882 402cec SetTimer 4880->4882 4883 402d5a 4881->4883 4884 402d1f MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 4881->4884 4882->4881 4884->4883 4885 401a5e 4886 402b0a 17 API calls 4885->4886 4887 401a67 4886->4887 4888 402b0a 17 API calls 4887->4888 4889 401a0e 4888->4889 3881 401b63 3882 401b70 3881->3882 3883 401bb4 3881->3883 3884 40233b 3882->3884 3890 401b87 3882->3890 3885 401bb8 3883->3885 3886 401bdd GlobalAlloc 3883->3886 3888 406032 17 API calls 3884->3888 3899 401bf8 3885->3899 3900 406010 lstrcpynA 3885->3900 3887 406032 17 API calls 3886->3887 3887->3899 3889 402348 3888->3889 3889->3899 3903 40572c 3889->3903 3901 406010 lstrcpynA 3890->3901 3893 401bca GlobalFree 3893->3899 3894 401b96 3902 406010 lstrcpynA 3894->3902 3897 401ba5 3907 406010 lstrcpynA 3897->3907 3900->3893 3901->3894 3902->3897 3906 405741 3903->3906 3904 40578d 3904->3899 3905 405755 MessageBoxIndirectA 3905->3904 3906->3904 3906->3905 3907->3899 4890 401563 4891 402960 4890->4891 4894 405f6e wsprintfA 4891->4894 4893 402965 4894->4893 4895 402363 4896 40236b 4895->4896 4899 402371 4895->4899 4897 402b2c 17 API calls 4896->4897 4897->4899 4898 402381 4901 40238f 4898->4901 4902 402b2c 17 API calls 4898->4902 4899->4898 4900 402b2c 17 API calls 4899->4900 4900->4898 4903 402b2c 17 API calls 4901->4903 4902->4901 4904 402398 WritePrivateProfileStringA 4903->4904 3980 402765 3981 402b2c 17 API calls 3980->3981 3982 40276c FindFirstFileA 3981->3982 3983 40278f 3982->3983 3986 40277f 3982->3986 3988 405f6e wsprintfA 3983->3988 3985 402796 3989 406010 lstrcpynA 3985->3989 3988->3985 3989->3986 4905 73911837 4906 7391185a 4905->4906 4907 7391188a GlobalFree 4906->4907 4908 7391189c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 4906->4908 4907->4908 4909 73911266 2 API calls 4908->4909 4910 73911a1e GlobalFree GlobalFree 4909->4910 4026 4023e8 4027 40241a 4026->4027 4028 4023ef 4026->4028 4030 402b2c 17 API calls 4027->4030 4037 402b6c 4028->4037 4032 402421 4030->4032 4042 402bea 4032->4042 4034 402b2c 17 API calls 4036 402407 RegDeleteValueA RegCloseKey 4034->4036 4035 40242e 4036->4035 4038 402b2c 17 API calls 4037->4038 4039 402b83 4038->4039 4040 405e96 RegOpenKeyExA 4039->4040 4041 4023f6 4040->4041 4041->4034 4041->4035 4043 402bf6 4042->4043 4044 402bfd 4042->4044 4043->4035 4044->4043 4046 402c2e 4044->4046 4047 405e96 RegOpenKeyExA 4046->4047 4048 402c5c 4047->4048 4049 402c60 4048->4049 4050 402cd6 4048->4050 4051 402c82 RegEnumKeyA 4049->4051 4052 402c99 RegCloseKey 4049->4052 4053 402cba RegCloseKey 4049->4053 4055 402c2e 6 API calls 4049->4055 4050->4043 4051->4049 4051->4052 4059 4063a8 GetModuleHandleA 4052->4059 4053->4050 4055->4049 4057 402cca RegDeleteKeyA 4057->4050 4058 402cad 4058->4050 4060 4063c4 4059->4060 4061 4063ce GetProcAddress 4059->4061 4065 40633a GetSystemDirectoryA 4060->4065 4063 402ca9 4061->4063 4063->4057 4063->4058 4064 4063ca 4064->4061 4064->4063 4067 40635c wsprintfA LoadLibraryExA 4065->4067 4067->4064 4911 4044e9 4912 4044f9 4911->4912 4913 40451f 4911->4913 4914 40409e 18 API calls 4912->4914 4915 404105 8 API calls 4913->4915 4916 404506 SetDlgItemTextA 4914->4916 4917 40452b 4915->4917 4916->4913 4918 73911638 4919 73911667 4918->4919 4942 73911a98 4919->4942 4921 7391166e 4922 73911681 4921->4922 4923 73911675 4921->4923 4925 739116a8 4922->4925 4926 7391168b 4922->4926 4924 73911266 2 API calls 4923->4924 4929 7391167f 4924->4929 4927 739116d2 4925->4927 4928 739116ae 4925->4928 4930 739114e2 3 API calls 4926->4930 4932 739114e2 3 API calls 4927->4932 4931 73911559 3 API calls 4928->4931 4933 73911690 4930->4933 4934 739116b3 4931->4934 4932->4929 4974 73911559 4933->4974 4936 73911266 2 API calls 4934->4936 4938 739116b9 GlobalFree 4936->4938 4938->4929 4940 739116cd GlobalFree 4938->4940 4939 73911266 2 API calls 4941 7391169c GlobalFree 4939->4941 4940->4929 4941->4929 4979 73911215 GlobalAlloc 4942->4979 4944 73911abf 4980 73911215 GlobalAlloc 4944->4980 4946 73911d00 GlobalFree GlobalFree GlobalFree 4947 73911d1d 4946->4947 4965 73911d67 4946->4965 4948 739120f1 4947->4948 4957 73911d32 4947->4957 4947->4965 4950 73912113 GetModuleHandleA 4948->4950 4948->4965 4949 73911bbd GlobalAlloc 4968 73911aca 4949->4968 4953 73912124 LoadLibraryA 4950->4953 4954 73912139 4950->4954 4951 73911c08 lstrcpyA 4956 73911c12 lstrcpyA 4951->4956 4952 73911c26 GlobalFree 4952->4968 4953->4954 4953->4965 4987 739115c2 GetProcAddress 4954->4987 4956->4968 4957->4965 4983 73911224 4957->4983 4958 7391218a 4962 73912197 lstrlenA 4958->4962 4958->4965 4959 73911fb7 4986 73911215 GlobalAlloc 4959->4986 4988 739115c2 GetProcAddress 4962->4988 4963 73911ef9 GlobalFree 4963->4968 4964 73912033 4964->4965 4971 7391208c lstrcpyA 4964->4971 4965->4921 4966 7391214b 4966->4958 4972 73912174 GetProcAddress 4966->4972 4968->4946 4968->4949 4968->4951 4968->4952 4968->4956 4968->4959 4968->4963 4968->4964 4968->4965 4969 73911224 2 API calls 4968->4969 4981 73911534 GlobalSize GlobalAlloc 4968->4981 4969->4968 4971->4965 4972->4958 4973 73911fbf 4973->4921 4990 73911215 GlobalAlloc 4974->4990 4976 7391155e 4991 7391156b 4976->4991 4979->4944 4980->4968 4982 73911552 4981->4982 4982->4968 4989 73911215 GlobalAlloc 4983->4989 4985 73911233 lstrcpynA 4985->4965 4986->4973 4987->4966 4988->4965 4989->4985 4990->4976 4992 739115a4 lstrcpyA 4991->4992 4993 73911577 wsprintfA 4991->4993 4996 73911568 4992->4996 4993->4996 4996->4939 4178 40206a 4179 40212a 4178->4179 4180 40207c 4178->4180 4182 401423 24 API calls 4179->4182 4181 402b2c 17 API calls 4180->4181 4183 402083 4181->4183 4189 4022a9 4182->4189 4184 402b2c 17 API calls 4183->4184 4185 40208c 4184->4185 4186 4020a1 LoadLibraryExA 4185->4186 4187 402094 GetModuleHandleA 4185->4187 4186->4179 4188 4020b1 GetProcAddress 4186->4188 4187->4186 4187->4188 4190 4020c0 4188->4190 4191 4020fd 4188->4191 4194 4020d0 4190->4194 4196 401423 4190->4196 4192 405137 24 API calls 4191->4192 4192->4194 4194->4189 4195 40211e FreeLibrary 4194->4195 4195->4189 4197 405137 24 API calls 4196->4197 4198 401431 4197->4198 4198->4194 4997 40166a 4998 402b2c 17 API calls 4997->4998 4999 401671 4998->4999 5000 402b2c 17 API calls 4999->5000 5001 40167a 5000->5001 5002 402b2c 17 API calls 5001->5002 5003 401683 MoveFileA 5002->5003 5004 401696 5003->5004 5005 40168f 5003->5005 5006 406313 2 API calls 5004->5006 5009 4022a9 5004->5009 5007 401423 24 API calls 5005->5007 5008 4016a5 5006->5008 5007->5009 5008->5009 5010 405def 36 API calls 5008->5010 5010->5005 5011 4025ea 5012 402603 5011->5012 5013 4025ef 5011->5013 5015 402b2c 17 API calls 5012->5015 5014 402b0a 17 API calls 5013->5014 5017 4025f8 5014->5017 5016 40260a lstrlenA 5015->5016 5016->5017 5018 40262c 5017->5018 5019 405c50 WriteFile 5017->5019 5019->5018 4221 40326b SetErrorMode GetVersion 4222 4032ac 4221->4222 4223 4032b2 4221->4223 4224 4063a8 5 API calls 4222->4224 4225 40633a 3 API calls 4223->4225 4224->4223 4226 4032c8 lstrlenA 4225->4226 4226->4223 4227 4032d7 4226->4227 4228 4063a8 5 API calls 4227->4228 4229 4032de 4228->4229 4230 4063a8 5 API calls 4229->4230 4231 4032e5 4230->4231 4232 4063a8 5 API calls 4231->4232 4233 4032f1 #17 OleInitialize SHGetFileInfoA 4232->4233 4311 406010 lstrcpynA 4233->4311 4236 40333d GetCommandLineA 4312 406010 lstrcpynA 4236->4312 4238 40334f 4239 4059d3 CharNextA 4238->4239 4240 403378 CharNextA 4239->4240 4249 403388 4240->4249 4241 403452 4242 403465 GetTempPathA 4241->4242 4313 40323a 4242->4313 4244 40347d 4245 403481 GetWindowsDirectoryA lstrcatA 4244->4245 4246 4034d7 DeleteFileA 4244->4246 4248 40323a 12 API calls 4245->4248 4323 402dc4 GetTickCount GetModuleFileNameA 4246->4323 4247 4059d3 CharNextA 4247->4249 4251 40349d 4248->4251 4249->4241 4249->4247 4252 403454 4249->4252 4251->4246 4254 4034a1 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 4251->4254 4407 406010 lstrcpynA 4252->4407 4253 4034eb 4255 403581 4253->4255 4258 403571 4253->4258 4262 4059d3 CharNextA 4253->4262 4257 40323a 12 API calls 4254->4257 4424 403753 4255->4424 4260 4034cf 4257->4260 4351 40382d 4258->4351 4260->4246 4260->4255 4266 403506 4262->4266 4264 4036b9 4268 4036c1 GetCurrentProcess OpenProcessToken 4264->4268 4269 40373b ExitProcess 4264->4269 4265 40359b 4267 40572c MessageBoxIndirectA 4265->4267 4272 4035b1 4266->4272 4273 40354c 4266->4273 4271 4035a9 ExitProcess 4267->4271 4274 40370c 4268->4274 4275 4036dc LookupPrivilegeValueA AdjustTokenPrivileges 4268->4275 4431 405697 4272->4431 4408 405a96 4273->4408 4278 4063a8 5 API calls 4274->4278 4275->4274 4281 403713 4278->4281 4284 403728 ExitWindowsEx 4281->4284 4287 403734 4281->4287 4282 4035d2 lstrcatA lstrcmpiA 4282->4255 4286 4035ee 4282->4286 4283 4035c7 lstrcatA 4283->4282 4284->4269 4284->4287 4289 4035f3 4286->4289 4290 4035fa 4286->4290 4291 40140b 2 API calls 4287->4291 4288 403566 4423 406010 lstrcpynA 4288->4423 4434 4055fd CreateDirectoryA 4289->4434 4439 40567a CreateDirectoryA 4290->4439 4291->4269 4296 4035ff SetCurrentDirectoryA 4297 403619 4296->4297 4298 40360e 4296->4298 4443 406010 lstrcpynA 4297->4443 4442 406010 lstrcpynA 4298->4442 4301 406032 17 API calls 4302 403658 DeleteFileA 4301->4302 4303 403665 CopyFileA 4302->4303 4305 403627 4302->4305 4303->4305 4304 4036ad 4306 405def 36 API calls 4304->4306 4305->4301 4305->4304 4308 406032 17 API calls 4305->4308 4309 4056af 2 API calls 4305->4309 4310 403699 CloseHandle 4305->4310 4444 405def MoveFileExA 4305->4444 4306->4255 4308->4305 4309->4305 4310->4305 4311->4236 4312->4238 4314 40627a 5 API calls 4313->4314 4316 403246 4314->4316 4315 403250 4315->4244 4316->4315 4448 4059a8 lstrlenA CharPrevA 4316->4448 4319 40567a 2 API calls 4320 40325e 4319->4320 4321 405bd8 2 API calls 4320->4321 4322 403269 4321->4322 4322->4244 4451 405ba9 GetFileAttributesA CreateFileA 4323->4451 4325 402e04 4344 402e14 4325->4344 4452 406010 lstrcpynA 4325->4452 4327 402e2a 4453 4059ef lstrlenA 4327->4453 4331 402e3b GetFileSize 4332 402f35 4331->4332 4350 402e52 4331->4350 4458 402d60 4332->4458 4334 402f3e 4336 402f6e GlobalAlloc 4334->4336 4334->4344 4470 403223 SetFilePointer 4334->4470 4335 40320d ReadFile 4335->4350 4469 403223 SetFilePointer 4336->4469 4339 402fa1 4341 402d60 6 API calls 4339->4341 4340 402f89 4343 402ffb 31 API calls 4340->4343 4341->4344 4342 402f57 4345 40320d ReadFile 4342->4345 4348 402f95 4343->4348 4344->4253 4346 402f62 4345->4346 4346->4336 4346->4344 4347 402d60 6 API calls 4347->4350 4348->4344 4348->4348 4349 402fd2 SetFilePointer 4348->4349 4349->4344 4350->4332 4350->4335 4350->4339 4350->4344 4350->4347 4352 4063a8 5 API calls 4351->4352 4353 403841 4352->4353 4354 403847 4353->4354 4355 403859 4353->4355 4486 405f6e wsprintfA 4354->4486 4356 405ef7 3 API calls 4355->4356 4357 403884 4356->4357 4358 4038a2 lstrcatA 4357->4358 4360 405ef7 3 API calls 4357->4360 4361 403857 4358->4361 4360->4358 4471 403af2 4361->4471 4364 405a96 18 API calls 4365 4038d4 4364->4365 4366 40395d 4365->4366 4368 405ef7 3 API calls 4365->4368 4367 405a96 18 API calls 4366->4367 4369 403963 4367->4369 4370 403900 4368->4370 4371 403973 LoadImageA 4369->4371 4372 406032 17 API calls 4369->4372 4370->4366 4377 40391c lstrlenA 4370->4377 4378 4059d3 CharNextA 4370->4378 4373 403a19 4371->4373 4374 40399a RegisterClassA 4371->4374 4372->4371 4376 40140b 2 API calls 4373->4376 4375 4039d0 SystemParametersInfoA CreateWindowExA 4374->4375 4406 403a23 4374->4406 4375->4373 4381 403a1f 4376->4381 4379 403950 4377->4379 4380 40392a lstrcmpiA 4377->4380 4382 40391a 4378->4382 4384 4059a8 3 API calls 4379->4384 4380->4379 4383 40393a GetFileAttributesA 4380->4383 4386 403af2 18 API calls 4381->4386 4381->4406 4382->4377 4385 403946 4383->4385 4387 403956 4384->4387 4385->4379 4388 4059ef 2 API calls 4385->4388 4389 403a30 4386->4389 4487 406010 lstrcpynA 4387->4487 4388->4379 4391 403a3c ShowWindow 4389->4391 4392 403abf 4389->4392 4394 40633a 3 API calls 4391->4394 4479 405209 OleInitialize 4392->4479 4396 403a54 4394->4396 4395 403ac5 4397 403ae1 4395->4397 4398 403ac9 4395->4398 4399 403a62 GetClassInfoA 4396->4399 4403 40633a 3 API calls 4396->4403 4402 40140b 2 API calls 4397->4402 4405 40140b 2 API calls 4398->4405 4398->4406 4400 403a76 GetClassInfoA RegisterClassA 4399->4400 4401 403a8c DialogBoxParamA 4399->4401 4400->4401 4404 40140b 2 API calls 4401->4404 4402->4406 4403->4399 4404->4406 4405->4406 4406->4255 4407->4242 4489 406010 lstrcpynA 4408->4489 4410 405aa7 4490 405a41 CharNextA CharNextA 4410->4490 4413 403557 4413->4255 4422 406010 lstrcpynA 4413->4422 4414 40627a 5 API calls 4415 405abd 4414->4415 4415->4413 4416 405ae8 lstrlenA 4415->4416 4421 4059ef 2 API calls 4415->4421 4496 406313 FindFirstFileA 4415->4496 4416->4415 4417 405af3 4416->4417 4418 4059a8 3 API calls 4417->4418 4420 405af8 GetFileAttributesA 4418->4420 4420->4413 4421->4416 4422->4288 4423->4258 4425 40376b 4424->4425 4426 40375d CloseHandle 4424->4426 4499 403798 4425->4499 4426->4425 4432 4063a8 5 API calls 4431->4432 4433 4035b6 lstrcatA 4432->4433 4433->4282 4433->4283 4435 4035f8 4434->4435 4436 40564e GetLastError 4434->4436 4435->4296 4436->4435 4437 40565d SetFileSecurityA 4436->4437 4437->4435 4438 405673 GetLastError 4437->4438 4438->4435 4440 40568a 4439->4440 4441 40568e GetLastError 4439->4441 4440->4296 4441->4440 4442->4297 4443->4305 4445 405e03 4444->4445 4447 405e10 4444->4447 4553 405c7f 4445->4553 4447->4305 4449 4059c2 lstrcatA 4448->4449 4450 403258 4448->4450 4449->4450 4450->4319 4451->4325 4452->4327 4454 4059fc 4453->4454 4455 405a01 CharPrevA 4454->4455 4456 402e30 4454->4456 4455->4454 4455->4456 4457 406010 lstrcpynA 4456->4457 4457->4331 4459 402d81 4458->4459 4460 402d69 4458->4460 4463 402d91 GetTickCount 4459->4463 4464 402d89 4459->4464 4461 402d72 DestroyWindow 4460->4461 4462 402d79 4460->4462 4461->4462 4462->4334 4465 402dc2 4463->4465 4466 402d9f CreateDialogParamA ShowWindow 4463->4466 4467 4063e4 2 API calls 4464->4467 4465->4334 4466->4465 4468 402d8f 4467->4468 4468->4334 4469->4340 4470->4342 4472 403b06 4471->4472 4488 405f6e wsprintfA 4472->4488 4474 403b77 4475 403bab 18 API calls 4474->4475 4477 403b7c 4475->4477 4476 4038b2 4476->4364 4477->4476 4478 406032 17 API calls 4477->4478 4478->4477 4480 4040ea SendMessageA 4479->4480 4483 40522c 4480->4483 4481 405253 4482 4040ea SendMessageA 4481->4482 4484 405265 OleUninitialize 4482->4484 4483->4481 4485 401389 2 API calls 4483->4485 4484->4395 4485->4483 4486->4361 4487->4366 4488->4474 4489->4410 4491 405a5c 4490->4491 4494 405a6c 4490->4494 4493 405a67 CharNextA 4491->4493 4491->4494 4492 405a8c 4492->4413 4492->4414 4493->4492 4494->4492 4495 4059d3 CharNextA 4494->4495 4495->4494 4497 406329 FindClose 4496->4497 4498 406334 4496->4498 4497->4498 4498->4415 4500 4037a6 4499->4500 4501 4037ab FreeLibrary GlobalFree 4500->4501 4502 403770 4500->4502 4501->4501 4501->4502 4503 4057d8 4502->4503 4504 405a96 18 API calls 4503->4504 4505 4057f8 4504->4505 4506 405800 DeleteFileA 4505->4506 4507 405817 4505->4507 4511 40358a OleUninitialize 4506->4511 4508 405945 4507->4508 4543 406010 lstrcpynA 4507->4543 4508->4511 4514 406313 2 API calls 4508->4514 4510 40583d 4512 405850 4510->4512 4513 405843 lstrcatA 4510->4513 4511->4264 4511->4265 4516 4059ef 2 API calls 4512->4516 4515 405856 4513->4515 4517 405969 4514->4517 4518 405864 lstrcatA 4515->4518 4520 40586f lstrlenA FindFirstFileA 4515->4520 4516->4515 4517->4511 4519 40596d 4517->4519 4518->4520 4521 4059a8 3 API calls 4519->4521 4520->4508 4525 405893 4520->4525 4523 405973 4521->4523 4522 4059d3 CharNextA 4522->4525 4524 405790 5 API calls 4523->4524 4526 40597f 4524->4526 4525->4522 4530 405924 FindNextFileA 4525->4530 4539 4058e5 4525->4539 4544 406010 lstrcpynA 4525->4544 4527 405983 4526->4527 4528 405999 4526->4528 4527->4511 4533 405137 24 API calls 4527->4533 4529 405137 24 API calls 4528->4529 4529->4511 4530->4525 4532 40593c FindClose 4530->4532 4532->4508 4534 405990 4533->4534 4536 405def 36 API calls 4534->4536 4538 405997 4536->4538 4537 4057d8 60 API calls 4537->4539 4538->4511 4539->4530 4539->4537 4540 405137 24 API calls 4539->4540 4541 405137 24 API calls 4539->4541 4542 405def 36 API calls 4539->4542 4545 405790 4539->4545 4540->4530 4541->4539 4542->4539 4543->4510 4544->4525 4546 405b84 2 API calls 4545->4546 4547 40579c 4546->4547 4548 4057b3 DeleteFileA 4547->4548 4549 4057ab RemoveDirectoryA 4547->4549 4551 4057bd 4547->4551 4550 4057b9 4548->4550 4549->4550 4550->4551 4552 4057c9 SetFileAttributesA 4550->4552 4551->4539 4552->4551 4554 405ca5 4553->4554 4555 405ccb GetShortPathNameA 4553->4555 4580 405ba9 GetFileAttributesA CreateFileA 4554->4580 4557 405ce0 4555->4557 4558 405dea 4555->4558 4557->4558 4560 405ce8 wsprintfA 4557->4560 4558->4447 4559 405caf CloseHandle GetShortPathNameA 4559->4558 4561 405cc3 4559->4561 4562 406032 17 API calls 4560->4562 4561->4555 4561->4558 4563 405d10 4562->4563 4581 405ba9 GetFileAttributesA CreateFileA 4563->4581 4565 405d1d 4565->4558 4566 405d2c GetFileSize GlobalAlloc 4565->4566 4567 405de3 CloseHandle 4566->4567 4568 405d4e 4566->4568 4567->4558 4569 405c21 ReadFile 4568->4569 4570 405d56 4569->4570 4570->4567 4582 405b0e lstrlenA 4570->4582 4573 405d81 4575 405b0e 4 API calls 4573->4575 4574 405d6d lstrcpyA 4578 405d8f 4574->4578 4575->4578 4576 405dc6 SetFilePointer 4577 405c50 WriteFile 4576->4577 4579 405ddc GlobalFree 4577->4579 4578->4576 4579->4567 4580->4559 4581->4565 4583 405b4f lstrlenA 4582->4583 4584 405b57 4583->4584 4585 405b28 lstrcmpiA 4583->4585 4584->4573 4584->4574 4585->4584 4586 405b46 CharNextA 4585->4586 4586->4583 5020 4037eb 5021 4037f6 5020->5021 5022 4037fa 5021->5022 5023 4037fd GlobalAlloc 5021->5023 5023->5022 5024 7391103d 5025 7391101b 5 API calls 5024->5025 5026 73911056 5025->5026 5027 4019ed 5028 402b2c 17 API calls 5027->5028 5029 4019f4 5028->5029 5030 402b2c 17 API calls 5029->5030 5031 4019fd 5030->5031 5032 401a04 lstrcmpiA 5031->5032 5033 401a16 lstrcmpA 5031->5033 5034 401a0a 5032->5034 5033->5034 4587 4026ef 4588 4026f6 4587->4588 4590 402965 4587->4590 4589 402b0a 17 API calls 4588->4589 4591 4026fd 4589->4591 4592 40270c SetFilePointer 4591->4592 4592->4590 4593 40271c 4592->4593 4595 405f6e wsprintfA 4593->4595 4595->4590 5035 40156f 5036 401586 5035->5036 5037 40157f ShowWindow 5035->5037 5038 401594 ShowWindow 5036->5038 5039 4029b8 5036->5039 5037->5036 5038->5039 4596 73912921 4597 73912971 4596->4597 4598 73912931 VirtualProtect 4596->4598 4598->4597 5040 4014f4 SetForegroundWindow 5041 4029b8 5040->5041 4605 405275 4606 405420 4605->4606 4607 405297 GetDlgItem GetDlgItem GetDlgItem 4605->4607 4609 405450 4606->4609 4610 405428 GetDlgItem CreateThread FindCloseChangeNotification 4606->4610 4650 4040d3 SendMessageA 4607->4650 4612 40547e 4609->4612 4613 405466 ShowWindow ShowWindow 4609->4613 4614 40549f 4609->4614 4610->4609 4653 405209 5 API calls 4610->4653 4611 405307 4616 40530e GetClientRect GetSystemMetrics SendMessageA SendMessageA 4611->4616 4615 4054d9 4612->4615 4618 4054b2 ShowWindow 4612->4618 4619 40548e 4612->4619 4652 4040d3 SendMessageA 4613->4652 4620 404105 8 API calls 4614->4620 4615->4614 4623 4054e6 SendMessageA 4615->4623 4621 405360 SendMessageA SendMessageA 4616->4621 4622 40537c 4616->4622 4626 4054d2 4618->4626 4627 4054c4 4618->4627 4624 404077 SendMessageA 4619->4624 4625 4054ab 4620->4625 4621->4622 4630 405381 SendMessageA 4622->4630 4631 40538f 4622->4631 4623->4625 4632 4054ff CreatePopupMenu 4623->4632 4624->4614 4629 404077 SendMessageA 4626->4629 4628 405137 24 API calls 4627->4628 4628->4626 4629->4615 4630->4631 4634 40409e 18 API calls 4631->4634 4633 406032 17 API calls 4632->4633 4635 40550f AppendMenuA 4633->4635 4636 40539f 4634->4636 4637 405540 TrackPopupMenu 4635->4637 4638 40552d GetWindowRect 4635->4638 4639 4053a8 ShowWindow 4636->4639 4640 4053dc GetDlgItem SendMessageA 4636->4640 4637->4625 4642 40555c 4637->4642 4638->4637 4643 4053cb 4639->4643 4644 4053be ShowWindow 4639->4644 4640->4625 4641 405403 SendMessageA SendMessageA 4640->4641 4641->4625 4645 40557b SendMessageA 4642->4645 4651 4040d3 SendMessageA 4643->4651 4644->4643 4645->4645 4646 405598 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4645->4646 4648 4055ba SendMessageA 4646->4648 4648->4648 4649 4055dc GlobalUnlock SetClipboardData CloseClipboard 4648->4649 4649->4625 4650->4611 4651->4640 4652->4612 5042 401cfb 5043 402b0a 17 API calls 5042->5043 5044 401d02 5043->5044 5045 402b0a 17 API calls 5044->5045 5046 401d0e GetDlgItem 5045->5046 5047 4025e4 5046->5047 5048 4018fd 5049 401934 5048->5049 5050 402b2c 17 API calls 5049->5050 5051 401939 5050->5051 5052 4057d8 67 API calls 5051->5052 5053 401942 5052->5053 5054 401dff GetDC 5055 402b0a 17 API calls 5054->5055 5056 401e11 GetDeviceCaps MulDiv ReleaseDC 5055->5056 5057 402b0a 17 API calls 5056->5057 5058 401e42 5057->5058 5059 406032 17 API calls 5058->5059 5060 401e7f CreateFontIndirectA 5059->5060 5061 4025e4 5060->5061 5062 739115d1 5063 739114bb GlobalFree 5062->5063 5066 739115e9 5063->5066 5064 7391162f GlobalFree 5065 73911604 5065->5064 5066->5064 5066->5065 5067 7391161b VirtualFree 5066->5067 5067->5064 5068 401000 5069 401037 BeginPaint GetClientRect 5068->5069 5070 40100c DefWindowProcA 5068->5070 5072 4010f3 5069->5072 5073 401179 5070->5073 5074 401073 CreateBrushIndirect FillRect DeleteObject 5072->5074 5075 4010fc 5072->5075 5074->5072 5076 401102 CreateFontIndirectA 5075->5076 5077 401167 EndPaint 5075->5077 5076->5077 5078 401112 6 API calls 5076->5078 5077->5073 5078->5077 5079 401900 5080 402b2c 17 API calls 5079->5080 5081 401907 5080->5081 5082 40572c MessageBoxIndirectA 5081->5082 5083 401910 5082->5083 5084 404881 5085 404891 5084->5085 5086 4048ad 5084->5086 5095 405710 GetDlgItemTextA 5085->5095 5088 4048e0 5086->5088 5089 4048b3 SHGetPathFromIDListA 5086->5089 5091 4048ca SendMessageA 5089->5091 5092 4048c3 5089->5092 5090 40489e SendMessageA 5090->5086 5091->5088 5094 40140b 2 API calls 5092->5094 5094->5091 5095->5090 5096 401502 5097 40150a 5096->5097 5099 40151d 5096->5099 5098 402b0a 17 API calls 5097->5098 5098->5099 5100 404209 5101 40432b 5100->5101 5102 40421f 5100->5102 5103 40439a 5101->5103 5105 404464 5101->5105 5109 40436f GetDlgItem SendMessageA 5101->5109 5104 40409e 18 API calls 5102->5104 5103->5105 5106 4043a4 GetDlgItem 5103->5106 5107 404275 5104->5107 5111 404105 8 API calls 5105->5111 5108 4043ba 5106->5108 5112 404422 5106->5112 5110 40409e 18 API calls 5107->5110 5108->5112 5116 4043e0 SendMessageA LoadCursorA SetCursor 5108->5116 5133 4040c0 KiUserCallbackDispatcher 5109->5133 5114 404282 CheckDlgButton 5110->5114 5115 40445f 5111->5115 5112->5105 5117 404434 5112->5117 5131 4040c0 KiUserCallbackDispatcher 5114->5131 5137 4044ad 5116->5137 5121 40443a SendMessageA 5117->5121 5122 40444b 5117->5122 5118 404395 5134 404489 5118->5134 5121->5122 5122->5115 5123 404451 SendMessageA 5122->5123 5123->5115 5125 4042a0 GetDlgItem 5132 4040d3 SendMessageA 5125->5132 5128 4042b6 SendMessageA 5129 4042d4 GetSysColor 5128->5129 5130 4042dd SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5128->5130 5129->5130 5130->5115 5131->5125 5132->5128 5133->5118 5135 404497 5134->5135 5136 40449c SendMessageA 5134->5136 5135->5136 5136->5103 5140 4056f2 ShellExecuteExA 5137->5140 5139 404413 LoadCursorA SetCursor 5139->5112 5140->5139 5141 73911058 5143 73911074 5141->5143 5142 739110dc 5143->5142 5144 739114bb GlobalFree 5143->5144 5145 73911091 5143->5145 5144->5145 5146 739114bb GlobalFree 5145->5146 5147 739110a1 5146->5147 5148 739110b1 5147->5148 5149 739110a8 GlobalSize 5147->5149 5150 739110b5 GlobalAlloc 5148->5150 5151 739110c6 5148->5151 5149->5148 5152 739114e2 3 API calls 5150->5152 5153 739110d1 GlobalFree 5151->5153 5152->5151 5153->5142 4199 401c0a 4200 402b0a 17 API calls 4199->4200 4201 401c11 4200->4201 4202 402b0a 17 API calls 4201->4202 4203 401c1e 4202->4203 4205 401c33 4203->4205 4206 402b2c 17 API calls 4203->4206 4204 401c43 4208 401c9a 4204->4208 4209 401c4e 4204->4209 4205->4204 4207 402b2c 17 API calls 4205->4207 4206->4205 4207->4204 4211 402b2c 17 API calls 4208->4211 4210 402b0a 17 API calls 4209->4210 4212 401c53 4210->4212 4213 401c9f 4211->4213 4214 402b0a 17 API calls 4212->4214 4215 402b2c 17 API calls 4213->4215 4217 401c5f 4214->4217 4216 401ca8 FindWindowExA 4215->4216 4220 401cc6 4216->4220 4218 401c8a SendMessageA 4217->4218 4219 401c6c SendMessageTimeoutA 4217->4219 4218->4220 4219->4220 5154 739116db 5155 7391170b 5154->5155 5156 73911a98 18 API calls 5155->5156 5157 73911712 5156->5157 5158 73911834 5157->5158 5159 73911729 5157->5159 5193 739122af 5157->5193 5197 739122f1 5159->5197 5163 73911770 5220 739124d8 5163->5220 5164 7391178e 5169 73911794 5164->5169 5170 739117dc 5164->5170 5165 73911740 5168 73911746 5165->5168 5174 73911751 5165->5174 5166 73911759 5178 7391174f 5166->5178 5217 73912cc3 5166->5217 5168->5178 5207 73912a38 5168->5207 5176 7391156b 2 API calls 5169->5176 5172 739124d8 10 API calls 5170->5172 5183 739117cd 5172->5183 5173 73911776 5177 73911559 3 API calls 5173->5177 5211 739126b2 5174->5211 5180 739117ae 5176->5180 5181 7391177c 5177->5181 5178->5163 5178->5164 5182 739124d8 10 API calls 5180->5182 5185 73911266 2 API calls 5181->5185 5182->5183 5184 73911823 5183->5184 5231 7391249e 5183->5231 5184->5158 5186 7391182d GlobalFree 5184->5186 5188 73911782 GlobalFree 5185->5188 5186->5158 5188->5183 5190 7391180f 5190->5184 5192 739114e2 3 API calls 5190->5192 5191 73911808 FreeLibrary 5191->5190 5192->5184 5194 739122c4 5193->5194 5195 739122cf GlobalAlloc 5194->5195 5196 739122ee 5194->5196 5195->5194 5196->5159 5204 7391230a 5197->5204 5198 73911224 GlobalAlloc lstrcpynA 5198->5204 5200 73912446 GlobalFree 5202 73911730 5200->5202 5200->5204 5201 739123b8 GlobalAlloc MultiByteToWideChar 5203 739123e4 GlobalAlloc 5201->5203 5201->5204 5202->5165 5202->5166 5202->5178 5205 739123fc GlobalFree 5203->5205 5204->5198 5204->5200 5204->5201 5235 739112ad 5204->5235 5239 73912646 5204->5239 5205->5200 5210 73912a4a 5207->5210 5209 73912bd9 5209->5178 5242 739129e4 5210->5242 5215 739126e2 5211->5215 5212 73912790 5214 73912796 GlobalSize 5212->5214 5216 739127a0 5212->5216 5213 7391277d GlobalAlloc 5213->5216 5214->5216 5215->5212 5215->5213 5216->5178 5218 73912cce 5217->5218 5219 73912d0e GlobalFree 5218->5219 5246 73911215 GlobalAlloc 5220->5246 5222 73912563 lstrcpynA 5228 739124e4 5222->5228 5223 73912598 WideCharToMultiByte 5223->5228 5224 739125b9 wsprintfA 5224->5228 5225 739125dd GlobalFree 5225->5228 5226 73912583 WideCharToMultiByte 5226->5228 5227 73912617 GlobalFree 5227->5173 5228->5222 5228->5223 5228->5224 5228->5225 5228->5226 5228->5227 5229 73911266 2 API calls 5228->5229 5247 739112d1 5228->5247 5229->5228 5232 739124ac 5231->5232 5233 739117ef 5231->5233 5232->5233 5234 739124c5 GlobalFree 5232->5234 5233->5190 5233->5191 5234->5232 5236 739112b4 5235->5236 5237 73911224 2 API calls 5236->5237 5238 739112cf 5237->5238 5238->5204 5240 73912654 VirtualAlloc 5239->5240 5241 739126aa 5239->5241 5240->5241 5241->5204 5243 739129ef 5242->5243 5244 739129f4 GetLastError 5243->5244 5245 739129ff 5243->5245 5244->5245 5245->5209 5246->5228 5248 739112f9 5247->5248 5249 739112da 5247->5249 5248->5228 5249->5248 5250 739112e0 lstrcpyA 5249->5250 5250->5248 5251 7391225a 5252 739122c4 5251->5252 5253 739122cf GlobalAlloc 5252->5253 5254 739122ee 5252->5254 5253->5252 5255 401e8f 5256 402b0a 17 API calls 5255->5256 5257 401e95 5256->5257 5258 402b0a 17 API calls 5257->5258 5259 401ea1 5258->5259 5260 401eb8 EnableWindow 5259->5260 5261 401ead ShowWindow 5259->5261 5262 4029b8 5260->5262 5261->5262 5263 401490 5264 405137 24 API calls 5263->5264 5265 401497 5264->5265 5266 402993 SendMessageA 5267 4029b8 5266->5267 5268 4029ad InvalidateRect 5266->5268 5268->5267 5269 401f98 5270 402b2c 17 API calls 5269->5270 5271 401f9f 5270->5271 5272 406313 2 API calls 5271->5272 5273 401fa5 5272->5273 5275 401fb7 5273->5275 5276 405f6e wsprintfA 5273->5276 5276->5275 5277 40149d 5278 4014ab PostQuitMessage 5277->5278 5279 40234e 5277->5279 5278->5279 5280 40159d 5281 402b2c 17 API calls 5280->5281 5282 4015a4 SetFileAttributesA 5281->5282 5283 4015b6 5282->5283 5284 401a1e 5285 402b2c 17 API calls 5284->5285 5286 401a27 ExpandEnvironmentStringsA 5285->5286 5287 401a3b 5286->5287 5289 401a4e 5286->5289 5288 401a40 lstrcmpA 5287->5288 5287->5289 5288->5289 5295 40171f 5296 402b2c 17 API calls 5295->5296 5297 401726 SearchPathA 5296->5297 5298 401741 5297->5298 5299 401d20 5300 402b0a 17 API calls 5299->5300 5301 401d2e SetWindowLongA 5300->5301 5302 4029b8 5301->5302 3877 402721 3878 402727 3877->3878 3879 4029b8 3878->3879 3880 40272f FindClose 3878->3880 3880->3879 3908 4027a3 3909 402b2c 17 API calls 3908->3909 3910 4027b1 3909->3910 3911 4027c7 3910->3911 3912 402b2c 17 API calls 3910->3912 3936 405b84 GetFileAttributesA 3911->3936 3912->3911 3916 4027da 3917 4027e6 GlobalAlloc 3916->3917 3918 40287d 3916->3918 3921 402874 FindCloseChangeNotification 3917->3921 3922 4027ff 3917->3922 3919 402885 DeleteFileA 3918->3919 3920 402898 3918->3920 3919->3920 3921->3918 3940 403223 SetFilePointer 3922->3940 3924 402805 3941 40320d 3924->3941 3927 402852 3964 405c50 WriteFile 3927->3964 3928 40281e 3944 402ffb 3928->3944 3932 402ffb 31 API calls 3934 402871 3932->3934 3933 402849 GlobalFree 3933->3927 3934->3921 3935 40282b 3935->3933 3937 4027cd 3936->3937 3938 405b96 SetFileAttributesA 3936->3938 3939 405ba9 GetFileAttributesA CreateFileA 3937->3939 3938->3937 3939->3916 3940->3924 3966 405c21 ReadFile 3941->3966 3945 403011 3944->3945 3946 40303f 3945->3946 3979 403223 SetFilePointer 3945->3979 3948 40320d ReadFile 3946->3948 3949 40304a 3948->3949 3950 4031a6 3949->3950 3951 40305c GetTickCount 3949->3951 3953 403190 3949->3953 3952 4031e8 3950->3952 3957 4031aa 3950->3957 3951->3953 3960 4030ab 3951->3960 3954 40320d ReadFile 3952->3954 3953->3935 3954->3953 3955 40320d ReadFile 3955->3960 3956 40320d ReadFile 3956->3957 3957->3953 3957->3956 3958 405c50 WriteFile 3957->3958 3958->3957 3959 403101 GetTickCount 3959->3960 3960->3953 3960->3955 3960->3959 3961 403126 MulDiv wsprintfA 3960->3961 3963 405c50 WriteFile 3960->3963 3968 405137 3961->3968 3963->3960 3965 40285e GlobalFree 3964->3965 3965->3932 3967 40280e GlobalAlloc 3966->3967 3967->3927 3967->3928 3969 405152 3968->3969 3978 4051f5 3968->3978 3970 40516f lstrlenA 3969->3970 3971 406032 17 API calls 3969->3971 3972 405198 3970->3972 3973 40517d lstrlenA 3970->3973 3971->3970 3975 4051ab 3972->3975 3976 40519e SetWindowTextA 3972->3976 3974 40518f lstrcatA 3973->3974 3973->3978 3974->3972 3977 4051b1 SendMessageA SendMessageA SendMessageA 3975->3977 3975->3978 3976->3975 3977->3978 3978->3960 3979->3946 5303 404aa3 GetDlgItem GetDlgItem 5304 404af9 7 API calls 5303->5304 5308 404d20 5303->5308 5305 404ba1 DeleteObject 5304->5305 5306 404b95 SendMessageA 5304->5306 5307 404bac 5305->5307 5306->5305 5309 404be3 5307->5309 5311 406032 17 API calls 5307->5311 5313 404e02 5308->5313 5334 404d8f 5308->5334 5356 4049f1 SendMessageA 5308->5356 5312 40409e 18 API calls 5309->5312 5310 404eae 5314 404eb8 SendMessageA 5310->5314 5321 404ec0 5310->5321 5315 404bc5 SendMessageA SendMessageA 5311->5315 5316 404bf7 5312->5316 5313->5310 5318 404e5b SendMessageA 5313->5318 5346 404d13 5313->5346 5314->5321 5315->5307 5317 40409e 18 API calls 5316->5317 5335 404c08 5317->5335 5324 404e70 SendMessageA 5318->5324 5318->5346 5319 404105 8 API calls 5325 4050a4 5319->5325 5320 404df4 SendMessageA 5320->5313 5326 404ed2 ImageList_Destroy 5321->5326 5327 404ed9 5321->5327 5331 404ee9 5321->5331 5323 405058 5332 40506a ShowWindow GetDlgItem ShowWindow 5323->5332 5323->5346 5329 404e83 5324->5329 5326->5327 5330 404ee2 GlobalFree 5327->5330 5327->5331 5328 404ce2 GetWindowLongA SetWindowLongA 5333 404cfb 5328->5333 5340 404e94 SendMessageA 5329->5340 5330->5331 5331->5323 5350 404f24 5331->5350 5361 404a71 5331->5361 5332->5346 5336 404d00 ShowWindow 5333->5336 5337 404d18 5333->5337 5334->5313 5334->5320 5335->5328 5339 404c5a SendMessageA 5335->5339 5341 404cdd 5335->5341 5343 404c98 SendMessageA 5335->5343 5344 404cac SendMessageA 5335->5344 5354 4040d3 SendMessageA 5336->5354 5355 4040d3 SendMessageA 5337->5355 5339->5335 5340->5310 5341->5328 5341->5333 5343->5335 5344->5335 5346->5319 5347 40502e InvalidateRect 5347->5323 5348 405044 5347->5348 5370 4049ac 5348->5370 5349 404f52 SendMessageA 5353 404f68 5349->5353 5350->5349 5350->5353 5352 404fdc SendMessageA SendMessageA 5352->5353 5353->5347 5353->5352 5354->5346 5355->5308 5357 404a50 SendMessageA 5356->5357 5358 404a14 GetMessagePos ScreenToClient SendMessageA 5356->5358 5359 404a48 5357->5359 5358->5359 5360 404a4d 5358->5360 5359->5334 5360->5357 5373 406010 lstrcpynA 5361->5373 5363 404a84 5374 405f6e wsprintfA 5363->5374 5365 404a8e 5366 40140b 2 API calls 5365->5366 5367 404a97 5366->5367 5375 406010 lstrcpynA 5367->5375 5369 404a9e 5369->5350 5376 4048e7 5370->5376 5372 4049c1 5372->5323 5373->5363 5374->5365 5375->5369 5377 4048fd 5376->5377 5378 406032 17 API calls 5377->5378 5379 404961 5378->5379 5380 406032 17 API calls 5379->5380 5381 40496c 5380->5381 5382 406032 17 API calls 5381->5382 5383 404982 lstrlenA wsprintfA SetDlgItemTextA 5382->5383 5383->5372 5384 4023a7 5385 402b2c 17 API calls 5384->5385 5386 4023b8 5385->5386 5387 402b2c 17 API calls 5386->5387 5388 4023c1 5387->5388 5389 402b2c 17 API calls 5388->5389 5390 4023cb GetPrivateProfileStringA 5389->5390 5391 4050ab 5392 4050bb 5391->5392 5393 4050cf 5391->5393 5395 4050c1 5392->5395 5396 405118 5392->5396 5394 4050d7 IsWindowVisible 5393->5394 5398 4050ee 5393->5398 5394->5396 5397 4050e4 5394->5397 5400 4040ea SendMessageA 5395->5400 5399 40511d CallWindowProcA 5396->5399 5402 4049f1 5 API calls 5397->5402 5398->5399 5403 404a71 4 API calls 5398->5403 5401 4050cb 5399->5401 5400->5401 5402->5398 5403->5396 5404 40292c 5405 402b0a 17 API calls 5404->5405 5406 402932 5405->5406 5407 402967 5406->5407 5408 402944 5406->5408 5410 402783 5406->5410 5409 406032 17 API calls 5407->5409 5407->5410 5408->5410 5412 405f6e wsprintfA 5408->5412 5409->5410 5412->5410 5413 404530 5414 40455c 5413->5414 5415 40456d 5413->5415 5474 405710 GetDlgItemTextA 5414->5474 5417 404579 GetDlgItem 5415->5417 5450 4045d8 5415->5450 5421 40458d 5417->5421 5418 404567 5420 40627a 5 API calls 5418->5420 5419 4046bc 5422 404866 5419->5422 5476 405710 GetDlgItemTextA 5419->5476 5420->5415 5424 4045a1 SetWindowTextA 5421->5424 5429 405a41 4 API calls 5421->5429 5428 404105 8 API calls 5422->5428 5427 40409e 18 API calls 5424->5427 5425 4046ec 5430 405a96 18 API calls 5425->5430 5426 406032 17 API calls 5431 40464c SHBrowseForFolderA 5426->5431 5432 4045bd 5427->5432 5433 40487a 5428->5433 5434 404597 5429->5434 5435 4046f2 5430->5435 5431->5419 5436 404664 CoTaskMemFree 5431->5436 5437 40409e 18 API calls 5432->5437 5434->5424 5438 4059a8 3 API calls 5434->5438 5477 406010 lstrcpynA 5435->5477 5439 4059a8 3 API calls 5436->5439 5440 4045cb 5437->5440 5438->5424 5441 404671 5439->5441 5475 4040d3 SendMessageA 5440->5475 5444 4046a8 SetDlgItemTextA 5441->5444 5449 406032 17 API calls 5441->5449 5444->5419 5445 4045d1 5447 4063a8 5 API calls 5445->5447 5446 404709 5448 4063a8 5 API calls 5446->5448 5447->5450 5457 404710 5448->5457 5451 404690 lstrcmpiA 5449->5451 5450->5419 5450->5422 5450->5426 5451->5444 5454 4046a1 lstrcatA 5451->5454 5452 40474c 5478 406010 lstrcpynA 5452->5478 5454->5444 5455 404753 5456 405a41 4 API calls 5455->5456 5458 404759 GetDiskFreeSpaceA 5456->5458 5457->5452 5460 4059ef 2 API calls 5457->5460 5462 4047a4 5457->5462 5461 40477d MulDiv 5458->5461 5458->5462 5460->5457 5461->5462 5463 404815 5462->5463 5464 4049ac 20 API calls 5462->5464 5465 404838 5463->5465 5466 40140b 2 API calls 5463->5466 5467 404802 5464->5467 5479 4040c0 KiUserCallbackDispatcher 5465->5479 5466->5465 5469 404817 SetDlgItemTextA 5467->5469 5470 404807 5467->5470 5469->5463 5472 4048e7 20 API calls 5470->5472 5471 404854 5471->5422 5473 404489 SendMessageA 5471->5473 5472->5463 5473->5422 5474->5418 5475->5445 5476->5425 5477->5446 5478->5455 5479->5471 5480 402631 5481 402b0a 17 API calls 5480->5481 5485 40263b 5481->5485 5482 4026a9 5483 405c21 ReadFile 5483->5485 5484 4026ab 5489 405f6e wsprintfA 5484->5489 5485->5482 5485->5483 5485->5484 5486 4026bb 5485->5486 5486->5482 5488 4026d1 SetFilePointer 5486->5488 5488->5482 5489->5482 5490 739110e0 5493 7391110e 5490->5493 5491 739111c4 GlobalFree 5492 739112ad 2 API calls 5492->5493 5493->5491 5493->5492 5494 739111c3 5493->5494 5495 73911266 2 API calls 5493->5495 5496 73911155 GlobalAlloc 5493->5496 5497 739111ea GlobalFree 5493->5497 5498 739112d1 lstrcpyA 5493->5498 5499 739111b1 GlobalFree 5493->5499 5494->5491 5495->5499 5496->5493 5497->5493 5498->5493 5499->5493 5500 73912be3 5501 73912bfb 5500->5501 5502 73911534 2 API calls 5501->5502 5503 73912c16 5502->5503 5504 4022b2 5505 402b2c 17 API calls 5504->5505 5506 4022b8 5505->5506 5507 402b2c 17 API calls 5506->5507 5508 4022c1 5507->5508 5509 402b2c 17 API calls 5508->5509 5510 4022ca 5509->5510 5511 406313 2 API calls 5510->5511 5512 4022d3 5511->5512 5513 4022e4 lstrlenA lstrlenA 5512->5513 5514 4022d7 5512->5514 5516 405137 24 API calls 5513->5516 5515 405137 24 API calls 5514->5515 5518 4022df 5514->5518 5515->5518 5517 402320 SHFileOperationA 5516->5517 5517->5514 5517->5518 5519 402334 5520 40233b 5519->5520 5523 40234e 5519->5523 5521 406032 17 API calls 5520->5521 5522 402348 5521->5522 5522->5523 5524 40572c MessageBoxIndirectA 5522->5524 5524->5523 5525 4014b7 5526 4014bd 5525->5526 5527 401389 2 API calls 5526->5527 5528 4014c5 5527->5528 4659 402138 4660 402b2c 17 API calls 4659->4660 4661 40213f 4660->4661 4662 402b2c 17 API calls 4661->4662 4663 402149 4662->4663 4664 402b2c 17 API calls 4663->4664 4665 402153 4664->4665 4666 402b2c 17 API calls 4665->4666 4667 40215d 4666->4667 4668 402b2c 17 API calls 4667->4668 4669 402167 4668->4669 4670 4021a9 CoCreateInstance 4669->4670 4671 402b2c 17 API calls 4669->4671 4674 4021c8 4670->4674 4676 402273 4670->4676 4671->4670 4672 401423 24 API calls 4673 4022a9 4672->4673 4675 402253 MultiByteToWideChar 4674->4675 4674->4676 4675->4676 4676->4672 4676->4673 4730 4015bb 4731 402b2c 17 API calls 4730->4731 4732 4015c2 4731->4732 4733 405a41 4 API calls 4732->4733 4746 4015ca 4733->4746 4734 401624 4735 401652 4734->4735 4736 401629 4734->4736 4740 401423 24 API calls 4735->4740 4738 401423 24 API calls 4736->4738 4737 4059d3 CharNextA 4737->4746 4739 401630 4738->4739 4749 406010 lstrcpynA 4739->4749 4745 40164a 4740->4745 4742 40567a 2 API calls 4742->4746 4743 405697 5 API calls 4743->4746 4744 40163b SetCurrentDirectoryA 4744->4745 4746->4734 4746->4737 4746->4742 4746->4743 4747 40160c GetFileAttributesA 4746->4747 4748 4055fd 4 API calls 4746->4748 4747->4746 4748->4746 4749->4744 4750 40273b 4751 402741 4750->4751 4752 402745 FindNextFileA 4751->4752 4754 402757 4751->4754 4753 402796 4752->4753 4752->4754 4756 406010 lstrcpynA 4753->4756 4756->4754 5529 4016bb 5530 402b2c 17 API calls 5529->5530 5531 4016c1 GetFullPathNameA 5530->5531 5532 4016f9 5531->5532 5533 4016d8 5531->5533 5534 4029b8 5532->5534 5535 40170d GetShortPathNameA 5532->5535 5533->5532 5536 406313 2 API calls 5533->5536 5535->5534 5537 4016e9 5536->5537 5537->5532 5539 406010 lstrcpynA 5537->5539 5539->5532 4757 40243d 4758 402b2c 17 API calls 4757->4758 4759 40244f 4758->4759 4760 402b2c 17 API calls 4759->4760 4761 402459 4760->4761 4774 402bbc 4761->4774 4764 4029b8 4765 40248e 4767 40249a 4765->4767 4769 402b0a 17 API calls 4765->4769 4766 402b2c 17 API calls 4768 402487 lstrlenA 4766->4768 4770 4024b9 RegSetValueExA 4767->4770 4771 402ffb 31 API calls 4767->4771 4768->4765 4769->4767 4772 4024cf RegCloseKey 4770->4772 4771->4770 4772->4764 4775 402bd7 4774->4775 4778 405ec4 4775->4778 4779 405ed3 4778->4779 4780 402469 4779->4780 4781 405ede RegCreateKeyExA 4779->4781 4780->4764 4780->4765 4780->4766 4781->4780 5540 401b3f 5541 402b2c 17 API calls 5540->5541 5542 401b46 5541->5542 5543 402b0a 17 API calls 5542->5543 5544 401b4f wsprintfA 5543->5544 5545 4029b8 5544->5545

                                                                                                                              Executed Functions

                                                                                                                              Function 0040326B Relevance: 89.6, APIs: 32, Strings: 19, Instructions: 366stringcomfileCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 0 40326b-4032aa SetErrorMode GetVersion 1 4032ac-4032b4 call 4063a8 0->1 2 4032bd 0->2 1->2 8 4032b6 1->8 3 4032c2-4032d5 call 40633a lstrlenA 2->3 9 4032d7-4032f3 call 4063a8 * 3 3->9 8->2 16 403304-403362 #17 OleInitialize SHGetFileInfoA call 406010 GetCommandLineA call 406010 9->16 17 4032f5-4032fb 9->17 24 403364-403369 16->24 25 40336e-403383 call 4059d3 CharNextA 16->25 17->16 22 4032fd 17->22 22->16 24->25 28 403448-40344c 25->28 29 403452 28->29 30 403388-40338b 28->30 33 403465-40347f GetTempPathA call 40323a 29->33 31 403393-40339b 30->31 32 40338d-403391 30->32 34 4033a3-4033a6 31->34 35 40339d-40339e 31->35 32->31 32->32 40 403481-40349f GetWindowsDirectoryA lstrcatA call 40323a 33->40 41 4034d7-4034f1 DeleteFileA call 402dc4 33->41 38 403438-403445 call 4059d3 34->38 39 4033ac-4033b0 34->39 35->34 38->28 57 403447 38->57 43 4033b2-4033b8 39->43 44 4033c8-4033f5 39->44 40->41 58 4034a1-4034d1 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 40323a 40->58 59 403585-403595 call 403753 OleUninitialize 41->59 60 4034f7-4034fd 41->60 50 4033ba-4033bc 43->50 51 4033be 43->51 46 4033f7-4033fd 44->46 47 403408-403436 44->47 53 403403 46->53 54 4033ff-403401 46->54 47->38 55 403454-403460 call 406010 47->55 50->44 50->51 51->44 53->47 54->47 54->53 55->33 57->28 58->41 58->59 70 4036b9-4036bf 59->70 71 40359b-4035ab call 40572c ExitProcess 59->71 63 403575-40357c call 40382d 60->63 64 4034ff-40350a call 4059d3 60->64 72 403581 63->72 77 403540-40354a 64->77 78 40350c-403535 64->78 75 4036c1-4036da GetCurrentProcess OpenProcessToken 70->75 76 40373b-403743 70->76 72->59 84 40370c-40371a call 4063a8 75->84 85 4036dc-403706 LookupPrivilegeValueA AdjustTokenPrivileges 75->85 79 403745 76->79 80 403749-40374d ExitProcess 76->80 82 4035b1-4035c5 call 405697 lstrcatA 77->82 83 40354c-403559 call 405a96 77->83 86 403537-403539 78->86 79->80 95 4035d2-4035ec lstrcatA lstrcmpiA 82->95 96 4035c7-4035cd lstrcatA 82->96 83->59 94 40355b-403571 call 406010 * 2 83->94 97 403728-403732 ExitWindowsEx 84->97 98 40371c-403726 84->98 85->84 86->77 87 40353b-40353e 86->87 87->77 87->86 94->63 95->59 100 4035ee-4035f1 95->100 96->95 97->76 101 403734-403736 call 40140b 97->101 98->97 98->101 103 4035f3-4035f8 call 4055fd 100->103 104 4035fa call 40567a 100->104 101->76 112 4035ff-40360c SetCurrentDirectoryA 103->112 104->112 113 403619-403641 call 406010 112->113 114 40360e-403614 call 406010 112->114 118 403647-403663 call 406032 DeleteFileA 113->118 114->113 121 4036a4-4036ab 118->121 122 403665-403675 CopyFileA 118->122 121->118 123 4036ad-4036b4 call 405def 121->123 122->121 124 403677-403697 call 405def call 406032 call 4056af 122->124 123->59 124->121 133 403699-4036a0 CloseHandle 124->133 133->121
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t53;
				CHAR* _t55;
				void* _t59;
				intOrPtr _t61;
				int _t63;
				int _t66;
				signed int _t67;
				int _t68;
				signed int _t70;
				void* _t94;
				signed int _t110;
				void* _t113;
				void* _t118;
				intOrPtr* _t119;
				char _t122;
				signed int _t141;
				signed int _t142;
				int _t150;
				void* _t151;
				intOrPtr* _t153;
				CHAR* _t156;
				CHAR* _t157;
				void* _t159;
				char* _t160;
				void* _t163;
				void* _t164;
				char _t189;

				 *(_t164 + 0x18) = 0;
				 *((intOrPtr*)(_t164 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t164 + 0x20) = 0;
				 *(_t164 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x42f40c = _t42;
				if(_t42 != 6) {
					_t119 = E004063A8(0);
					if(_t119 != 0) {
						 *_t119(0xc00);
					}
				}
				_t156 = "UXTHEME";
				do {
					E0040633A(_t156); // executed
					_t156 =  &(_t156[lstrlenA(_t156) + 1]);
				} while ( *_t156 != 0);
				E004063A8(0xa);
				 *0x42f404 = E004063A8(8);
				_t47 = E004063A8(6);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x42f40f =  *0x42f40f | 0x00000040;
					}
				}
				__imp__#17(_t159);
				__imp__OleInitialize(0); // executed
				 *0x42f4d8 = _t47;
				SHGetFileInfoA(0x429830, 0, _t164 + 0x38, 0x160, 0); // executed
				E00406010("Wildix WIService  v2.15.2 Setup", "NSIS Error");
				_t51 = GetCommandLineA();
				_t160 = "\"C:\\Users\\hardz\\Desktop\\SetupWIService.exe\"";
				E00406010(_t160, _t51);
				 *0x42f400 = 0x400000;
				_t53 = _t160;
				if("\"C:\\Users\\hardz\\Desktop\\SetupWIService.exe\"" == 0x22) {
					 *(_t164 + 0x14) = 0x22;
					_t53 =  &M00435001;
				}
				_t55 = CharNextA(E004059D3(_t53,  *(_t164 + 0x14)));
				 *(_t164 + 0x1c) = _t55;
				while(1) {
					_t122 =  *_t55;
					_t172 = _t122;
					if(_t122 == 0) {
						break;
					}
					__eflags = _t122 - 0x20;
					if(_t122 != 0x20) {
						L13:
						__eflags =  *_t55 - 0x22;
						 *(_t164 + 0x14) = 0x20;
						if( *_t55 == 0x22) {
							_t55 =  &(_t55[1]);
							__eflags = _t55;
							 *(_t164 + 0x14) = 0x22;
						}
						__eflags =  *_t55 - 0x2f;
						if( *_t55 != 0x2f) {
							L25:
							_t55 = E004059D3(_t55,  *(_t164 + 0x14));
							__eflags =  *_t55 - 0x22;
							if(__eflags == 0) {
								_t55 =  &(_t55[1]);
								__eflags = _t55;
							}
							continue;
						} else {
							_t55 =  &(_t55[1]);
							__eflags =  *_t55 - 0x53;
							if( *_t55 != 0x53) {
								L20:
								__eflags =  *_t55 - ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC");
								if( *_t55 != ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=")) {
										 *((char*)(_t55 - 2)) = 0;
										__eflags =  &(_t55[2]);
										E00406010("C:\\Program Files (x86)\\Wildix\\WIService",  &(_t55[2]));
										L30:
										_t157 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t157);
										_t59 = E0040323A(_t172);
										_t173 = _t59;
										if(_t59 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t61 = E00402DC4(_t175,  *(_t164 + 0x20)); // executed
											 *((intOrPtr*)(_t164 + 0x10)) = _t61;
											if(_t61 != 0) {
												L43:
												E00403753();
												__imp__OleUninitialize();
												_t185 =  *((intOrPtr*)(_t164 + 0x10));
												if( *((intOrPtr*)(_t164 + 0x10)) == 0) {
													__eflags =  *0x42f4b4;
													if( *0x42f4b4 == 0) {
														L67:
														_t63 =  *0x42f4cc;
														__eflags = _t63 - 0xffffffff;
														if(_t63 != 0xffffffff) {
															 *(_t164 + 0x14) = _t63;
														}
														ExitProcess( *(_t164 + 0x14));
													}
													_t66 = OpenProcessToken(GetCurrentProcess(), 0x28, _t164 + 0x18);
													__eflags = _t66;
													_t150 = 2;
													if(_t66 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t164 + 0x24);
														 *(_t164 + 0x38) = 1;
														 *(_t164 + 0x44) = _t150;
														AdjustTokenPrivileges( *(_t164 + 0x2c), 0, _t164 + 0x28, 0, 0, 0);
													}
													_t67 = E004063A8(4);
													__eflags = _t67;
													if(_t67 == 0) {
														L65:
														_t68 = ExitWindowsEx(_t150, 0x80040002);
														__eflags = _t68;
														if(_t68 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t70 =  *_t67(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t70;
														if(_t70 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E0040572C( *((intOrPtr*)(_t164 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											if( *0x42f420 == 0) {
												L42:
												 *0x42f4cc =  *0x42f4cc | 0xffffffff;
												 *(_t164 + 0x18) = E0040382D( *0x42f4cc);
												goto L43;
											}
											_t153 = E004059D3(_t160, 0);
											if(_t153 < _t160) {
												L39:
												_t182 = _t153 - _t160;
												 *((intOrPtr*)(_t164 + 0x10)) = "Error launching installer";
												if(_t153 < _t160) {
													_t151 = E00405697(_t185);
													lstrcatA(_t157, "~nsu");
													if(_t151 != 0) {
														lstrcatA(_t157, "A");
													}
													lstrcatA(_t157, ".tmp");
													_t162 = "C:\\Users\\hardz\\Desktop";
													if(lstrcmpiA(_t157, "C:\\Users\\hardz\\Desktop") != 0) {
														_push(_t157);
														if(_t151 == 0) {
															E0040567A();
														} else {
															E004055FD();
														}
														SetCurrentDirectoryA(_t157);
														_t189 = "C:\\Program Files (x86)\\Wildix\\WIService"; // 0x43
														if(_t189 == 0) {
															E00406010("C:\\Program Files (x86)\\Wildix\\WIService", _t162);
														}
														E00406010(0x430000,  *(_t164 + 0x1c));
														_t137 = "A";
														_t163 = 0x1a;
														 *0x430400 = "A";
														do {
															E00406032(0, 0x429430, _t157, 0x429430,  *((intOrPtr*)( *0x42f414 + 0x120)));
															DeleteFileA(0x429430);
															if( *((intOrPtr*)(_t164 + 0x10)) != 0 && CopyFileA("C:\\Users\\hardz\\Desktop\\SetupWIService.exe", 0x429430, 1) != 0) {
																E00405DEF(_t137, 0x429430, 0);
																E00406032(0, 0x429430, _t157, 0x429430,  *((intOrPtr*)( *0x42f414 + 0x124)));
																_t94 = E004056AF(0x429430);
																if(_t94 != 0) {
																	CloseHandle(_t94);
																	 *((intOrPtr*)(_t164 + 0x10)) = 0;
																}
															}
															 *0x430400 =  *0x430400 + 1;
															_t163 = _t163 - 1;
														} while (_t163 != 0);
														E00405DEF(_t137, _t157, 0);
													}
													goto L43;
												}
												 *_t153 = 0;
												_t154 = _t153 + 4;
												if(E00405A96(_t182, _t153 + 4) == 0) {
													goto L43;
												}
												E00406010("C:\\Program Files (x86)\\Wildix\\WIService", _t154);
												E00406010("C:\\Program Files (x86)\\Wildix\\WIService", _t154);
												 *((intOrPtr*)(_t164 + 0x10)) = 0;
												goto L42;
											}
											_t110 = (( *0x40a15b << 0x00000008 |  *0x40a15a) << 0x00000008 |  *0x40a159) << 0x00000008 | " _?=";
											while( *_t153 != _t110) {
												_t153 = _t153 - 1;
												if(_t153 >= _t160) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t157, 0x3fb);
										lstrcatA(_t157, "\\Temp");
										_t113 = E0040323A(_t173);
										_t174 = _t113;
										if(_t113 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t157);
										lstrcatA(_t157, "Low");
										SetEnvironmentVariableA("TEMP", _t157);
										SetEnvironmentVariableA("TMP", _t157);
										_t118 = E0040323A(_t174);
										_t175 = _t118;
										if(_t118 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t141 = _t55[4];
								__eflags = _t141 - 0x20;
								if(_t141 == 0x20) {
									L23:
									_t15 = _t164 + 0x20;
									 *_t15 =  *(_t164 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t141;
								if(_t141 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t142 = _t55[1];
							__eflags = _t142 - 0x20;
							if(_t142 == 0x20) {
								L19:
								 *0x42f4c0 = 1;
								goto L20;
							}
							__eflags = _t142;
							if(_t142 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t55 =  &(_t55[1]);
						__eflags =  *_t55 - 0x20;
					} while ( *_t55 == 0x20);
					goto L13;
				}
				goto L30;
			}

































                                                                                                                              0x0040327b
                                                                                                                              0x0040327f
                                                                                                                              0x00403287
                                                                                                                              0x0040328b
                                                                                                                              0x00403290
                                                                                                                              0x0040329c
                                                                                                                              0x004032a5
                                                                                                                              0x004032aa
                                                                                                                              0x004032ad
                                                                                                                              0x004032b4
                                                                                                                              0x004032bb
                                                                                                                              0x004032bb
                                                                                                                              0x004032b4
                                                                                                                              0x004032bd
                                                                                                                              0x004032c2
                                                                                                                              0x004032c3
                                                                                                                              0x004032cf
                                                                                                                              0x004032d3
                                                                                                                              0x004032d9
                                                                                                                              0x004032e7
                                                                                                                              0x004032ec
                                                                                                                              0x004032f3
                                                                                                                              0x004032f7
                                                                                                                              0x004032fb
                                                                                                                              0x004032fd
                                                                                                                              0x004032fd
                                                                                                                              0x004032fb
                                                                                                                              0x00403305
                                                                                                                              0x0040330c
                                                                                                                              0x00403312
                                                                                                                              0x00403328
                                                                                                                              0x00403338
                                                                                                                              0x0040333d
                                                                                                                              0x00403343
                                                                                                                              0x0040334a
                                                                                                                              0x00403356
                                                                                                                              0x00403360
                                                                                                                              0x00403362
                                                                                                                              0x00403364
                                                                                                                              0x00403369
                                                                                                                              0x00403369
                                                                                                                              0x00403379
                                                                                                                              0x0040337f
                                                                                                                              0x00403448
                                                                                                                              0x00403448
                                                                                                                              0x0040344a
                                                                                                                              0x0040344c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403388
                                                                                                                              0x0040338b
                                                                                                                              0x00403393
                                                                                                                              0x00403393
                                                                                                                              0x00403396
                                                                                                                              0x0040339b
                                                                                                                              0x0040339d
                                                                                                                              0x0040339d
                                                                                                                              0x0040339e
                                                                                                                              0x0040339e
                                                                                                                              0x004033a3
                                                                                                                              0x004033a6
                                                                                                                              0x00403438
                                                                                                                              0x0040343d
                                                                                                                              0x00403442
                                                                                                                              0x00403445
                                                                                                                              0x00403447
                                                                                                                              0x00403447
                                                                                                                              0x00403447
                                                                                                                              0x00000000
                                                                                                                              0x004033ac
                                                                                                                              0x004033ac
                                                                                                                              0x004033ad
                                                                                                                              0x004033b0
                                                                                                                              0x004033c8
                                                                                                                              0x004033f3
                                                                                                                              0x004033f5
                                                                                                                              0x00403408
                                                                                                                              0x00403433
                                                                                                                              0x00403436
                                                                                                                              0x00403454
                                                                                                                              0x00403457
                                                                                                                              0x00403460
                                                                                                                              0x00403465
                                                                                                                              0x0040346b
                                                                                                                              0x00403476
                                                                                                                              0x00403478
                                                                                                                              0x0040347d
                                                                                                                              0x0040347f
                                                                                                                              0x004034d7
                                                                                                                              0x004034dc
                                                                                                                              0x004034e6
                                                                                                                              0x004034ed
                                                                                                                              0x004034f1
                                                                                                                              0x00403585
                                                                                                                              0x00403585
                                                                                                                              0x0040358a
                                                                                                                              0x00403590
                                                                                                                              0x00403595
                                                                                                                              0x004036b9
                                                                                                                              0x004036bf
                                                                                                                              0x0040373b
                                                                                                                              0x0040373b
                                                                                                                              0x00403740
                                                                                                                              0x00403743
                                                                                                                              0x00403745
                                                                                                                              0x00403745
                                                                                                                              0x0040374d
                                                                                                                              0x0040374d
                                                                                                                              0x004036cf
                                                                                                                              0x004036d7
                                                                                                                              0x004036d9
                                                                                                                              0x004036da
                                                                                                                              0x004036e7
                                                                                                                              0x004036fa
                                                                                                                              0x00403702
                                                                                                                              0x00403706
                                                                                                                              0x00403706
                                                                                                                              0x0040370e
                                                                                                                              0x00403713
                                                                                                                              0x0040371a
                                                                                                                              0x00403728
                                                                                                                              0x0040372a
                                                                                                                              0x00403730
                                                                                                                              0x00403732
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040371c
                                                                                                                              0x00403722
                                                                                                                              0x00403724
                                                                                                                              0x00403726
                                                                                                                              0x00403734
                                                                                                                              0x00403736
                                                                                                                              0x00000000
                                                                                                                              0x00403736
                                                                                                                              0x00000000
                                                                                                                              0x00403726
                                                                                                                              0x0040371a
                                                                                                                              0x004035a4
                                                                                                                              0x004035ab
                                                                                                                              0x004035ab
                                                                                                                              0x004034fd
                                                                                                                              0x00403575
                                                                                                                              0x00403575
                                                                                                                              0x00403581
                                                                                                                              0x00000000
                                                                                                                              0x00403581
                                                                                                                              0x00403506
                                                                                                                              0x0040350a
                                                                                                                              0x00403540
                                                                                                                              0x00403540
                                                                                                                              0x00403542
                                                                                                                              0x0040354a
                                                                                                                              0x004035bc
                                                                                                                              0x004035be
                                                                                                                              0x004035c5
                                                                                                                              0x004035cd
                                                                                                                              0x004035cd
                                                                                                                              0x004035d8
                                                                                                                              0x004035dd
                                                                                                                              0x004035ec
                                                                                                                              0x004035f0
                                                                                                                              0x004035f1
                                                                                                                              0x004035fa
                                                                                                                              0x004035f3
                                                                                                                              0x004035f3
                                                                                                                              0x004035f3
                                                                                                                              0x00403600
                                                                                                                              0x00403606
                                                                                                                              0x0040360c
                                                                                                                              0x00403614
                                                                                                                              0x00403614
                                                                                                                              0x00403622
                                                                                                                              0x00403627
                                                                                                                              0x00403639
                                                                                                                              0x00403641
                                                                                                                              0x00403647
                                                                                                                              0x00403653
                                                                                                                              0x00403659
                                                                                                                              0x00403663
                                                                                                                              0x00403679
                                                                                                                              0x0040368a
                                                                                                                              0x00403690
                                                                                                                              0x00403697
                                                                                                                              0x0040369a
                                                                                                                              0x004036a0
                                                                                                                              0x004036a0
                                                                                                                              0x00403697
                                                                                                                              0x004036a4
                                                                                                                              0x004036aa
                                                                                                                              0x004036aa
                                                                                                                              0x004036af
                                                                                                                              0x004036af
                                                                                                                              0x00000000
                                                                                                                              0x004035ec
                                                                                                                              0x0040354c
                                                                                                                              0x0040354e
                                                                                                                              0x00403559
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403561
                                                                                                                              0x0040356c
                                                                                                                              0x00403571
                                                                                                                              0x00000000
                                                                                                                              0x00403571
                                                                                                                              0x00403535
                                                                                                                              0x00403537
                                                                                                                              0x0040353b
                                                                                                                              0x0040353e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040353e
                                                                                                                              0x00000000
                                                                                                                              0x00403537
                                                                                                                              0x00403487
                                                                                                                              0x00403493
                                                                                                                              0x00403498
                                                                                                                              0x0040349d
                                                                                                                              0x0040349f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004034a7
                                                                                                                              0x004034af
                                                                                                                              0x004034c0
                                                                                                                              0x004034c8
                                                                                                                              0x004034ca
                                                                                                                              0x004034cf
                                                                                                                              0x004034d1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004034d1
                                                                                                                              0x00000000
                                                                                                                              0x00403436
                                                                                                                              0x004033f7
                                                                                                                              0x004033fa
                                                                                                                              0x004033fd
                                                                                                                              0x00403403
                                                                                                                              0x00403403
                                                                                                                              0x00403403
                                                                                                                              0x00403403
                                                                                                                              0x00000000
                                                                                                                              0x00403403
                                                                                                                              0x004033ff
                                                                                                                              0x00403401
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403401
                                                                                                                              0x004033b2
                                                                                                                              0x004033b5
                                                                                                                              0x004033b8
                                                                                                                              0x004033be
                                                                                                                              0x004033be
                                                                                                                              0x00000000
                                                                                                                              0x004033be
                                                                                                                              0x004033ba
                                                                                                                              0x004033bc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004033bc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040338d
                                                                                                                              0x0040338d
                                                                                                                              0x0040338d
                                                                                                                              0x0040338e
                                                                                                                              0x0040338e
                                                                                                                              0x00000000
                                                                                                                              0x0040338d
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • SetErrorMode.KERNELBASE ref: 00403290
                                                                                                                              • GetVersion.KERNEL32 ref: 00403296
                                                                                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004032C9
                                                                                                                              • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403305
                                                                                                                              • OleInitialize.OLE32(00000000), ref: 0040330C
                                                                                                                              • SHGetFileInfoA.SHELL32(00429830,00000000,?,00000160,00000000,?,00000006,00000008,0000000A), ref: 00403328
                                                                                                                              • GetCommandLineA.KERNEL32(Wildix WIService v2.15.2 Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040333D
                                                                                                                              • CharNextA.USER32(00000000,"C:\Users\user\Desktop\SetupWIService.exe",00000020,"C:\Users\user\Desktop\SetupWIService.exe",00000000,?,00000006,00000008,0000000A), ref: 00403379
                                                                                                                              • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000006,00000008,0000000A), ref: 00403476
                                                                                                                              • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 00403487
                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 00403493
                                                                                                                              • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004034A7
                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004034AF
                                                                                                                              • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004034C0
                                                                                                                              • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004034C8
                                                                                                                              • DeleteFileA.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 004034DC
                                                                                                                                • Part of subcall function 004063A8: GetModuleHandleA.KERNEL32(?,?,?,004032DE,0000000A), ref: 004063BA
                                                                                                                                • Part of subcall function 004063A8: GetProcAddress.KERNEL32(00000000,?), ref: 004063D5
                                                                                                                                • Part of subcall function 0040382D: lstrlenA.KERNEL32(: Completed,?,?,?,: Completed,00000000,C:\Program Files (x86)\Wildix\WIService,1033,Wildix WIService v2.15.2 Setup: Completed,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix WIService v2.15.2 Setup: Completed,00000000,00000002,74D0FA90), ref: 0040391D
                                                                                                                                • Part of subcall function 0040382D: lstrcmpiA.KERNEL32(?,.exe,: Completed,?,?,?,: Completed,00000000,C:\Program Files (x86)\Wildix\WIService,1033,Wildix WIService v2.15.2 Setup: Completed,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix WIService v2.15.2 Setup: Completed,00000000), ref: 00403930
                                                                                                                                • Part of subcall function 0040382D: GetFileAttributesA.KERNEL32(: Completed), ref: 0040393B
                                                                                                                                • Part of subcall function 0040382D: LoadImageA.USER32 ref: 00403984
                                                                                                                                • Part of subcall function 0040382D: RegisterClassA.USER32 ref: 004039C1
                                                                                                                                • Part of subcall function 00403753: CloseHandle.KERNEL32(000002C0,0040358A,?,?,00000006,00000008,0000000A), ref: 0040375E
                                                                                                                              • OleUninitialize.OLE32(?,?,00000006,00000008,0000000A), ref: 0040358A
                                                                                                                              • ExitProcess.KERNEL32 ref: 004035AB
                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?,00000006,00000008,0000000A), ref: 004036C8
                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 004036CF
                                                                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004036E7
                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403706
                                                                                                                              • ExitWindowsEx.USER32 ref: 0040372A
                                                                                                                              • ExitProcess.KERNEL32 ref: 0040374D
                                                                                                                                • Part of subcall function 0040572C: MessageBoxIndirectA.USER32 ref: 00405787
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Process$ExitFile$EnvironmentHandlePathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCloseCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpi
                                                                                                                              • String ID: "$"C:\Users\user\Desktop\SetupWIService.exe"$.tmp$1033$C:\Program Files (x86)\Wildix\WIService$C:\Program Files (x86)\Wildix\WIService$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SetupWIService.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$Wildix WIService v2.15.2 Setup$\Temp$~nsu
                                                                                                                              • API String ID: 3776617018-1548919798
                                                                                                                              • Opcode ID: 4775c68527fbb917aecb0a7c801f737b56a4a891fa957fa25b7ad5f6c3460015
                                                                                                                              • Instruction ID: c488d4947f624a60ea111d8e8e2b3f6be1d3d76fce8bfd42f4ae142e8cae794f
                                                                                                                              • Opcode Fuzzy Hash: 4775c68527fbb917aecb0a7c801f737b56a4a891fa957fa25b7ad5f6c3460015
                                                                                                                              • Instruction Fuzzy Hash: 9EC10570104741AAD7216F759D49B2F3EA8AF4570AF44443FF582B61E2CB7C8A198B2F
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405275 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 134 405275-405291 135 405420-405426 134->135 136 405297-40535e GetDlgItem * 3 call 4040d3 call 4049c4 GetClientRect GetSystemMetrics SendMessageA * 2 134->136 138 405450-40545c 135->138 139 405428-40544a GetDlgItem CreateThread FindCloseChangeNotification 135->139 154 405360-40537a SendMessageA * 2 136->154 155 40537c-40537f 136->155 141 40547e-405484 138->141 142 40545e-405464 138->142 139->138 146 405486-40548c 141->146 147 4054d9-4054dc 141->147 144 405466-405479 ShowWindow * 2 call 4040d3 142->144 145 40549f-4054a6 call 404105 142->145 144->141 158 4054ab-4054af 145->158 151 4054b2-4054c2 ShowWindow 146->151 152 40548e-40549a call 404077 146->152 147->145 149 4054de-4054e4 147->149 149->145 156 4054e6-4054f9 SendMessageA 149->156 159 4054d2-4054d4 call 404077 151->159 160 4054c4-4054cd call 405137 151->160 152->145 154->155 163 405381-40538d SendMessageA 155->163 164 40538f-4053a6 call 40409e 155->164 165 4055f6-4055f8 156->165 166 4054ff-40552b CreatePopupMenu call 406032 AppendMenuA 156->166 159->147 160->159 163->164 173 4053a8-4053bc ShowWindow 164->173 174 4053dc-4053fd GetDlgItem SendMessageA 164->174 165->158 171 405540-405556 TrackPopupMenu 166->171 172 40552d-40553d GetWindowRect 166->172 171->165 176 40555c-405576 171->176 172->171 177 4053cb 173->177 178 4053be-4053c9 ShowWindow 173->178 174->165 175 405403-40541b SendMessageA * 2 174->175 175->165 179 40557b-405596 SendMessageA 176->179 180 4053d1-4053d7 call 4040d3 177->180 178->180 179->179 181 405598-4055b8 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 179->181 180->174 183 4055ba-4055da SendMessageA 181->183 183->183 184 4055dc-4055f0 GlobalUnlock SetClipboardData CloseClipboard 183->184 184->165
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E00405275(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t113;
				void* _t121;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x42ebe4; // 0x10424
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						_t121 = CreateThread(0, 0, E00405209, GetDlgItem(_a4, 0x3ec), 0,  &_a8); // executed
						FindCloseChangeNotification(_t121);
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E00406032(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x42a870;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x42ebcc - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x42f408, 8); // executed
							__eflags =  *0x42f4ac - _t150;
							if( *0x42f4ac == _t150) {
								_t113 =  *0x42a048; // 0x758dbc
								E00405137( *((intOrPtr*)(_t113 + 0x34)), _t150); // executed
							}
							E00404077(1);
							goto L25;
						}
						 *0x429c40 = 2;
						E00404077(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404105(_t157, _a12, _a16);
						}
						ShowWindow( *0x42ebd0, _t150);
						ShowWindow(_v8, 8);
						E004040D3(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x42f414;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x42ebd0 = GetDlgItem(_a4, 0x403);
				 *0x42ebc8 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x42ebe4 = _t128;
				_v8 = _t128;
				E004040D3( *0x42ebd0);
				 *0x42ebd4 = E004049C4(4);
				 *0x42ebec = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E0040409E(_a4);
				if(( *0x42f41c & 0x00000003) != 0) {
					ShowWindow( *0x42ebd0, _t150);
					if(( *0x42f41c & 0x00000002) != 0) {
						 *0x42ebd0 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E004040D3( *0x42ebc8);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42f41c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}





































                                                                                                                              0x0040527b
                                                                                                                              0x00405283
                                                                                                                              0x00405286
                                                                                                                              0x0040528e
                                                                                                                              0x00405291
                                                                                                                              0x00405420
                                                                                                                              0x00405426
                                                                                                                              0x00405443
                                                                                                                              0x0040544a
                                                                                                                              0x0040544a
                                                                                                                              0x00405456
                                                                                                                              0x0040545c
                                                                                                                              0x0040547e
                                                                                                                              0x0040547e
                                                                                                                              0x00405484
                                                                                                                              0x004054d9
                                                                                                                              0x004054d9
                                                                                                                              0x004054dc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004054de
                                                                                                                              0x004054e1
                                                                                                                              0x004054e4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004054ee
                                                                                                                              0x004054f4
                                                                                                                              0x004054f6
                                                                                                                              0x004054f9
                                                                                                                              0x004055f6
                                                                                                                              0x00000000
                                                                                                                              0x004055f6
                                                                                                                              0x00405508
                                                                                                                              0x00405514
                                                                                                                              0x0040551d
                                                                                                                              0x00405524
                                                                                                                              0x00405528
                                                                                                                              0x0040552b
                                                                                                                              0x00405534
                                                                                                                              0x0040553a
                                                                                                                              0x0040553d
                                                                                                                              0x0040553d
                                                                                                                              0x0040554d
                                                                                                                              0x00405553
                                                                                                                              0x00405556
                                                                                                                              0x00405561
                                                                                                                              0x00405561
                                                                                                                              0x00405562
                                                                                                                              0x00405565
                                                                                                                              0x0040556c
                                                                                                                              0x00405573
                                                                                                                              0x0040557b
                                                                                                                              0x0040557b
                                                                                                                              0x00405589
                                                                                                                              0x0040558f
                                                                                                                              0x00405592
                                                                                                                              0x00405592
                                                                                                                              0x00405599
                                                                                                                              0x0040559f
                                                                                                                              0x004055a8
                                                                                                                              0x004055af
                                                                                                                              0x004055b8
                                                                                                                              0x004055ba
                                                                                                                              0x004055bd
                                                                                                                              0x004055cc
                                                                                                                              0x004055ce
                                                                                                                              0x004055d1
                                                                                                                              0x004055d2
                                                                                                                              0x004055d5
                                                                                                                              0x004055d6
                                                                                                                              0x004055d7
                                                                                                                              0x004055d7
                                                                                                                              0x004055df
                                                                                                                              0x004055ea
                                                                                                                              0x004055f0
                                                                                                                              0x004055f0
                                                                                                                              0x00000000
                                                                                                                              0x00405556
                                                                                                                              0x00405486
                                                                                                                              0x0040548c
                                                                                                                              0x004054ba
                                                                                                                              0x004054bc
                                                                                                                              0x004054c2
                                                                                                                              0x004054c4
                                                                                                                              0x004054cd
                                                                                                                              0x004054cd
                                                                                                                              0x004054d4
                                                                                                                              0x00000000
                                                                                                                              0x004054d4
                                                                                                                              0x00405490
                                                                                                                              0x0040549a
                                                                                                                              0x00000000
                                                                                                                              0x0040545e
                                                                                                                              0x0040545e
                                                                                                                              0x00405464
                                                                                                                              0x0040549f
                                                                                                                              0x00000000
                                                                                                                              0x004054a6
                                                                                                                              0x0040546d
                                                                                                                              0x00405474
                                                                                                                              0x00405479
                                                                                                                              0x00000000
                                                                                                                              0x00405479
                                                                                                                              0x0040545c
                                                                                                                              0x00405297
                                                                                                                              0x0040529b
                                                                                                                              0x004052a3
                                                                                                                              0x004052a7
                                                                                                                              0x004052aa
                                                                                                                              0x004052ad
                                                                                                                              0x004052b0
                                                                                                                              0x004052b3
                                                                                                                              0x004052b4
                                                                                                                              0x004052b5
                                                                                                                              0x004052ce
                                                                                                                              0x004052d1
                                                                                                                              0x004052db
                                                                                                                              0x004052ea
                                                                                                                              0x004052f2
                                                                                                                              0x004052fa
                                                                                                                              0x004052ff
                                                                                                                              0x00405302
                                                                                                                              0x0040530e
                                                                                                                              0x00405317
                                                                                                                              0x00405320
                                                                                                                              0x00405342
                                                                                                                              0x00405348
                                                                                                                              0x00405359
                                                                                                                              0x0040535e
                                                                                                                              0x0040536c
                                                                                                                              0x0040537a
                                                                                                                              0x0040537a
                                                                                                                              0x0040537f
                                                                                                                              0x0040538d
                                                                                                                              0x0040538d
                                                                                                                              0x00405392
                                                                                                                              0x00405395
                                                                                                                              0x0040539a
                                                                                                                              0x004053a6
                                                                                                                              0x004053af
                                                                                                                              0x004053bc
                                                                                                                              0x004053cb
                                                                                                                              0x004053be
                                                                                                                              0x004053c3
                                                                                                                              0x004053c3
                                                                                                                              0x004053d7
                                                                                                                              0x004053d7
                                                                                                                              0x004053eb
                                                                                                                              0x004053f4
                                                                                                                              0x004053fd
                                                                                                                              0x0040540d
                                                                                                                              0x00405419
                                                                                                                              0x00405419
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              • Wildix WIService v2.15.2 Setup: Completed, xrefs: 00405565
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                                                                              • String ID: Wildix WIService v2.15.2 Setup: Completed
                                                                                                                              • API String ID: 4154960007-2136058454
                                                                                                                              • Opcode ID: 850865324eda7255bc617561a744910c99d6829a0b955d2a94bbb97841d7110d
                                                                                                                              • Instruction ID: 66d789517199d7de7cfadb6731c275bc9a2b232ae8febcf914e4846c803f5e83
                                                                                                                              • Opcode Fuzzy Hash: 850865324eda7255bc617561a744910c99d6829a0b955d2a94bbb97841d7110d
                                                                                                                              • Instruction Fuzzy Hash: A3A147B0900608BFDB119F61DE89AAF7F79FB08354F40403AFA41BA1A0C7755E519F68
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004057D8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159filestringCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 493 4057d8-4057fe call 405a96 496 405800-405812 DeleteFileA 493->496 497 405817-40581e 493->497 498 4059a1-4059a5 496->498 499 405820-405822 497->499 500 405831-405841 call 406010 497->500 501 405828-40582b 499->501 502 40594f-405954 499->502 508 405850-405851 call 4059ef 500->508 509 405843-40584e lstrcatA 500->509 501->500 501->502 502->498 504 405956-405959 502->504 506 405963-40596b call 406313 504->506 507 40595b-405961 504->507 506->498 516 40596d-405981 call 4059a8 call 405790 506->516 507->498 511 405856-405859 508->511 509->511 514 405864-40586a lstrcatA 511->514 515 40585b-405862 511->515 517 40586f-40588d lstrlenA FindFirstFileA 514->517 515->514 515->517 532 405983-405986 516->532 533 405999-40599c call 405137 516->533 519 405893-4058aa call 4059d3 517->519 520 405945-405949 517->520 526 4058b5-4058b8 519->526 527 4058ac-4058b0 519->527 520->502 523 40594b 520->523 523->502 530 4058ba-4058bf 526->530 531 4058cb-4058d9 call 406010 526->531 527->526 529 4058b2 527->529 529->526 535 4058c1-4058c3 530->535 536 405924-405936 FindNextFileA 530->536 543 4058f0-4058fb call 405790 531->543 544 4058db-4058e3 531->544 532->507 538 405988-405997 call 405137 call 405def 532->538 533->498 535->531 539 4058c5-4058c9 535->539 536->519 541 40593c-40593f FindClose 536->541 538->498 539->531 539->536 541->520 552 40591c-40591f call 405137 543->552 553 4058fd-405900 543->553 544->536 547 4058e5-4058ee call 4057d8 544->547 547->536 552->536 555 405902-405912 call 405137 call 405def 553->555 556 405914-40591a 553->556 555->536 556->536
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E004057D8(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405A96(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x42f4a8 =  *0x42f4a8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406010(0x42b878, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E004059EF(_t73);
					} else {
						lstrcatA(0x42b878, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]); // executed
						_t40 = FindFirstFileA(0x42b878,  &_v336); // executed
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E004059D3( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E00406010(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E00405790(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E00405137(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x42f4a8 =  *0x42f4a8 + 1;
										} else {
											E00405137(0xfffffff1, _t73);
											E00405DEF(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004057D8(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x42b878 - 0x5c;
					if( *0x42b878 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E00406313(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E004059A8(_t73);
							_t40 = E00405790(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E00405137(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E00405137(0xfffffff1, _t73);
							return E00405DEF(_t72, _t73, 0);
						}
						L33:
						 *0x42f4a8 =  *0x42f4a8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                                                                                                              0x004057e2
                                                                                                                              0x004057e7
                                                                                                                              0x004057f0
                                                                                                                              0x004057f3
                                                                                                                              0x004057fb
                                                                                                                              0x004057fe
                                                                                                                              0x00405801
                                                                                                                              0x00405809
                                                                                                                              0x0040580b
                                                                                                                              0x0040580c
                                                                                                                              0x00000000
                                                                                                                              0x0040580c
                                                                                                                              0x00405817
                                                                                                                              0x0040581a
                                                                                                                              0x0040581a
                                                                                                                              0x0040581a
                                                                                                                              0x0040581e
                                                                                                                              0x00405831
                                                                                                                              0x00405838
                                                                                                                              0x0040583d
                                                                                                                              0x00405841
                                                                                                                              0x00405851
                                                                                                                              0x00405843
                                                                                                                              0x00405849
                                                                                                                              0x00405849
                                                                                                                              0x00405856
                                                                                                                              0x00405859
                                                                                                                              0x00405864
                                                                                                                              0x0040586a
                                                                                                                              0x0040586f
                                                                                                                              0x0040587f
                                                                                                                              0x00405881
                                                                                                                              0x00405887
                                                                                                                              0x0040588a
                                                                                                                              0x0040588d
                                                                                                                              0x00405945
                                                                                                                              0x00405945
                                                                                                                              0x00405949
                                                                                                                              0x0040594b
                                                                                                                              0x0040594b
                                                                                                                              0x0040594b
                                                                                                                              0x0040594b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405893
                                                                                                                              0x00405893
                                                                                                                              0x0040589c
                                                                                                                              0x004058a2
                                                                                                                              0x004058a7
                                                                                                                              0x004058aa
                                                                                                                              0x004058ac
                                                                                                                              0x004058b0
                                                                                                                              0x004058b2
                                                                                                                              0x004058b2
                                                                                                                              0x004058b0
                                                                                                                              0x004058b5
                                                                                                                              0x004058b8
                                                                                                                              0x004058cb
                                                                                                                              0x004058cd
                                                                                                                              0x004058d2
                                                                                                                              0x004058d9
                                                                                                                              0x004058f4
                                                                                                                              0x004058f9
                                                                                                                              0x004058fb
                                                                                                                              0x0040591f
                                                                                                                              0x004058fd
                                                                                                                              0x004058fd
                                                                                                                              0x00405900
                                                                                                                              0x00405914
                                                                                                                              0x00405902
                                                                                                                              0x00405905
                                                                                                                              0x0040590d
                                                                                                                              0x0040590d
                                                                                                                              0x00405900
                                                                                                                              0x004058db
                                                                                                                              0x004058e1
                                                                                                                              0x004058e3
                                                                                                                              0x004058e9
                                                                                                                              0x004058e9
                                                                                                                              0x004058e3
                                                                                                                              0x00000000
                                                                                                                              0x004058d9
                                                                                                                              0x004058ba
                                                                                                                              0x004058bd
                                                                                                                              0x004058bf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004058c1
                                                                                                                              0x004058c3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004058c5
                                                                                                                              0x004058c9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405924
                                                                                                                              0x0040592e
                                                                                                                              0x00405934
                                                                                                                              0x00405934
                                                                                                                              0x0040593f
                                                                                                                              0x00000000
                                                                                                                              0x0040593f
                                                                                                                              0x0040585b
                                                                                                                              0x00405862
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405820
                                                                                                                              0x00405820
                                                                                                                              0x00405822
                                                                                                                              0x0040594f
                                                                                                                              0x00405951
                                                                                                                              0x00405954
                                                                                                                              0x004059a5
                                                                                                                              0x004059a5
                                                                                                                              0x004059a5
                                                                                                                              0x00405956
                                                                                                                              0x00405959
                                                                                                                              0x00405964
                                                                                                                              0x00405969
                                                                                                                              0x0040596b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040596e
                                                                                                                              0x0040597a
                                                                                                                              0x0040597f
                                                                                                                              0x00405981
                                                                                                                              0x00000000
                                                                                                                              0x0040599c
                                                                                                                              0x00405983
                                                                                                                              0x00405986
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040598b
                                                                                                                              0x00000000
                                                                                                                              0x00405992
                                                                                                                              0x0040595b
                                                                                                                              0x0040595b
                                                                                                                              0x00000000
                                                                                                                              0x0040595b
                                                                                                                              0x00405828
                                                                                                                              0x0040582b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040582b

                                                                                                                              APIs
                                                                                                                              • DeleteFileA.KERNELBASE(?,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405801
                                                                                                                              • lstrcatA.KERNEL32(C:\Program Files (x86)\Wildix\WIService\lua,\*.*,C:\Program Files (x86)\Wildix\WIService\lua,?,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405849
                                                                                                                              • lstrcatA.KERNEL32(?,0040A014,?,C:\Program Files (x86)\Wildix\WIService\lua,?,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040586A
                                                                                                                              • lstrlenA.KERNEL32(?,?,0040A014,?,C:\Program Files (x86)\Wildix\WIService\lua,?,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405870
                                                                                                                              • FindFirstFileA.KERNELBASE(C:\Program Files (x86)\Wildix\WIService\lua,?,?,?,0040A014,?,C:\Program Files (x86)\Wildix\WIService\lua,?,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405881
                                                                                                                              • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 0040592E
                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0040593F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                              • String ID: "C:\Users\user\Desktop\SetupWIService.exe"$C:\Program Files (x86)\Wildix\WIService\lua$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                              • API String ID: 2035342205-2885822244
                                                                                                                              • Opcode ID: 2683fea5af7fdc3d0ee3d5ea6d34bfce251760fda2a5c41c4c388f4f242317a9
                                                                                                                              • Instruction ID: b1b2ef924c21ee39ce724be99c412cdb4e11523259fae964be374fa5306f8f12
                                                                                                                              • Opcode Fuzzy Hash: 2683fea5af7fdc3d0ee3d5ea6d34bfce251760fda2a5c41c4c388f4f242317a9
                                                                                                                              • Instruction Fuzzy Hash: 9A51A171800A04EADB216B618C45BBF7AB8DF42728F14807BF845B51D1C73C4982DE6A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402138 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 74%
                                                                                                                              			E00402138(void* __eflags) {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x10) = E00402B2C(0xfffffff0);
				 *(_t111 - 0xc) = E00402B2C(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x44)) = E00402B2C(2);
				 *((intOrPtr*)(_t111 - 0x40)) = E00402B2C(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x4c)) = E00402B2C(0x45);
				_t55 =  *(_t111 - 0x24);
				 *(_t111 - 0x88) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x3c) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405A15( *(_t111 - 0xc)) == 0) {
					E00402B2C(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x40851c, _t87, 1, 0x40850c, _t59); // executed
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x40852c, _t111 - 0x1c);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Program Files (x86)\\Wildix\\WIService");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x3c));
						_t95 =  *((intOrPtr*)(_t111 - 0x40));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x88));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x44)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x4c)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x10), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x1c));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x1c));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                                                                                                              0x00402141
                                                                                                                              0x0040214b
                                                                                                                              0x00402155
                                                                                                                              0x0040215f
                                                                                                                              0x0040216a
                                                                                                                              0x0040216d
                                                                                                                              0x00402187
                                                                                                                              0x0040218d
                                                                                                                              0x00402193
                                                                                                                              0x00402196
                                                                                                                              0x004021a0
                                                                                                                              0x004021a4
                                                                                                                              0x004021a4
                                                                                                                              0x004021a9
                                                                                                                              0x004021ba
                                                                                                                              0x004021c2
                                                                                                                              0x0040229b
                                                                                                                              0x0040229b
                                                                                                                              0x004022a2
                                                                                                                              0x004021c8
                                                                                                                              0x004021c8
                                                                                                                              0x004021d7
                                                                                                                              0x004021db
                                                                                                                              0x004021de
                                                                                                                              0x004021e4
                                                                                                                              0x004021f2
                                                                                                                              0x004021f5
                                                                                                                              0x004021f7
                                                                                                                              0x00402202
                                                                                                                              0x00402202
                                                                                                                              0x00402207
                                                                                                                              0x00402209
                                                                                                                              0x00402210
                                                                                                                              0x00402210
                                                                                                                              0x00402213
                                                                                                                              0x0040221c
                                                                                                                              0x0040221f
                                                                                                                              0x00402224
                                                                                                                              0x00402226
                                                                                                                              0x00402233
                                                                                                                              0x00402233
                                                                                                                              0x00402236
                                                                                                                              0x0040223f
                                                                                                                              0x00402242
                                                                                                                              0x0040224b
                                                                                                                              0x00402251
                                                                                                                              0x00402258
                                                                                                                              0x00402271
                                                                                                                              0x00402273
                                                                                                                              0x00402281
                                                                                                                              0x00402281
                                                                                                                              0x00402271
                                                                                                                              0x00402284
                                                                                                                              0x0040228a
                                                                                                                              0x0040228a
                                                                                                                              0x0040228d
                                                                                                                              0x00402293
                                                                                                                              0x00402299
                                                                                                                              0x004022ae
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402299
                                                                                                                              0x004022a4
                                                                                                                              0x004029bb
                                                                                                                              0x004029c7

                                                                                                                              APIs
                                                                                                                              • CoCreateInstance.OLE32(0040851C,?,00000001,0040850C,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021BA
                                                                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,0040850C,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402269
                                                                                                                              Strings
                                                                                                                              • C:\Program Files (x86)\Wildix\WIService, xrefs: 004021FA
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                              • String ID: C:\Program Files (x86)\Wildix\WIService
                                                                                                                              • API String ID: 123533781-4211190453
                                                                                                                              • Opcode ID: 5e26a4cef9836c5db1ff9a72d0abbf1eb8f5a6fdc757ce25d6c6e23b25beee3e
                                                                                                                              • Instruction ID: 754b6e0833e3014b2c682637ef6945f2e05814b0a8fe180c789646af90cdafbf
                                                                                                                              • Opcode Fuzzy Hash: 5e26a4cef9836c5db1ff9a72d0abbf1eb8f5a6fdc757ce25d6c6e23b25beee3e
                                                                                                                              • Instruction Fuzzy Hash: DD510771A00209AFCB04DFE4C988A9D7BB5EF48314F2045BAF515EB2D1DB799941CF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406313 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00406313(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x42c0c0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2); // executed
				return 0x42c0c0;
			}




                                                                                                                              0x0040631e
                                                                                                                              0x00406327
                                                                                                                              0x00000000
                                                                                                                              0x00406334
                                                                                                                              0x0040632a
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • FindFirstFileA.KERNELBASE(74D0FA90,0042C0C0,C:\,00405AD9,C:\,C:\,00000000,C:\,C:\,74D0FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,74D0FA90,C:\Users\user\AppData\Local\Temp\), ref: 0040631E
                                                                                                                              • FindClose.KERNELBASE(00000000), ref: 0040632A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                              • String ID: C:\
                                                                                                                              • API String ID: 2295610775-3404278061
                                                                                                                              • Opcode ID: 1839775ab65f4c7429e333cf5f3a5f1104f42c23ffe018d7624b5080913ebc3e
                                                                                                                              • Instruction ID: f1da5dbc8fb4190b670de1866088b9aea297c62f24eccc1d76d376cb4bf46ee5
                                                                                                                              • Opcode Fuzzy Hash: 1839775ab65f4c7429e333cf5f3a5f1104f42c23ffe018d7624b5080913ebc3e
                                                                                                                              • Instruction Fuzzy Hash: A8D0123250A030ABC350177C7E0C88F7A989F163347218A36F4A6F21E0C7348C2286DC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402765 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 41%
                                                                                                                              			E00402765(char __ebx, char* __edi, char* __esi) {
				void* _t6;
				void* _t19;

				_t6 = FindFirstFileA(E00402B2C(2), _t19 - 0x1c8); // executed
				if(_t6 != 0xffffffff) {
					E00405F6E(__edi, _t6);
					_push(_t19 - 0x19c);
					_push(__esi);
					E00406010();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}





                                                                                                                              0x00402774
                                                                                                                              0x0040277d
                                                                                                                              0x00402791
                                                                                                                              0x0040279c
                                                                                                                              0x0040279d
                                                                                                                              0x004028d6
                                                                                                                              0x0040277f
                                                                                                                              0x0040277f
                                                                                                                              0x00402781
                                                                                                                              0x00402783
                                                                                                                              0x00402783
                                                                                                                              0x004029bb
                                                                                                                              0x004029c7

                                                                                                                              APIs
                                                                                                                              • FindFirstFileA.KERNELBASE(00000000,?,00000002), ref: 00402774
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileFindFirst
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1974802433-0
                                                                                                                              • Opcode ID: d49b052ccc37abe76686d4a71a1dd7afab77a5349bca0cf12c91bef43c1fe758
                                                                                                                              • Instruction ID: 5c82bf4159fd1739121f93a17669663fbe331ae18c29918af2b78fc5806f8225
                                                                                                                              • Opcode Fuzzy Hash: d49b052ccc37abe76686d4a71a1dd7afab77a5349bca0cf12c91bef43c1fe758
                                                                                                                              • Instruction Fuzzy Hash: 39F0EC725441009BD301EB749A49AFEB77CEF15324F60017BE141F21C1D6F84945D77A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403BCA Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 185 403bca-403bdc 186 403be2-403be8 185->186 187 403d1d-403d2c 185->187 186->187 188 403bee-403bf7 186->188 189 403d7b-403d90 187->189 190 403d2e-403d69 GetDlgItem * 2 call 40409e KiUserCallbackDispatcher call 40140b 187->190 191 403bf9-403c06 SetWindowPos 188->191 192 403c0c-403c0f 188->192 194 403dd0-403dd5 call 4040ea 189->194 195 403d92-403d95 189->195 211 403d6e-403d76 190->211 191->192 197 403c11-403c23 ShowWindow 192->197 198 403c29-403c2f 192->198 202 403dda-403df5 194->202 200 403d97-403da2 call 401389 195->200 201 403dc8-403dca 195->201 197->198 203 403c31-403c46 DestroyWindow 198->203 204 403c4b-403c4e 198->204 200->201 222 403da4-403dc3 SendMessageA 200->222 201->194 207 40406b 201->207 208 403df7-403df9 call 40140b 202->208 209 403dfe-403e04 202->209 210 404048-40404e 203->210 213 403c50-403c5c SetWindowLongA 204->213 214 403c61-403c67 204->214 212 40406d-404074 207->212 208->209 218 404029-404042 DestroyWindow EndDialog 209->218 219 403e0a-403e15 209->219 210->207 217 404050-404056 210->217 211->189 213->212 220 403d0a-403d18 call 404105 214->220 221 403c6d-403c7e GetDlgItem 214->221 217->207 224 404058-404061 ShowWindow 217->224 218->210 219->218 225 403e1b-403e68 call 406032 call 40409e * 3 GetDlgItem 219->225 220->212 226 403c80-403c97 SendMessageA IsWindowEnabled 221->226 227 403c9d-403ca0 221->227 222->212 224->207 255 403e72-403eae ShowWindow KiUserCallbackDispatcher call 4040c0 EnableWindow 225->255 256 403e6a-403e6f 225->256 226->207 226->227 230 403ca2-403ca3 227->230 231 403ca5-403ca8 227->231 233 403cd3-403cd8 call 404077 230->233 234 403cb6-403cbb 231->234 235 403caa-403cb0 231->235 233->220 236 403cf1-403d04 SendMessageA 234->236 238 403cbd-403cc3 234->238 235->236 237 403cb2-403cb4 235->237 236->220 237->233 241 403cc5-403ccb call 40140b 238->241 242 403cda-403ce3 call 40140b 238->242 251 403cd1 241->251 242->220 252 403ce5-403cef 242->252 251->233 252->251 259 403eb0-403eb1 255->259 260 403eb3 255->260 256->255 261 403eb5-403ee3 GetSystemMenu EnableMenuItem SendMessageA 259->261 260->261 262 403ee5-403ef6 SendMessageA 261->262 263 403ef8 261->263 264 403efe-403f38 call 4040d3 call 403bab call 406010 lstrlenA call 406032 SetWindowTextA call 401389 262->264 263->264 264->202 275 403f3e-403f40 264->275 275->202 276 403f46-403f4a 275->276 277 403f69-403f7d DestroyWindow 276->277 278 403f4c-403f52 276->278 277->210 280 403f83-403fb0 CreateDialogParamA 277->280 278->207 279 403f58-403f5e 278->279 279->202 281 403f64 279->281 280->210 282 403fb6-40400d call 40409e GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 280->282 281->207 282->207 287 40400f-404022 ShowWindow call 4040ea 282->287 289 404027 287->289 289->210
                                                                                                                              C-Code - Quality: 84%
                                                                                                                              			E00403BCA(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t142;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x42a858 = _t35;
					if(_t116 == 0x110) {
						 *0x42f408 = _t126;
						 *0x42a86c = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x429838 = _t92;
						E0040409E(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x42ebe8); // executed
						 *0x42ebcc = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42a858 = 1;
					}
					_t123 =  *0x40a1dc; // 0x1
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x42f440;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E004040EA(0x40b);
						while(1) {
							_t37 =  *0x42a858; // 0x1
							 *0x40a1dc =  *0x40a1dc + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x40a1dc; // 0x1
							__eflags = _t39 -  *0x42f444;
							if(_t39 ==  *0x42f444) {
								E0040140B(1);
							}
							__eflags =  *0x42ebcc - _t134; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a1dc -  *0x42f444; // 0x1
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E00406032(_t117, _t126, _t131, 0x437800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E0040409E(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E0040409E(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E0040409E(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x42f4ac - _t134;
							_v32 = _t49;
							if( *0x42f4ac != _t134) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008); // executed
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100); // executed
							E004040C0(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x429838, _t118);
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x42f4ac - _t134;
							if( *0x42f4ac == _t134) {
								_push( *0x42a86c);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x429838);
							}
							E004040D3();
							E00406010(0x42a870, E00403BAB());
							E00406032(0x42a870, _t126, _t131,  &(0x42a870[lstrlenA(0x42a870)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x42a870); // executed
							_push(_t134);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)));
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x42ebd8); // executed
									 *0x42a048 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x42f400,  *_t131 +  *0x42ebe0 & 0x0000ffff, _t126,  *(0x40a1e0 +  *(_t131 + 4) * 4), _t131); // executed
									__eflags = _t74 - _t134;
									 *0x42ebd8 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E0040409E(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x42ebd8, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									_push(_t134);
									E00401389( *((intOrPtr*)(_t131 + 0xc)));
									__eflags =  *0x42ebcc - _t134; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x42ebd8, 8); // executed
									E004040EA(0x405);
									goto L58;
								}
								__eflags =  *0x42f4ac - _t134;
								if( *0x42f4ac != _t134) {
									goto L61;
								}
								__eflags =  *0x42f4a0 - _t134;
								if( *0x42f4a0 != _t134) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x42ebd8);
						 *0x42f408 = _t134;
						EndDialog(_t126,  *0x429c40);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)));
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x42ebd8, 0x40f, 0, 1);
						__eflags =  *0x42ebcc - _t134; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x42a850, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x42a850,  ~(_a12 - 1) & _t116);
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E00404105(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x42ebd8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42f4ac - _t134;
										if( *0x42f4ac == _t134) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x429c40 = 1;
											L21:
											_push(0x78);
											L22:
											E00404077();
											goto L26;
										}
										E0040140B(_t128);
										 *0x429c40 = _t128;
										goto L21;
									}
									__eflags =  *0x40a1dc - _t134; // 0x1
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x42ebd8);
						 *0x42ebd8 = _a12;
						L58:
						_t142 =  *0x42b870 - _t134; // 0x1
						if(_t142 == 0) {
							_t143 =  *0x42ebd8 - _t134; // 0x1041c
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa); // executed
								 *0x42b870 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                                                                                                                              0x00403bd3
                                                                                                                              0x00403bdc
                                                                                                                              0x00403d1d
                                                                                                                              0x00403d21
                                                                                                                              0x00403d25
                                                                                                                              0x00403d27
                                                                                                                              0x00403d2c
                                                                                                                              0x00403d37
                                                                                                                              0x00403d42
                                                                                                                              0x00403d47
                                                                                                                              0x00403d49
                                                                                                                              0x00403d4b
                                                                                                                              0x00403d4e
                                                                                                                              0x00403d53
                                                                                                                              0x00403d61
                                                                                                                              0x00403d6e
                                                                                                                              0x00403d75
                                                                                                                              0x00403d75
                                                                                                                              0x00403d76
                                                                                                                              0x00403d76
                                                                                                                              0x00403d7b
                                                                                                                              0x00403d81
                                                                                                                              0x00403d88
                                                                                                                              0x00403d8e
                                                                                                                              0x00403d90
                                                                                                                              0x00403dd0
                                                                                                                              0x00403dd5
                                                                                                                              0x00403dda
                                                                                                                              0x00403dda
                                                                                                                              0x00403ddf
                                                                                                                              0x00403de8
                                                                                                                              0x00403dea
                                                                                                                              0x00403def
                                                                                                                              0x00403df5
                                                                                                                              0x00403df9
                                                                                                                              0x00403df9
                                                                                                                              0x00403dfe
                                                                                                                              0x00403e04
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403e0f
                                                                                                                              0x00403e15
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403e1e
                                                                                                                              0x00403e26
                                                                                                                              0x00403e2b
                                                                                                                              0x00403e2e
                                                                                                                              0x00403e34
                                                                                                                              0x00403e39
                                                                                                                              0x00403e3c
                                                                                                                              0x00403e42
                                                                                                                              0x00403e47
                                                                                                                              0x00403e4a
                                                                                                                              0x00403e50
                                                                                                                              0x00403e58
                                                                                                                              0x00403e5e
                                                                                                                              0x00403e64
                                                                                                                              0x00403e68
                                                                                                                              0x00403e6f
                                                                                                                              0x00403e6f
                                                                                                                              0x00403e6f
                                                                                                                              0x00403e79
                                                                                                                              0x00403e8b
                                                                                                                              0x00403e97
                                                                                                                              0x00403e9c
                                                                                                                              0x00403ea6
                                                                                                                              0x00403eac
                                                                                                                              0x00403eae
                                                                                                                              0x00403eb3
                                                                                                                              0x00403eb0
                                                                                                                              0x00403eb0
                                                                                                                              0x00403eb0
                                                                                                                              0x00403ec3
                                                                                                                              0x00403edb
                                                                                                                              0x00403edd
                                                                                                                              0x00403ee3
                                                                                                                              0x00403ef8
                                                                                                                              0x00403ee5
                                                                                                                              0x00403eee
                                                                                                                              0x00403ef0
                                                                                                                              0x00403ef0
                                                                                                                              0x00403efe
                                                                                                                              0x00403f0f
                                                                                                                              0x00403f20
                                                                                                                              0x00403f27
                                                                                                                              0x00403f2d
                                                                                                                              0x00403f31
                                                                                                                              0x00403f36
                                                                                                                              0x00403f38
                                                                                                                              0x00000000
                                                                                                                              0x00403f3e
                                                                                                                              0x00403f3e
                                                                                                                              0x00403f40
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403f46
                                                                                                                              0x00403f4a
                                                                                                                              0x00403f6f
                                                                                                                              0x00403f75
                                                                                                                              0x00403f7b
                                                                                                                              0x00403f7d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403fa3
                                                                                                                              0x00403fa9
                                                                                                                              0x00403fab
                                                                                                                              0x00403fb0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403fb6
                                                                                                                              0x00403fb9
                                                                                                                              0x00403fbc
                                                                                                                              0x00403fd3
                                                                                                                              0x00403fdf
                                                                                                                              0x00403ff8
                                                                                                                              0x00403ffe
                                                                                                                              0x00404002
                                                                                                                              0x00404007
                                                                                                                              0x0040400d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404017
                                                                                                                              0x00404022
                                                                                                                              0x00000000
                                                                                                                              0x00404022
                                                                                                                              0x00403f4c
                                                                                                                              0x00403f52
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403f58
                                                                                                                              0x00403f5e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403f64
                                                                                                                              0x00403f38
                                                                                                                              0x0040402f
                                                                                                                              0x0040403b
                                                                                                                              0x00404042
                                                                                                                              0x00000000
                                                                                                                              0x00403d92
                                                                                                                              0x00403d92
                                                                                                                              0x00403d95
                                                                                                                              0x00403dc8
                                                                                                                              0x00403dc8
                                                                                                                              0x00403dca
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403dca
                                                                                                                              0x00403d97
                                                                                                                              0x00403d9b
                                                                                                                              0x00403da0
                                                                                                                              0x00403da2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403db2
                                                                                                                              0x00403dba
                                                                                                                              0x00000000
                                                                                                                              0x00403dc0
                                                                                                                              0x00403bee
                                                                                                                              0x00403bee
                                                                                                                              0x00403bf2
                                                                                                                              0x00403bf7
                                                                                                                              0x00403c06
                                                                                                                              0x00403c06
                                                                                                                              0x00403c0f
                                                                                                                              0x00403c18
                                                                                                                              0x00403c23
                                                                                                                              0x00403c23
                                                                                                                              0x00403c2f
                                                                                                                              0x00403c4b
                                                                                                                              0x00403c4e
                                                                                                                              0x00403c61
                                                                                                                              0x00403c67
                                                                                                                              0x00403d0a
                                                                                                                              0x00000000
                                                                                                                              0x00403d13
                                                                                                                              0x00403c6d
                                                                                                                              0x00403c7a
                                                                                                                              0x00403c7c
                                                                                                                              0x00403c7e
                                                                                                                              0x00403c9d
                                                                                                                              0x00403c9d
                                                                                                                              0x00403ca0
                                                                                                                              0x00403ca5
                                                                                                                              0x00403ca8
                                                                                                                              0x00403cb8
                                                                                                                              0x00403cb9
                                                                                                                              0x00403cbb
                                                                                                                              0x00403cf1
                                                                                                                              0x00403d04
                                                                                                                              0x00000000
                                                                                                                              0x00403d04
                                                                                                                              0x00403cbd
                                                                                                                              0x00403cc3
                                                                                                                              0x00403cdc
                                                                                                                              0x00403ce1
                                                                                                                              0x00403ce3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403ce5
                                                                                                                              0x00403cd1
                                                                                                                              0x00403cd1
                                                                                                                              0x00403cd3
                                                                                                                              0x00403cd3
                                                                                                                              0x00000000
                                                                                                                              0x00403cd3
                                                                                                                              0x00403cc6
                                                                                                                              0x00403ccb
                                                                                                                              0x00000000
                                                                                                                              0x00403ccb
                                                                                                                              0x00403caa
                                                                                                                              0x00403cb0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403cb2
                                                                                                                              0x00000000
                                                                                                                              0x00403cb2
                                                                                                                              0x00403ca2
                                                                                                                              0x00000000
                                                                                                                              0x00403ca2
                                                                                                                              0x00403c88
                                                                                                                              0x00403c8f
                                                                                                                              0x00403c95
                                                                                                                              0x00403c97
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403c97
                                                                                                                              0x00403c53
                                                                                                                              0x00000000
                                                                                                                              0x00403c31
                                                                                                                              0x00403c37
                                                                                                                              0x00403c41
                                                                                                                              0x00404048
                                                                                                                              0x00404048
                                                                                                                              0x0040404e
                                                                                                                              0x00404050
                                                                                                                              0x00404056
                                                                                                                              0x0040405b
                                                                                                                              0x00404061
                                                                                                                              0x00404061
                                                                                                                              0x00404056
                                                                                                                              0x0040406b
                                                                                                                              0x00000000
                                                                                                                              0x0040406b
                                                                                                                              0x00403c2f

                                                                                                                              APIs
                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403C06
                                                                                                                              • ShowWindow.USER32(?), ref: 00403C23
                                                                                                                              • DestroyWindow.USER32 ref: 00403C37
                                                                                                                              • SetWindowLongA.USER32 ref: 00403C53
                                                                                                                              • GetDlgItem.USER32 ref: 00403C74
                                                                                                                              • SendMessageA.USER32 ref: 00403C88
                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00403C8F
                                                                                                                              • GetDlgItem.USER32 ref: 00403D3D
                                                                                                                              • GetDlgItem.USER32 ref: 00403D47
                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403D61
                                                                                                                              • SendMessageA.USER32 ref: 00403DB2
                                                                                                                              • GetDlgItem.USER32 ref: 00403E58
                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 00403E79
                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403E8B
                                                                                                                              • EnableWindow.USER32(?,?), ref: 00403EA6
                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403EBC
                                                                                                                              • EnableMenuItem.USER32 ref: 00403EC3
                                                                                                                              • SendMessageA.USER32 ref: 00403EDB
                                                                                                                              • SendMessageA.USER32 ref: 00403EEE
                                                                                                                              • lstrlenA.KERNEL32(Wildix WIService v2.15.2 Setup: Completed,?,Wildix WIService v2.15.2 Setup: Completed,00000000), ref: 00403F18
                                                                                                                              • SetWindowTextA.USER32(?,Wildix WIService v2.15.2 Setup: Completed), ref: 00403F27
                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 0040405B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$Item$MessageSend$Show$CallbackDispatcherEnableMenuUser$DestroyEnabledLongSystemTextlstrlen
                                                                                                                              • String ID: Wildix WIService v2.15.2 Setup: Completed
                                                                                                                              • API String ID: 3906175533-2136058454
                                                                                                                              • Opcode ID: 5ffd1eee2a53c0bce8439eebe02f74cc0bfe9fdaa9e9cbb129ddddf772baf92f
                                                                                                                              • Instruction ID: 8391a727dd330e9af47019fb45b898bbd0b6ec160f5193fdc8e4d7e88c7c5567
                                                                                                                              • Opcode Fuzzy Hash: 5ffd1eee2a53c0bce8439eebe02f74cc0bfe9fdaa9e9cbb129ddddf772baf92f
                                                                                                                              • Instruction Fuzzy Hash: 39C1B171600704AFDB20AF62EE45E2B3AA9FB95706F40043EF642B51E1CB799852DB1D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040382D Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 290 40382d-403845 call 4063a8 293 403847-403857 call 405f6e 290->293 294 403859-40388a call 405ef7 290->294 302 4038ad-4038d6 call 403af2 call 405a96 293->302 298 4038a2-4038a8 lstrcatA 294->298 299 40388c-40389d call 405ef7 294->299 298->302 299->298 308 4038dc-4038e1 302->308 309 40395d-403965 call 405a96 302->309 308->309 310 4038e3-4038fb call 405ef7 308->310 315 403973-403998 LoadImageA 309->315 316 403967-40396e call 406032 309->316 314 403900-403907 310->314 314->309 320 403909-40390b 314->320 318 403a19-403a21 call 40140b 315->318 319 40399a-4039ca RegisterClassA 315->319 316->315 333 403a23-403a26 318->333 334 403a2b-403a36 call 403af2 318->334 321 4039d0-403a14 SystemParametersInfoA CreateWindowExA 319->321 322 403ae8 319->322 324 40391c-403928 lstrlenA 320->324 325 40390d-40391a call 4059d3 320->325 321->318 327 403aea-403af1 322->327 328 403950-403958 call 4059a8 call 406010 324->328 329 40392a-403938 lstrcmpiA 324->329 325->324 328->309 329->328 332 40393a-403944 GetFileAttributesA 329->332 336 403946-403948 332->336 337 40394a-40394b call 4059ef 332->337 333->327 343 403a3c-403a56 ShowWindow call 40633a 334->343 344 403abf-403ac0 call 405209 334->344 336->328 336->337 337->328 351 403a62-403a74 GetClassInfoA 343->351 352 403a58-403a5d call 40633a 343->352 347 403ac5-403ac7 344->347 349 403ae1-403ae3 call 40140b 347->349 350 403ac9-403acf 347->350 349->322 350->333 355 403ad5-403adc call 40140b 350->355 353 403a76-403a86 GetClassInfoA RegisterClassA 351->353 354 403a8c-403aaf DialogBoxParamA call 40140b 351->354 352->351 353->354 360 403ab4-403abd call 40377d 354->360 355->333 360->327
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E0040382D(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x42f414;
				_t17 = E004063A8(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x42a870;
					"1033" = 0x30;
					 *0x436001 = 0x78;
					 *0x436002 = 0;
					E00405EF7(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a870, 0);
					__eflags =  *0x42a870; // 0x57
					if(__eflags == 0) {
						E00405EF7(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M00408362, 0x42a870, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					E00405F6E("1033",  *_t17() & 0x0000ffff);
				}
				E00403AF2(_t71, _t84);
				_t80 = "C:\\Program Files (x86)\\Wildix\\WIService";
				 *0x42f4a0 =  *0x42f41c & 0x00000020;
				 *0x42f4bc = 0x10000;
				if(E00405A96(_t84, "C:\\Program Files (x86)\\Wildix\\WIService") != 0) {
					L16:
					if(E00405A96(_t92, _t80) == 0) {
						E00406032(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118))); // executed
					}
					_t25 = LoadImageA( *0x42f400, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x42ebe8 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403AF2(_t71, __eflags);
							__eflags =  *0x42f4c0;
							if( *0x42f4c0 != 0) {
								_t28 = E00405209(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42ebcc; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42a850, 5); // executed
							_t34 = E0040633A("RichEd20"); // executed
							__eflags = _t34;
							if(_t34 == 0) {
								E0040633A("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x42eba0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x42eba0);
								 *0x42ebc4 = _t81;
								RegisterClassA(0x42eba0);
							}
							_t36 =  *0x42ebe0; // 0x0
							_t39 = DialogBoxParamA( *0x42f400, _t36 + 0x00000069 & 0x0000ffff, 0, E00403BCA, 0); // executed
							E0040377D(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x42f400;
						 *0x42eba4 = E00401000;
						 *0x42ebb0 =  *0x42f400;
						 *0x42ebb4 = _t25;
						 *0x42ebc4 = 0x40a1f4;
						if(RegisterClassA(0x42eba0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x42a850 = CreateWindowExA(0x80, 0x40a1f4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42f400, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x42e3a0;
					E00405EF7(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x42f458, 0x42e3a0, 0);
					_t57 =  *0x42e3a0; // 0x3a
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x42e3a1;
						 *((char*)(E004059D3(0x42e3a1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00406010(_t80, E004059A8(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E004059EF(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                                                              0x00403833
                                                                                                                              0x0040383c
                                                                                                                              0x00403843
                                                                                                                              0x00403845
                                                                                                                              0x00403859
                                                                                                                              0x0040386b
                                                                                                                              0x00403872
                                                                                                                              0x00403879
                                                                                                                              0x0040387f
                                                                                                                              0x00403884
                                                                                                                              0x0040388a
                                                                                                                              0x0040389d
                                                                                                                              0x0040389d
                                                                                                                              0x004038a8
                                                                                                                              0x00403847
                                                                                                                              0x00403852
                                                                                                                              0x00403852
                                                                                                                              0x004038ad
                                                                                                                              0x004038b7
                                                                                                                              0x004038c0
                                                                                                                              0x004038c5
                                                                                                                              0x004038d6
                                                                                                                              0x0040395d
                                                                                                                              0x00403965
                                                                                                                              0x0040396e
                                                                                                                              0x0040396e
                                                                                                                              0x00403984
                                                                                                                              0x0040398a
                                                                                                                              0x00403998
                                                                                                                              0x00403a19
                                                                                                                              0x00403a21
                                                                                                                              0x00403a2b
                                                                                                                              0x00403a30
                                                                                                                              0x00403a36
                                                                                                                              0x00403ac0
                                                                                                                              0x00403ac5
                                                                                                                              0x00403ac7
                                                                                                                              0x00403ae3
                                                                                                                              0x00000000
                                                                                                                              0x00403ae3
                                                                                                                              0x00403ac9
                                                                                                                              0x00403acf
                                                                                                                              0x00403ad7
                                                                                                                              0x00403ad7
                                                                                                                              0x00000000
                                                                                                                              0x00403acf
                                                                                                                              0x00403a44
                                                                                                                              0x00403a4f
                                                                                                                              0x00403a54
                                                                                                                              0x00403a56
                                                                                                                              0x00403a5d
                                                                                                                              0x00403a5d
                                                                                                                              0x00403a68
                                                                                                                              0x00403a70
                                                                                                                              0x00403a72
                                                                                                                              0x00403a74
                                                                                                                              0x00403a7d
                                                                                                                              0x00403a80
                                                                                                                              0x00403a86
                                                                                                                              0x00403a86
                                                                                                                              0x00403a8c
                                                                                                                              0x00403aa5
                                                                                                                              0x00403ab6
                                                                                                                              0x00000000
                                                                                                                              0x00403abb
                                                                                                                              0x00403a23
                                                                                                                              0x00403a25
                                                                                                                              0x00000000
                                                                                                                              0x0040399a
                                                                                                                              0x0040399a
                                                                                                                              0x004039a6
                                                                                                                              0x004039b0
                                                                                                                              0x004039b6
                                                                                                                              0x004039bb
                                                                                                                              0x004039ca
                                                                                                                              0x00403ae8
                                                                                                                              0x00403ae8
                                                                                                                              0x00000000
                                                                                                                              0x00403ae8
                                                                                                                              0x004039d9
                                                                                                                              0x00403a14
                                                                                                                              0x00000000
                                                                                                                              0x00403a14
                                                                                                                              0x004038dc
                                                                                                                              0x004038dc
                                                                                                                              0x004038df
                                                                                                                              0x004038e1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004038eb
                                                                                                                              0x004038fb
                                                                                                                              0x00403900
                                                                                                                              0x00403907
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040390b
                                                                                                                              0x0040390d
                                                                                                                              0x0040391a
                                                                                                                              0x0040391a
                                                                                                                              0x00403922
                                                                                                                              0x00403928
                                                                                                                              0x00403950
                                                                                                                              0x00403958
                                                                                                                              0x00000000
                                                                                                                              0x0040393a
                                                                                                                              0x0040393b
                                                                                                                              0x00403944
                                                                                                                              0x0040394a
                                                                                                                              0x0040394b
                                                                                                                              0x00000000
                                                                                                                              0x0040394b
                                                                                                                              0x00403946
                                                                                                                              0x00403948
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403948
                                                                                                                              0x00403928

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 004063A8: GetModuleHandleA.KERNEL32(?,?,?,004032DE,0000000A), ref: 004063BA
                                                                                                                                • Part of subcall function 004063A8: GetProcAddress.KERNEL32(00000000,?), ref: 004063D5
                                                                                                                              • lstrcatA.KERNEL32(1033,Wildix WIService v2.15.2 Setup: Completed,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix WIService v2.15.2 Setup: Completed,00000000,00000002,74D0FA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SetupWIService.exe",00000000), ref: 004038A8
                                                                                                                              • lstrlenA.KERNEL32(: Completed,?,?,?,: Completed,00000000,C:\Program Files (x86)\Wildix\WIService,1033,Wildix WIService v2.15.2 Setup: Completed,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix WIService v2.15.2 Setup: Completed,00000000,00000002,74D0FA90), ref: 0040391D
                                                                                                                              • lstrcmpiA.KERNEL32(?,.exe,: Completed,?,?,?,: Completed,00000000,C:\Program Files (x86)\Wildix\WIService,1033,Wildix WIService v2.15.2 Setup: Completed,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix WIService v2.15.2 Setup: Completed,00000000), ref: 00403930
                                                                                                                              • GetFileAttributesA.KERNEL32(: Completed), ref: 0040393B
                                                                                                                              • LoadImageA.USER32 ref: 00403984
                                                                                                                                • Part of subcall function 00405F6E: wsprintfA.USER32 ref: 00405F7B
                                                                                                                              • RegisterClassA.USER32 ref: 004039C1
                                                                                                                              • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 004039D9
                                                                                                                              • CreateWindowExA.USER32 ref: 00403A0E
                                                                                                                              • ShowWindow.USER32(00000005,00000000), ref: 00403A44
                                                                                                                              • GetClassInfoA.USER32 ref: 00403A70
                                                                                                                              • GetClassInfoA.USER32 ref: 00403A7D
                                                                                                                              • RegisterClassA.USER32 ref: 00403A86
                                                                                                                              • DialogBoxParamA.USER32 ref: 00403AA5
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                              • String ID: "C:\Users\user\Desktop\SetupWIService.exe"$.DEFAULT\Control Panel\International$.exe$1033$: Completed$C:\Program Files (x86)\Wildix\WIService$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$Wildix WIService v2.15.2 Setup: Completed$_Nb
                                                                                                                              • API String ID: 1975747703-3219227570
                                                                                                                              • Opcode ID: 15822f17e376e41266fbf8a251ac5c412d7bb8a3b85e81a9d7c16052a8cecaf4
                                                                                                                              • Instruction ID: 5bdd09b32da2b5bd11ad56600dd1adb443959310d265eb20ccced3f07ac4f103
                                                                                                                              • Opcode Fuzzy Hash: 15822f17e376e41266fbf8a251ac5c412d7bb8a3b85e81a9d7c16052a8cecaf4
                                                                                                                              • Instruction Fuzzy Hash: B461C770340201AED620BB669D45F2B3E6CEB54749F80447FF981B22E2CB7D9D469B2D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402DC4 Relevance: 29.9, APIs: 5, Strings: 12, Instructions: 181memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 364 402dc4-402e12 GetTickCount GetModuleFileNameA call 405ba9 367 402e14-402e19 364->367 368 402e1e-402e4c call 406010 call 4059ef call 406010 GetFileSize 364->368 369 402ff4-402ff8 367->369 376 402e52 368->376 377 402f37-402f45 call 402d60 368->377 379 402e57-402e6e 376->379 383 402f47-402f4a 377->383 384 402f9a-402f9f 377->384 381 402e70 379->381 382 402e72-402e7b call 40320d 379->382 381->382 391 402fa1-402fa9 call 402d60 382->391 392 402e81-402e88 382->392 386 402f4c-402f64 call 403223 call 40320d 383->386 387 402f6e-402f98 GlobalAlloc call 403223 call 402ffb 383->387 384->369 386->384 414 402f66-402f6c 386->414 387->384 413 402fab-402fbc 387->413 391->384 396 402f04-402f08 392->396 397 402e8a-402e9e call 405b64 392->397 402 402f12-402f18 396->402 403 402f0a-402f11 call 402d60 396->403 397->402 411 402ea0-402ea7 397->411 404 402f27-402f2f 402->404 405 402f1a-402f24 call 40645f 402->405 403->402 404->379 412 402f35 404->412 405->404 411->402 417 402ea9-402eb0 411->417 412->377 418 402fc4-402fc9 413->418 419 402fbe 413->419 414->384 414->387 417->402 420 402eb2-402eb9 417->420 421 402fca-402fd0 418->421 419->418 420->402 422 402ebb-402ec2 420->422 421->421 423 402fd2-402fed SetFilePointer call 405b64 421->423 422->402 424 402ec4-402ee4 422->424 427 402ff2 423->427 424->384 426 402eea-402eee 424->426 428 402ef0-402ef4 426->428 429 402ef6-402efe 426->429 427->369 428->412 428->429 429->402 430 402f00-402f02 429->430 430->402
                                                                                                                              C-Code - Quality: 80%
                                                                                                                              			E00402DC4(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\hardz\\Desktop\\SetupWIService.exe";
				 *0x42f410 = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\hardz\\Desktop\\SetupWIService.exe", 0x400);
				_t89 = E00405BA9(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\hardz\\Desktop";
				E00406010("C:\\Users\\hardz\\Desktop", _t91);
				E00406010("SetupWIService.exe", E004059EF(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x42942c = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402D60(1);
					__eflags =  *0x42f418 - _t82;
					if( *0x42f418 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E00403223( *0x42f418 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402FFB(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x42f414 = _t94;
							 *0x42f41c =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x42f420 =  *0x42f420 + 1;
								__eflags =  *0x42f420;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405B64(0x42f440, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E00403223( *0x41d420);
					_t65 = E0040320D( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x42f418) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E0040320D(0x415420, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00402D60(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42f418;
						if( *0x42f418 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402D60(0);
							}
							goto L20;
						}
						E00405B64( &_v44, 0x415420, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x41d420; // 0x42bfbf
						 *0x42f4c0 =  *0x42f4c0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x42f418 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x40a194
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x42942c; // 0x42e178
						if(__eflags < 0) {
							_v12 = E0040645F(_v12, 0x415420, _t90);
						}
						 *0x41d420 =  *0x41d420 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 != 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}































                                                                                                                              0x00402dcc
                                                                                                                              0x00402dcf
                                                                                                                              0x00402dd2
                                                                                                                              0x00402dd5
                                                                                                                              0x00402ddb
                                                                                                                              0x00402dec
                                                                                                                              0x00402df1
                                                                                                                              0x00402e04
                                                                                                                              0x00402e09
                                                                                                                              0x00402e0c
                                                                                                                              0x00402e12
                                                                                                                              0x00000000
                                                                                                                              0x00402e14
                                                                                                                              0x00402e1f
                                                                                                                              0x00402e25
                                                                                                                              0x00402e36
                                                                                                                              0x00402e3d
                                                                                                                              0x00402e43
                                                                                                                              0x00402e45
                                                                                                                              0x00402e4a
                                                                                                                              0x00402e4c
                                                                                                                              0x00402f37
                                                                                                                              0x00402f39
                                                                                                                              0x00402f3e
                                                                                                                              0x00402f45
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402f47
                                                                                                                              0x00402f4a
                                                                                                                              0x00402f6e
                                                                                                                              0x00402f73
                                                                                                                              0x00402f79
                                                                                                                              0x00402f84
                                                                                                                              0x00402f89
                                                                                                                              0x00402f8c
                                                                                                                              0x00402f8d
                                                                                                                              0x00402f8e
                                                                                                                              0x00402f90
                                                                                                                              0x00402f95
                                                                                                                              0x00402f98
                                                                                                                              0x00402fab
                                                                                                                              0x00402faf
                                                                                                                              0x00402fb7
                                                                                                                              0x00402fbc
                                                                                                                              0x00402fbe
                                                                                                                              0x00402fbe
                                                                                                                              0x00402fbe
                                                                                                                              0x00402fc6
                                                                                                                              0x00402fc6
                                                                                                                              0x00402fc9
                                                                                                                              0x00402fca
                                                                                                                              0x00402fca
                                                                                                                              0x00402fcd
                                                                                                                              0x00402fcf
                                                                                                                              0x00402fcf
                                                                                                                              0x00402fcf
                                                                                                                              0x00402fd9
                                                                                                                              0x00402fdf
                                                                                                                              0x00402fed
                                                                                                                              0x00402ff2
                                                                                                                              0x00000000
                                                                                                                              0x00402ff2
                                                                                                                              0x00000000
                                                                                                                              0x00402f98
                                                                                                                              0x00402f52
                                                                                                                              0x00402f5d
                                                                                                                              0x00402f62
                                                                                                                              0x00402f64
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402f69
                                                                                                                              0x00402f6c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402e52
                                                                                                                              0x00402e57
                                                                                                                              0x00402e5c
                                                                                                                              0x00402e60
                                                                                                                              0x00402e67
                                                                                                                              0x00402e6c
                                                                                                                              0x00402e6e
                                                                                                                              0x00402e70
                                                                                                                              0x00402e70
                                                                                                                              0x00402e74
                                                                                                                              0x00402e79
                                                                                                                              0x00402e7b
                                                                                                                              0x00402fa3
                                                                                                                              0x00402f9a
                                                                                                                              0x00000000
                                                                                                                              0x00402f9a
                                                                                                                              0x00402e81
                                                                                                                              0x00402e88
                                                                                                                              0x00402f04
                                                                                                                              0x00402f08
                                                                                                                              0x00402f0c
                                                                                                                              0x00402f11
                                                                                                                              0x00000000
                                                                                                                              0x00402f08
                                                                                                                              0x00402e91
                                                                                                                              0x00402e96
                                                                                                                              0x00402e99
                                                                                                                              0x00402e9e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402ea0
                                                                                                                              0x00402ea7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402ea9
                                                                                                                              0x00402eb0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402eb2
                                                                                                                              0x00402eb9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402ebb
                                                                                                                              0x00402ec2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402ec4
                                                                                                                              0x00402eca
                                                                                                                              0x00402ed3
                                                                                                                              0x00402ed9
                                                                                                                              0x00402edc
                                                                                                                              0x00402ede
                                                                                                                              0x00402ee4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402eea
                                                                                                                              0x00402eee
                                                                                                                              0x00402ef6
                                                                                                                              0x00402ef6
                                                                                                                              0x00402ef9
                                                                                                                              0x00402ef9
                                                                                                                              0x00402efc
                                                                                                                              0x00402efe
                                                                                                                              0x00402f00
                                                                                                                              0x00402f00
                                                                                                                              0x00000000
                                                                                                                              0x00402efe
                                                                                                                              0x00402ef0
                                                                                                                              0x00402ef4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402f12
                                                                                                                              0x00402f12
                                                                                                                              0x00402f18
                                                                                                                              0x00402f24
                                                                                                                              0x00402f24
                                                                                                                              0x00402f27
                                                                                                                              0x00402f2d
                                                                                                                              0x00402f2d
                                                                                                                              0x00402f2d
                                                                                                                              0x00402f35
                                                                                                                              0x00402f35
                                                                                                                              0x00000000
                                                                                                                              0x00402f35

                                                                                                                              APIs
                                                                                                                              • GetTickCount.KERNEL32 ref: 00402DD5
                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\SetupWIService.exe,00000400), ref: 00402DF1
                                                                                                                                • Part of subcall function 00405BA9: GetFileAttributesA.KERNELBASE(00000003,00402E04,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405BAD
                                                                                                                                • Part of subcall function 00405BA9: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BCF
                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,SetupWIService.exe,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SetupWIService.exe,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00402E3D
                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,00000020), ref: 00402F73
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                              • String ID: TA$"C:\Users\user\Desktop\SetupWIService.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SetupWIService.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$SetupWIService.exe$soft$xB
                                                                                                                              • API String ID: 2803837635-4044973004
                                                                                                                              • Opcode ID: 3c26cd80f5ca0164e146d59bef7a49d427e8a8d66c9553730fc88e5362c2f084
                                                                                                                              • Instruction ID: 027006cf2d98db9fa9c400e5027e86f3261d974ae097fd254c994c4dc937b6e6
                                                                                                                              • Opcode Fuzzy Hash: 3c26cd80f5ca0164e146d59bef7a49d427e8a8d66c9553730fc88e5362c2f084
                                                                                                                              • Instruction Fuzzy Hash: FF51E471900215ABCB20AF64DE89B9F7BB8EB14359F50403BF500B32D1C6BC9E459AAD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406032 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 199stringCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 431 406032-40603d 432 406050-406066 431->432 433 40603f-40604e 431->433 434 406257-40625b 432->434 435 40606c-406077 432->435 433->432 437 406261-40626b 434->437 438 406089-406093 434->438 435->434 436 40607d-406084 435->436 436->434 440 406276-406277 437->440 441 40626d-406271 call 406010 437->441 438->437 439 406099-4060a0 438->439 442 4060a6-4060da 439->442 443 40624a 439->443 441->440 445 4060e0-4060ea 442->445 446 4061f7-4061fa 442->446 447 406254-406256 443->447 448 40624c-406252 443->448 449 406104 445->449 450 4060ec-4060f0 445->450 451 40622a-40622d 446->451 452 4061fc-4061ff 446->452 447->434 448->434 458 40610b-406112 449->458 450->449 455 4060f2-4060f6 450->455 453 40623b-406248 lstrlenA 451->453 454 40622f-406236 call 406032 451->454 456 406201-40620d call 405f6e 452->456 457 40620f-40621b call 406010 452->457 453->434 454->453 455->449 463 4060f8-4060fc 455->463 467 406220-406226 456->467 457->467 459 406114-406116 458->459 460 406117-406119 458->460 459->460 465 406152-406155 460->465 466 40611b-406136 call 405ef7 460->466 463->449 468 4060fe-406102 463->468 472 406165-406168 465->472 473 406157-406163 GetSystemDirectoryA 465->473 474 40613b-40613e 466->474 467->453 471 406228 467->471 468->458 475 4061ef-4061f5 call 40627a 471->475 477 4061d5-4061d7 472->477 478 40616a-406178 GetWindowsDirectoryA 472->478 476 4061d9-4061dc 473->476 479 406144-40614d call 406032 474->479 480 4061de-4061e2 474->480 475->453 476->475 476->480 477->476 481 40617a-406184 477->481 478->477 479->476 480->475 484 4061e4-4061ea lstrcatA 480->484 486 406186-406189 481->486 487 40619e-4061b4 SHGetSpecialFolderLocation 481->487 484->475 486->487 491 40618b-406192 486->491 488 4061d2 487->488 489 4061b6-4061d0 SHGetPathFromIDListA CoTaskMemFree 487->489 488->477 489->476 489->488 492 40619a-40619c 491->492 492->476 492->487
                                                                                                                              C-Code - Quality: 72%
                                                                                                                              			E00406032(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x42ebdc; // 0x75d51b
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 +  *0x42f458;
				_t39 = 0x42e3a0;
				_t90 = 0x42e3a0;
				if(_a4 >= 0x42e3a0 && _a4 - 0x42e3a0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E00406032(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x42e3a0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = (_t97 << 0xa) + 0x430000;
							E00406010(_t90, (_t97 << 0xa) + 0x430000);
						} else {
							E00405F6E(_t90,  *0x42f408);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E0040627A(_t90);
						}
						goto L42;
					}
					_t52 =  *0x42f40c;
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x42f4a4;
						if( *0x42f4a4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x42f404;
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x42f408,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x42f408,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90); // executed
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E00405EF7((_t80 & 0x0000003f) +  *0x42f458, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x42f458, _t90, _t80 & 0x00000040); // executed
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E00406032(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E00406010(_a4, _t39);
			}



























                                                                                                                              0x00406032
                                                                                                                              0x00406032
                                                                                                                              0x00406032
                                                                                                                              0x00406038
                                                                                                                              0x0040603d
                                                                                                                              0x0040603f
                                                                                                                              0x0040604e
                                                                                                                              0x0040604e
                                                                                                                              0x00406056
                                                                                                                              0x00406057
                                                                                                                              0x00406058
                                                                                                                              0x00406059
                                                                                                                              0x0040605c
                                                                                                                              0x00406064
                                                                                                                              0x00406066
                                                                                                                              0x0040607d
                                                                                                                              0x00406080
                                                                                                                              0x00406080
                                                                                                                              0x00406257
                                                                                                                              0x00406257
                                                                                                                              0x0040625b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040608d
                                                                                                                              0x00406093
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406099
                                                                                                                              0x0040609a
                                                                                                                              0x0040609d
                                                                                                                              0x004060a0
                                                                                                                              0x0040624a
                                                                                                                              0x00406254
                                                                                                                              0x00406256
                                                                                                                              0x00406256
                                                                                                                              0x0040624c
                                                                                                                              0x0040624e
                                                                                                                              0x00406250
                                                                                                                              0x00406251
                                                                                                                              0x00406251
                                                                                                                              0x00000000
                                                                                                                              0x0040624a
                                                                                                                              0x004060a6
                                                                                                                              0x004060aa
                                                                                                                              0x004060ba
                                                                                                                              0x004060c1
                                                                                                                              0x004060c4
                                                                                                                              0x004060cc
                                                                                                                              0x004060cf
                                                                                                                              0x004060d6
                                                                                                                              0x004060d7
                                                                                                                              0x004060da
                                                                                                                              0x004061f7
                                                                                                                              0x004061fa
                                                                                                                              0x0040622a
                                                                                                                              0x0040622d
                                                                                                                              0x00406232
                                                                                                                              0x00406236
                                                                                                                              0x00406236
                                                                                                                              0x0040623b
                                                                                                                              0x00406241
                                                                                                                              0x00406243
                                                                                                                              0x00000000
                                                                                                                              0x00406243
                                                                                                                              0x004061fc
                                                                                                                              0x004061ff
                                                                                                                              0x00406214
                                                                                                                              0x0040621b
                                                                                                                              0x00406201
                                                                                                                              0x00406208
                                                                                                                              0x00406208
                                                                                                                              0x00406223
                                                                                                                              0x00406226
                                                                                                                              0x004061ef
                                                                                                                              0x004061f0
                                                                                                                              0x004061f0
                                                                                                                              0x00000000
                                                                                                                              0x00406226
                                                                                                                              0x004060e0
                                                                                                                              0x004060e7
                                                                                                                              0x004060e9
                                                                                                                              0x004060ea
                                                                                                                              0x00406104
                                                                                                                              0x00406104
                                                                                                                              0x0040610b
                                                                                                                              0x0040610b
                                                                                                                              0x00406112
                                                                                                                              0x00406116
                                                                                                                              0x00406116
                                                                                                                              0x00406117
                                                                                                                              0x00406119
                                                                                                                              0x00406152
                                                                                                                              0x00406155
                                                                                                                              0x00406165
                                                                                                                              0x00406168
                                                                                                                              0x00406170
                                                                                                                              0x00406176
                                                                                                                              0x00406176
                                                                                                                              0x004061d5
                                                                                                                              0x004061d5
                                                                                                                              0x004061d7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040617a
                                                                                                                              0x00406181
                                                                                                                              0x00406182
                                                                                                                              0x00406184
                                                                                                                              0x0040619e
                                                                                                                              0x004061ac
                                                                                                                              0x004061b2
                                                                                                                              0x004061b4
                                                                                                                              0x004061d2
                                                                                                                              0x004061d2
                                                                                                                              0x004061d2
                                                                                                                              0x00000000
                                                                                                                              0x004061d2
                                                                                                                              0x004061ba
                                                                                                                              0x004061c3
                                                                                                                              0x004061c6
                                                                                                                              0x004061cc
                                                                                                                              0x004061d0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061d0
                                                                                                                              0x00406186
                                                                                                                              0x00406189
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406198
                                                                                                                              0x0040619a
                                                                                                                              0x0040619c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040619c
                                                                                                                              0x00000000
                                                                                                                              0x004061d5
                                                                                                                              0x0040615d
                                                                                                                              0x00000000
                                                                                                                              0x0040611b
                                                                                                                              0x00406136
                                                                                                                              0x0040613b
                                                                                                                              0x0040613e
                                                                                                                              0x004061de
                                                                                                                              0x004061de
                                                                                                                              0x004061e2
                                                                                                                              0x004061ea
                                                                                                                              0x004061ea
                                                                                                                              0x00000000
                                                                                                                              0x004061e2
                                                                                                                              0x00406148
                                                                                                                              0x004061d9
                                                                                                                              0x004061d9
                                                                                                                              0x004061dc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061dc
                                                                                                                              0x00406119
                                                                                                                              0x004060ec
                                                                                                                              0x004060f0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004060f2
                                                                                                                              0x004060f6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004060f8
                                                                                                                              0x004060fc
                                                                                                                              0x00000000
                                                                                                                              0x004060fe
                                                                                                                              0x004060fe
                                                                                                                              0x00000000
                                                                                                                              0x004060fe
                                                                                                                              0x004060fc
                                                                                                                              0x00406261
                                                                                                                              0x0040626b
                                                                                                                              0x00406277
                                                                                                                              0x00406277
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 0040615D
                                                                                                                              • GetWindowsDirectoryA.KERNEL32(: Completed,00000400,?,Completed,00000000,0040516F,Completed,00000000), ref: 00406170
                                                                                                                              • SHGetSpecialFolderLocation.SHELL32(0040516F,74D0EA30,?,Completed,00000000,0040516F,Completed,00000000), ref: 004061AC
                                                                                                                              • SHGetPathFromIDListA.SHELL32(74D0EA30,: Completed), ref: 004061BA
                                                                                                                              • CoTaskMemFree.OLE32(74D0EA30), ref: 004061C6
                                                                                                                              • lstrcatA.KERNEL32(: Completed,\Microsoft\Internet Explorer\Quick Launch), ref: 004061EA
                                                                                                                              • lstrlenA.KERNEL32(: Completed,?,Completed,00000000,0040516F,Completed,00000000,00000000,007D844C,74D0EA30), ref: 0040623C
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                              • String ID: : Completed$Completed$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                              • API String ID: 717251189-905382516
                                                                                                                              • Opcode ID: b5f21783dff86301b55f28ea11f9c7815398c55a2ca1ca21ed943f87329636d9
                                                                                                                              • Instruction ID: 0eb145c1bee873094c14c85ea59bbbcbcc52f889deb60e0de917f7e6e63be494
                                                                                                                              • Opcode Fuzzy Hash: b5f21783dff86301b55f28ea11f9c7815398c55a2ca1ca21ed943f87329636d9
                                                                                                                              • Instruction Fuzzy Hash: F1610171900114AEDF24AF64CC84BBE3BA5AB15314F52417FE913BA2D2C77C49A2CB5E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 562 401759-40177c call 402b2c call 405a15 567 401786-401798 call 406010 call 4059a8 lstrcatA 562->567 568 40177e-401784 call 406010 562->568 573 40179d-4017a3 call 40627a 567->573 568->573 578 4017a8-4017ac 573->578 579 4017ae-4017b8 call 406313 578->579 580 4017df-4017e2 578->580 588 4017ca-4017dc 579->588 589 4017ba-4017c8 CompareFileTime 579->589 581 4017e4-4017e5 call 405b84 580->581 582 4017ea-401806 call 405ba9 580->582 581->582 590 401808-40180b 582->590 591 40187e-4018a7 call 405137 call 402ffb 582->591 588->580 589->588 592 401860-40186a call 405137 590->592 593 40180d-40184f call 406010 * 2 call 406032 call 406010 call 40572c 590->593 605 4018a9-4018ad 591->605 606 4018af-4018bb SetFileTime 591->606 603 401873-401879 592->603 593->578 625 401855-401856 593->625 608 4029c1 603->608 605->606 607 4018c1-4018cc FindCloseChangeNotification 605->607 606->607 610 4018d2-4018d5 607->610 611 4029b8-4029bb 607->611 612 4029c3-4029c7 608->612 614 4018d7-4018e8 call 406032 lstrcatA 610->614 615 4018ea-4018ed call 406032 610->615 611->608 621 4018f2-402349 614->621 615->621 626 40234e-402353 621->626 627 402349 call 40572c 621->627 625->603 628 401858-401859 625->628 626->612 627->626 628->592
                                                                                                                              C-Code - Quality: 61%
                                                                                                                              			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				CHAR* _t83;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402B2C(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x34) & 0x00000007;
				_t33 = E00405A15(_t82);
				_push(_t82);
				_t83 = "\"C:\\Windows\\explorer.exe\" \"C:\\Program Files (x86)\\Wildix\\WIService\\wiservice.exe\"";
				if(_t33 == 0) {
					lstrcatA(E004059A8(E00406010(_t83, "C:\\Program Files (x86)\\Wildix\\WIService")), ??);
				} else {
					E00406010();
				}
				E0040627A(_t83);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00406313(_t83);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x28);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405B84(_t83);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405BA9(_t83, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00405137(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x42f4a8;
						goto L32;
					} else {
						E00406010(0x40ac18, 0x430000);
						E00406010(0x430000, _t83);
						E00406032(_t75, 0x40ac18, _t83, "C:\Program Files (x86)\Wildix\WIService\proxyex.lnk",  *((intOrPtr*)(_t85 - 0x20)));
						E00406010(0x430000, 0x40ac18);
						_t62 = E0040572C("C:\Program Files (x86)\Wildix\WIService\proxyex.lnk",  *(_t85 - 0x34) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x42f4a8 =  &( *0x42f4a8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(_t83);
								_push(0xfffffffa);
								E00405137();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00405137(0xffffffea,  *(_t85 - 8)); // executed
				 *0x42f4d4 =  *0x42f4d4 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 0xc));
				_push( *((intOrPtr*)(_t85 - 0x2c)));
				_t43 = E00402FFB(); // executed
				 *0x42f4d4 =  *0x42f4d4 - 1;
				__eflags =  *(_t85 - 0x28) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x28) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x28, _t75, _t85 - 0x28); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x24)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x24)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00406032(_t75, _t80, _t83, _t83, 0xffffffee);
					} else {
						E00406032(_t75, _t80, _t83, _t83, 0xffffffe9);
						lstrcatA(_t83,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(_t83);
					E0040572C();
					goto L29;
				}
				goto L33;
			}

















                                                                                                                              0x00401759
                                                                                                                              0x00401760
                                                                                                                              0x00401769
                                                                                                                              0x0040176c
                                                                                                                              0x0040176f
                                                                                                                              0x00401774
                                                                                                                              0x00401775
                                                                                                                              0x0040177c
                                                                                                                              0x00401798
                                                                                                                              0x0040177e
                                                                                                                              0x0040177f
                                                                                                                              0x0040177f
                                                                                                                              0x0040179e
                                                                                                                              0x004017a8
                                                                                                                              0x004017a8
                                                                                                                              0x004017ac
                                                                                                                              0x004017af
                                                                                                                              0x004017b4
                                                                                                                              0x004017b6
                                                                                                                              0x004017b8
                                                                                                                              0x004017bd
                                                                                                                              0x004017bd
                                                                                                                              0x004017c8
                                                                                                                              0x004017c8
                                                                                                                              0x004017d9
                                                                                                                              0x004017db
                                                                                                                              0x004017db
                                                                                                                              0x004017dc
                                                                                                                              0x004017dc
                                                                                                                              0x004017df
                                                                                                                              0x004017e2
                                                                                                                              0x004017e5
                                                                                                                              0x004017e5
                                                                                                                              0x004017ec
                                                                                                                              0x004017fb
                                                                                                                              0x00401800
                                                                                                                              0x00401803
                                                                                                                              0x00401806
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00401808
                                                                                                                              0x0040180b
                                                                                                                              0x00401865
                                                                                                                              0x0040186a
                                                                                                                              0x004015b0
                                                                                                                              0x00402783
                                                                                                                              0x00402783
                                                                                                                              0x004029b8
                                                                                                                              0x004029bb
                                                                                                                              0x004029bb
                                                                                                                              0x00000000
                                                                                                                              0x0040180d
                                                                                                                              0x00401813
                                                                                                                              0x0040181e
                                                                                                                              0x0040182b
                                                                                                                              0x00401836
                                                                                                                              0x0040184c
                                                                                                                              0x0040184c
                                                                                                                              0x0040184f
                                                                                                                              0x00000000
                                                                                                                              0x00401855
                                                                                                                              0x00401855
                                                                                                                              0x00401856
                                                                                                                              0x00401873
                                                                                                                              0x004029c1
                                                                                                                              0x004029c1
                                                                                                                              0x004029c1
                                                                                                                              0x00401858
                                                                                                                              0x00401858
                                                                                                                              0x00401859
                                                                                                                              0x00401492
                                                                                                                              0x0040234e
                                                                                                                              0x0040234e
                                                                                                                              0x0040234e
                                                                                                                              0x00401856
                                                                                                                              0x0040184f
                                                                                                                              0x004029c3
                                                                                                                              0x004029c7
                                                                                                                              0x004029c7
                                                                                                                              0x00401883
                                                                                                                              0x00401888
                                                                                                                              0x0040188e
                                                                                                                              0x0040188f
                                                                                                                              0x00401890
                                                                                                                              0x00401893
                                                                                                                              0x00401896
                                                                                                                              0x0040189b
                                                                                                                              0x004018a1
                                                                                                                              0x004018a5
                                                                                                                              0x004018a7
                                                                                                                              0x004018af
                                                                                                                              0x004018bb
                                                                                                                              0x004018a9
                                                                                                                              0x004018a9
                                                                                                                              0x004018ad
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004018ad
                                                                                                                              0x004018c4
                                                                                                                              0x004018ca
                                                                                                                              0x004018cc
                                                                                                                              0x00000000
                                                                                                                              0x004018d2
                                                                                                                              0x004018d2
                                                                                                                              0x004018d5
                                                                                                                              0x004018ed
                                                                                                                              0x004018d7
                                                                                                                              0x004018da
                                                                                                                              0x004018e3
                                                                                                                              0x004018e3
                                                                                                                              0x004018f2
                                                                                                                              0x004018f7
                                                                                                                              0x00402349
                                                                                                                              0x00000000
                                                                                                                              0x00402349
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • lstrcatA.KERNEL32(00000000,00000000,"C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exe",C:\Program Files (x86)\Wildix\WIService,00000000,00000000,00000031), ref: 00401798
                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,"C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exe","C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exe",00000000,00000000,"C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exe",C:\Program Files (x86)\Wildix\WIService,00000000,00000000,00000031), ref: 004017C2
                                                                                                                                • Part of subcall function 00406010: lstrcpynA.KERNEL32(?,?,00000400,0040333D,Wildix WIService v2.15.2 Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040601D
                                                                                                                                • Part of subcall function 00405137: lstrlenA.KERNEL32(Completed,00000000,007D844C,74D0EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                                                                                • Part of subcall function 00405137: lstrlenA.KERNEL32(00403156,Completed,00000000,007D844C,74D0EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                                                                                • Part of subcall function 00405137: lstrcatA.KERNEL32(Completed,00403156,00403156,Completed,00000000,007D844C,74D0EA30), ref: 00405193
                                                                                                                                • Part of subcall function 00405137: SetWindowTextA.USER32(Completed,Completed), ref: 004051A5
                                                                                                                                • Part of subcall function 00405137: SendMessageA.USER32 ref: 004051CB
                                                                                                                                • Part of subcall function 00405137: SendMessageA.USER32 ref: 004051E5
                                                                                                                                • Part of subcall function 00405137: SendMessageA.USER32 ref: 004051F3
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                              • String ID: "C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exe"$C:\Program Files (x86)\Wildix\WIService$C:\Program Files (x86)\Wildix\WIService\proxyex.lnk$C:\Program Files (x86)\Wildix\WIService\proxyex.lnk
                                                                                                                              • API String ID: 1941528284-1728483264
                                                                                                                              • Opcode ID: cc8a64cde302f3a0d7e4e6b58743aafa825bddb27035146b1d963bb07c31155c
                                                                                                                              • Instruction ID: fcac4804817dd72ce497849c2c59a0292666c96c0e268c836f952ab8254f0f2b
                                                                                                                              • Opcode Fuzzy Hash: cc8a64cde302f3a0d7e4e6b58743aafa825bddb27035146b1d963bb07c31155c
                                                                                                                              • Instruction Fuzzy Hash: 5941E571900114BACF10BBB5CD45E9F3A79EF45369F20823BF412F20E2DA7C8A519A6D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405137 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 629 405137-40514c 630 405202-405206 629->630 631 405152-405164 629->631 632 405166-40516a call 406032 631->632 633 40516f-40517b lstrlenA 631->633 632->633 635 405198-40519c 633->635 636 40517d-40518d lstrlenA 633->636 638 4051ab-4051af 635->638 639 40519e-4051a5 SetWindowTextA 635->639 636->630 637 40518f-405193 lstrcatA 636->637 637->635 640 4051b1-4051f3 SendMessageA * 3 638->640 641 4051f5-4051f7 638->641 639->638 640->641 641->630 642 4051f9-4051fc 641->642 642->630
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405137(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x42ebe4; // 0x10424
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x42f4d4;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00406032(0, _t39, 0x42a050, 0x42a050, _a4);
					}
					_t26 = lstrlenA(0x42a050);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x42ebc8, 0x42a050); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42a050;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52); // executed
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x42a050)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x42a050, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                                              0x0040513d
                                                                                                                              0x00405149
                                                                                                                              0x0040514c
                                                                                                                              0x00405152
                                                                                                                              0x0040515e
                                                                                                                              0x00405161
                                                                                                                              0x00405164
                                                                                                                              0x0040516a
                                                                                                                              0x0040516a
                                                                                                                              0x00405170
                                                                                                                              0x00405178
                                                                                                                              0x0040517b
                                                                                                                              0x00405198
                                                                                                                              0x0040519c
                                                                                                                              0x004051a5
                                                                                                                              0x004051a5
                                                                                                                              0x004051af
                                                                                                                              0x004051b8
                                                                                                                              0x004051c4
                                                                                                                              0x004051cb
                                                                                                                              0x004051cf
                                                                                                                              0x004051d2
                                                                                                                              0x004051e5
                                                                                                                              0x004051f3
                                                                                                                              0x004051f3
                                                                                                                              0x004051f7
                                                                                                                              0x004051f9
                                                                                                                              0x004051fc
                                                                                                                              0x00000000
                                                                                                                              0x004051fc
                                                                                                                              0x0040517d
                                                                                                                              0x00405185
                                                                                                                              0x0040518d
                                                                                                                              0x00405193
                                                                                                                              0x00000000
                                                                                                                              0x00405193
                                                                                                                              0x0040518d
                                                                                                                              0x0040517b
                                                                                                                              0x00405206

                                                                                                                              APIs
                                                                                                                              • lstrlenA.KERNEL32(Completed,00000000,007D844C,74D0EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                                                                              • lstrlenA.KERNEL32(00403156,Completed,00000000,007D844C,74D0EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                                                                              • lstrcatA.KERNEL32(Completed,00403156,00403156,Completed,00000000,007D844C,74D0EA30), ref: 00405193
                                                                                                                              • SetWindowTextA.USER32(Completed,Completed), ref: 004051A5
                                                                                                                              • SendMessageA.USER32 ref: 004051CB
                                                                                                                              • SendMessageA.USER32 ref: 004051E5
                                                                                                                              • SendMessageA.USER32 ref: 004051F3
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                              • String ID: Completed
                                                                                                                              • API String ID: 2531174081-3087654605
                                                                                                                              • Opcode ID: 2f522a59394b9be444cbcacf3a1b4d18be92345b96de9eacb0d1f76aaf85f54b
                                                                                                                              • Instruction ID: 7d4789c60296e211bada9a9e2a19d16c38d622f2d1b0cadef69f4b7d7b7d07eb
                                                                                                                              • Opcode Fuzzy Hash: 2f522a59394b9be444cbcacf3a1b4d18be92345b96de9eacb0d1f76aaf85f54b
                                                                                                                              • Instruction Fuzzy Hash: CE21A971900118BFDB119FA5CD85ADEBFA9EF08354F04807AF844A6291C7398E408FA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004055FD Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 643 4055fd-405648 CreateDirectoryA 644 40564a-40564c 643->644 645 40564e-40565b GetLastError 643->645 646 405675-405677 644->646 645->646 647 40565d-405671 SetFileSecurityA 645->647 647->644 648 405673 GetLastError 647->648 648->646
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004055FD(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40837c;
				_v36.Group = 0x40837c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40836c;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                                                              0x00405608
                                                                                                                              0x0040560c
                                                                                                                              0x0040560f
                                                                                                                              0x00405615
                                                                                                                              0x00405619
                                                                                                                              0x0040561d
                                                                                                                              0x00405625
                                                                                                                              0x0040562c
                                                                                                                              0x00405632
                                                                                                                              0x00405639
                                                                                                                              0x00405640
                                                                                                                              0x00405648
                                                                                                                              0x0040564a
                                                                                                                              0x00000000
                                                                                                                              0x0040564a
                                                                                                                              0x00405654
                                                                                                                              0x0040565b
                                                                                                                              0x00405671
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405673
                                                                                                                              0x00405677

                                                                                                                              APIs
                                                                                                                              • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405640
                                                                                                                              • GetLastError.KERNEL32 ref: 00405654
                                                                                                                              • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405669
                                                                                                                              • GetLastError.KERNEL32 ref: 00405673
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\Desktop, xrefs: 004055FD
                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405623
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                                                                                              • API String ID: 3449924974-3254906087
                                                                                                                              • Opcode ID: 3f07113bbed92aa299f899006a5ac68722d9e9d13463f273e10feef126da3ab7
                                                                                                                              • Instruction ID: eb9787142c6b7489d22a19a099e3bfbf20428df61be735a73e08cf58b85abbae
                                                                                                                              • Opcode Fuzzy Hash: 3f07113bbed92aa299f899006a5ac68722d9e9d13463f273e10feef126da3ab7
                                                                                                                              • Instruction Fuzzy Hash: 89010871C00219EAEF009FA1C904BEFBBB8EB14354F00847AD545B6290DB7996088FA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040633A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 649 40633a-40635a GetSystemDirectoryA 650 40635c 649->650 651 40635e-406360 649->651 650->651 652 406370-406372 651->652 653 406362-40636a 651->653 654 406373-4063a5 wsprintfA LoadLibraryExA 652->654 653->652 655 40636c-40636e 653->655 655->654
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040633A(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                                                                                              0x00406351
                                                                                                                              0x0040635a
                                                                                                                              0x0040635c
                                                                                                                              0x0040635c
                                                                                                                              0x00406360
                                                                                                                              0x00406372
                                                                                                                              0x0040636c
                                                                                                                              0x0040636c
                                                                                                                              0x0040636c
                                                                                                                              0x00406376
                                                                                                                              0x0040638a
                                                                                                                              0x0040639e
                                                                                                                              0x004063a5

                                                                                                                              APIs
                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 00406351
                                                                                                                              • wsprintfA.USER32 ref: 0040638A
                                                                                                                              • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040639E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                              • String ID: %s%s.dll$UXTHEME$\
                                                                                                                              • API String ID: 2200240437-4240819195
                                                                                                                              • Opcode ID: 99878a05f639d6717cee7e73d8174e66263622090e4b33b6bcde024c159c7dc8
                                                                                                                              • Instruction ID: 4d0fdf3fe302aa3e605d302367287b0bc06203fc89102858e08200231af957cf
                                                                                                                              • Opcode Fuzzy Hash: 99878a05f639d6717cee7e73d8174e66263622090e4b33b6bcde024c159c7dc8
                                                                                                                              • Instruction Fuzzy Hash: 9EF0F670510609ABEB24AB74DD0DFEB366CAB08305F14057AAA86E11D1EA78D9358BDC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004027A3 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 38%
                                                                                                                              			E004027A3(void* __ebx, void* __eflags) {
				void* _t26;
				long _t31;
				void* _t32;
				intOrPtr _t39;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402B2C(0xfffffff0);
				 *(_t56 - 0x4c) = _t23;
				if(E00405A15(_t50) == 0) {
					E00402B2C(0xffffffed);
				}
				E00405B84(_t50);
				_t26 = E00405BA9(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x42f418;
					 *(_t56 - 0x1c) = _t31;
					_t32 = GlobalAlloc(0x40, _t31); // executed
					_t49 = _t32;
					if(_t49 != _t45) {
						E00403223(_t45);
						E0040320D(_t49,  *(_t56 - 0x1c));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x2c));
						 *(_t56 - 0x10) = _t54;
						if(_t54 != _t45) {
							_push( *(_t56 - 0x2c));
							_push(_t54);
							_push(_t45);
							_push( *((intOrPtr*)(_t56 - 0x30)));
							E00402FFB(); // executed
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x48) =  *_t54;
								E00405B64( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x48);
							}
							GlobalFree( *(_t56 - 0x10));
						}
						E00405C50( *(_t56 + 8), _t49,  *(_t56 - 0x1c)); // executed
						GlobalFree(_t49);
						_push(_t45);
						_push(_t45);
						_push( *(_t56 + 8));
						_push(0xffffffff); // executed
						_t39 = E00402FFB(); // executed
						 *((intOrPtr*)(_t56 - 0xc)) = _t39;
					}
					FindCloseChangeNotification( *(_t56 + 8)); // executed
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x4c));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}













                                                                                                                              0x004027a3
                                                                                                                              0x004027a5
                                                                                                                              0x004027b1
                                                                                                                              0x004027b4
                                                                                                                              0x004027be
                                                                                                                              0x004027c2
                                                                                                                              0x004027c2
                                                                                                                              0x004027c8
                                                                                                                              0x004027d5
                                                                                                                              0x004027dd
                                                                                                                              0x004027e0
                                                                                                                              0x004027e6
                                                                                                                              0x004027f4
                                                                                                                              0x004027f7
                                                                                                                              0x004027f9
                                                                                                                              0x004027fd
                                                                                                                              0x00402800
                                                                                                                              0x00402809
                                                                                                                              0x00402815
                                                                                                                              0x00402819
                                                                                                                              0x0040281c
                                                                                                                              0x0040281e
                                                                                                                              0x00402821
                                                                                                                              0x00402822
                                                                                                                              0x00402823
                                                                                                                              0x00402826
                                                                                                                              0x00402845
                                                                                                                              0x0040282d
                                                                                                                              0x00402832
                                                                                                                              0x0040283a
                                                                                                                              0x0040283d
                                                                                                                              0x00402842
                                                                                                                              0x00402842
                                                                                                                              0x0040284c
                                                                                                                              0x0040284c
                                                                                                                              0x00402859
                                                                                                                              0x0040285f
                                                                                                                              0x00402865
                                                                                                                              0x00402866
                                                                                                                              0x00402867
                                                                                                                              0x0040286a
                                                                                                                              0x0040286c
                                                                                                                              0x00402871
                                                                                                                              0x00402871
                                                                                                                              0x00402877
                                                                                                                              0x00402877
                                                                                                                              0x00402882
                                                                                                                              0x00402883
                                                                                                                              0x00402887
                                                                                                                              0x0040288b
                                                                                                                              0x00402891
                                                                                                                              0x00402891
                                                                                                                              0x00402898
                                                                                                                              0x004022a4
                                                                                                                              0x004029bb
                                                                                                                              0x004029c7

                                                                                                                              APIs
                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004027F7
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402813
                                                                                                                              • GlobalFree.KERNEL32 ref: 0040284C
                                                                                                                              • GlobalFree.KERNEL32 ref: 0040285F
                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,?,000000F0), ref: 00402877
                                                                                                                              • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040288B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$AllocFree$ChangeCloseDeleteFileFindNotification
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2989416154-0
                                                                                                                              • Opcode ID: d423437e9e5f782c63fddd206f57cae0302ec6232405e06ee6d00e39a8c5ddf5
                                                                                                                              • Instruction ID: 78559feecc0fcc9b474bd36237e9e6194516f5e07b3510cecd676cf0fe7807ca
                                                                                                                              • Opcode Fuzzy Hash: d423437e9e5f782c63fddd206f57cae0302ec6232405e06ee6d00e39a8c5ddf5
                                                                                                                              • Instruction Fuzzy Hash: A4217C72C00224ABCF217FA5CD49DAE7F79EF09364B10823AF520762E1CA7959419F98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402FFB Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 691 402ffb-40300f 692 403011 691->692 693 403018-403021 691->693 692->693 694 403023 693->694 695 40302a-40302f 693->695 694->695 696 403031-40303a call 403223 695->696 697 40303f-40304c call 40320d 695->697 696->697 701 403052-403056 697->701 702 4031fb 697->702 703 4031a6-4031a8 701->703 704 40305c-4030a5 GetTickCount 701->704 705 4031fd-4031fe 702->705 706 4031e8-4031eb 703->706 707 4031aa-4031ad 703->707 708 403203 704->708 709 4030ab-4030b3 704->709 710 403206-40320a 705->710 711 4031f0-4031f9 call 40320d 706->711 712 4031ed 706->712 707->708 713 4031af 707->713 708->710 714 4030b5 709->714 715 4030b8-4030c6 call 40320d 709->715 711->702 723 403200 711->723 712->711 717 4031b2-4031b8 713->717 714->715 715->702 725 4030cc-4030d5 715->725 720 4031ba 717->720 721 4031bc-4031ca call 40320d 717->721 720->721 721->702 728 4031cc-4031d1 call 405c50 721->728 723->708 727 4030db-4030fb call 4064cd 725->727 732 403101-403114 GetTickCount 727->732 733 40319e-4031a0 727->733 734 4031d6-4031d8 728->734 735 403116-40311e 732->735 736 403159-40315b 732->736 733->705 737 4031a2-4031a4 734->737 738 4031da-4031e4 734->738 740 403120-403124 735->740 741 403126-403151 MulDiv wsprintfA call 405137 735->741 742 403192-403196 736->742 743 40315d-403161 736->743 737->705 738->717 739 4031e6 738->739 739->708 740->736 740->741 748 403156 741->748 742->709 744 40319c 742->744 746 403163-40316a call 405c50 743->746 747 403178-403183 743->747 744->708 751 40316f-403171 746->751 750 403186-40318a 747->750 748->736 750->727 752 403190 750->752 751->737 753 403173-403176 751->753 752->708 753->750
                                                                                                                              C-Code - Quality: 95%
                                                                                                                              			E00402FFB(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t65;
				void* _t69;
				long _t70;
				intOrPtr _t75;
				long _t76;
				intOrPtr _t77;
				void* _t78;
				int _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t96;
				signed int _t97;
				int _t98;
				int _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;

				_t97 = _a16;
				_t92 = _a12;
				_v12 = _t97;
				if(_t92 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t92;
				if(_t92 == 0) {
					_v16 = 0x421428;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E00403223( *0x42f478 + _t62);
				}
				if(E0040320D( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t92 != 0) {
							if(_a16 < _t97) {
								_t97 = _a16;
							}
							if(E0040320D(_t92, _t97) != 0) {
								_v8 = _t97;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t92) {
							goto L44;
						}
						_t88 = _v12;
						while(1) {
							_t98 = _a16;
							if(_a16 >= _t88) {
								_t98 = _t88;
							}
							if(E0040320D(0x41d428, _t98) == 0) {
								goto L41;
							}
							_t69 = E00405C50(_a8, 0x41d428, _t98); // executed
							if(_t69 == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t98;
							_a16 = _a16 - _t98;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x40bd8c =  *0x40bd8c & 0x00000000;
					 *0x40bd88 =  *0x40bd88 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x40b870 = 8;
					 *0x415418 = 0x40d410;
					 *0x415414 = 0x40d410;
					 *0x415410 = 0x415410;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E0040320D(0x41d428, _t99) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t99;
						 *0x40b860 = 0x41d428;
						 *0x40b864 = _t99;
						while(1) {
							_t95 = _v16;
							 *0x40b868 = _t95;
							 *0x40b86c = _v12;
							_t75 = E004064CD(0x40b860);
							_v24 = _t75;
							if(_t75 < 0) {
								break;
							}
							_t100 =  *0x40b868; // 0x7d844c
							_t101 = _t100 - _t95;
							_t76 = GetTickCount();
							_t96 = _t76;
							if(( *0x42f4d4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00405137(0,  &_v88); // executed
								_v20 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t77 =  *0x40b868; // 0x7d844c
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_v16 = _t77;
									L23:
									if(_v24 != 1) {
										continue;
									}
									goto L44;
								}
								_t78 = E00405C50(_a8, _v16, _t101); // executed
								if(_t78 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t101;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}


























                                                                                                                              0x00403003
                                                                                                                              0x00403007
                                                                                                                              0x0040300a
                                                                                                                              0x0040300f
                                                                                                                              0x00403011
                                                                                                                              0x00403011
                                                                                                                              0x00403018
                                                                                                                              0x0040301c
                                                                                                                              0x00403021
                                                                                                                              0x00403023
                                                                                                                              0x00403023
                                                                                                                              0x0040302a
                                                                                                                              0x0040302f
                                                                                                                              0x0040303a
                                                                                                                              0x0040303a
                                                                                                                              0x0040304c
                                                                                                                              0x004031fb
                                                                                                                              0x004031fb
                                                                                                                              0x00000000
                                                                                                                              0x00403052
                                                                                                                              0x00403056
                                                                                                                              0x004031a8
                                                                                                                              0x004031eb
                                                                                                                              0x004031ed
                                                                                                                              0x004031ed
                                                                                                                              0x004031f9
                                                                                                                              0x00403200
                                                                                                                              0x00403203
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004031f9
                                                                                                                              0x004031ad
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004031af
                                                                                                                              0x004031b2
                                                                                                                              0x004031b5
                                                                                                                              0x004031b8
                                                                                                                              0x004031ba
                                                                                                                              0x004031ba
                                                                                                                              0x004031ca
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004031d1
                                                                                                                              0x004031d8
                                                                                                                              0x004031a2
                                                                                                                              0x004031a2
                                                                                                                              0x004031fd
                                                                                                                              0x004031fd
                                                                                                                              0x00000000
                                                                                                                              0x004031fd
                                                                                                                              0x004031da
                                                                                                                              0x004031dd
                                                                                                                              0x004031e4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004031e6
                                                                                                                              0x00000000
                                                                                                                              0x004031b2
                                                                                                                              0x00403062
                                                                                                                              0x00403064
                                                                                                                              0x0040306b
                                                                                                                              0x00403072
                                                                                                                              0x00403072
                                                                                                                              0x00403079
                                                                                                                              0x00403081
                                                                                                                              0x0040308b
                                                                                                                              0x00403090
                                                                                                                              0x00403098
                                                                                                                              0x004030a2
                                                                                                                              0x004030a5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004030ab
                                                                                                                              0x004030ab
                                                                                                                              0x004030ab
                                                                                                                              0x004030b3
                                                                                                                              0x004030b5
                                                                                                                              0x004030b5
                                                                                                                              0x004030c6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004030cc
                                                                                                                              0x004030cf
                                                                                                                              0x004030d5
                                                                                                                              0x004030db
                                                                                                                              0x004030db
                                                                                                                              0x004030e6
                                                                                                                              0x004030ec
                                                                                                                              0x004030f1
                                                                                                                              0x004030f8
                                                                                                                              0x004030fb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403101
                                                                                                                              0x00403107
                                                                                                                              0x00403109
                                                                                                                              0x00403112
                                                                                                                              0x00403114
                                                                                                                              0x00403142
                                                                                                                              0x00403148
                                                                                                                              0x00403151
                                                                                                                              0x00403156
                                                                                                                              0x00403156
                                                                                                                              0x0040315b
                                                                                                                              0x00403196
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040315d
                                                                                                                              0x00403161
                                                                                                                              0x00403178
                                                                                                                              0x0040317d
                                                                                                                              0x00403180
                                                                                                                              0x00403183
                                                                                                                              0x00403186
                                                                                                                              0x0040318a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403190
                                                                                                                              0x0040316a
                                                                                                                              0x00403171
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403173
                                                                                                                              0x00000000
                                                                                                                              0x00403173
                                                                                                                              0x0040315b
                                                                                                                              0x0040319e
                                                                                                                              0x00000000
                                                                                                                              0x0040319e
                                                                                                                              0x00000000
                                                                                                                              0x004030ab

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CountTick$wsprintf
                                                                                                                              • String ID: ... %d%%
                                                                                                                              • API String ID: 551687249-2449383134
                                                                                                                              • Opcode ID: fadbfff98126c3f33fc218ff52c7570f2bc54738a50a490896210387b9f65f46
                                                                                                                              • Instruction ID: 2f86f0e091d903dd4c8dc1f0d7d1d97a23866136c8ad304ef4da6da149bc5d25
                                                                                                                              • Opcode Fuzzy Hash: fadbfff98126c3f33fc218ff52c7570f2bc54738a50a490896210387b9f65f46
                                                                                                                              • Instruction Fuzzy Hash: D2518D71801219EBDB10DF65DA44A9E7FB8EF08316F10817BE810B72E1C7789B44CBA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405BD8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 754 405bd8-405be2 755 405be3-405c0e GetTickCount GetTempFileNameA 754->755 756 405c10-405c12 755->756 757 405c1d-405c1f 755->757 756->755 758 405c14 756->758 759 405c17-405c1a 757->759 758->759
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405BD8(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3b4; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                                                                                                              0x00405bdc
                                                                                                                              0x00405be2
                                                                                                                              0x00405be3
                                                                                                                              0x00405be3
                                                                                                                              0x00405be8
                                                                                                                              0x00405be9
                                                                                                                              0x00405bec
                                                                                                                              0x00405bf6
                                                                                                                              0x00405c03
                                                                                                                              0x00405c06
                                                                                                                              0x00405c0e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405c12
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405c14
                                                                                                                              0x00000000
                                                                                                                              0x00405c14
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetTickCount.KERNEL32 ref: 00405BEC
                                                                                                                              • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000006,00000008,0000000A), ref: 00405C06
                                                                                                                              Strings
                                                                                                                              • nsa, xrefs: 00405BE3
                                                                                                                              • "C:\Users\user\Desktop\SetupWIService.exe", xrefs: 00405BD8
                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BDB
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                              • String ID: "C:\Users\user\Desktop\SetupWIService.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                              • API String ID: 1716503409-3989541178
                                                                                                                              • Opcode ID: 81a8a72dc23b4af90602e2553ee1124644ae594fa0167b908fb3a738e8e2aa10
                                                                                                                              • Instruction ID: 7981c9ddf24778652055132877b92488972f9a5eb9cf132aa873dca7e4a118a1
                                                                                                                              • Opcode Fuzzy Hash: 81a8a72dc23b4af90602e2553ee1124644ae594fa0167b908fb3a738e8e2aa10
                                                                                                                              • Instruction Fuzzy Hash: 0FF082363183046BEB109F56DD04B9B7BA9DFD2750F14803BFA489B290D6B4A9548B58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401D41 Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 760 401d41-401d45 761 401d54-401d58 GetDlgItem 760->761 762 401d47-401d52 call 402b0a 760->762 764 401d5e-401d87 761->764 762->764 766 401d91 764->766 767 401d89-401d8f call 402b2c 764->767 769 401d95-401de5 GetClientRect LoadImageA SendMessageA 766->769 767->769 771 4029b8-4029c7 769->771 772 401deb-401ded 769->772 772->771 773 401df3-401dfa DeleteObject 772->773 773->771
                                                                                                                              C-Code - Quality: 94%
                                                                                                                              			E00401D41(int __edx) {
				struct HWND__* _t24;
				CHAR* _t30;
				long _t39;
				void* _t40;
				void* _t44;
				signed int _t46;
				int _t50;
				signed int _t53;
				void* _t57;

				_t48 = __edx;
				if(( *(_t57 - 0x2b) & 0x00000001) == 0) {
					_t24 = GetDlgItem( *(_t57 - 8), __edx);
				} else {
					_t24 = E00402B0A(1);
					 *(_t57 - 0x10) = _t48;
				}
				_t46 =  *(_t57 - 0x2c);
				 *(_t57 + 8) = _t24;
				 *(_t57 - 8) = _t46 >> 0x1f;
				_t50 = _t46 & 0x00000003;
				_t53 = _t46 & 0x00000004;
				 *(_t57 - 0x1c) = _t46 >> 0x0000001e & 0x00000001;
				if((_t46 & 0x00010000) == 0) {
					_t30 =  *(_t57 - 0x34) & 0x0000ffff;
				} else {
					_t30 = E00402B2C(_t44);
				}
				 *(_t57 - 0xc) = _t30;
				GetClientRect( *(_t57 + 8), _t57 - 0x58);
				asm("sbb esi, esi");
				_t39 = LoadImageA( ~_t53 &  *0x42f400,  *(_t57 - 0xc), _t50,  *(_t57 - 0x50) *  *(_t57 - 8),  *(_t57 - 0x4c) *  *(_t57 - 0x1c),  *(_t57 - 0x2c) & 0x0000fef0); // executed
				_t40 = SendMessageA( *(_t57 + 8), 0x172, _t50, _t39); // executed
				if(_t40 != _t44 && _t50 == _t44) {
					DeleteObject(_t40);
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t57 - 4));
				return 0;
			}












                                                                                                                              0x00401d41
                                                                                                                              0x00401d45
                                                                                                                              0x00401d58
                                                                                                                              0x00401d47
                                                                                                                              0x00401d49
                                                                                                                              0x00401d4f
                                                                                                                              0x00401d4f
                                                                                                                              0x00401d5e
                                                                                                                              0x00401d61
                                                                                                                              0x00401d6b
                                                                                                                              0x00401d72
                                                                                                                              0x00401d78
                                                                                                                              0x00401d84
                                                                                                                              0x00401d87
                                                                                                                              0x00401d91
                                                                                                                              0x00401d89
                                                                                                                              0x00401d8a
                                                                                                                              0x00401d8a
                                                                                                                              0x00401d95
                                                                                                                              0x00401d9f
                                                                                                                              0x00401dc4
                                                                                                                              0x00401dcd
                                                                                                                              0x00401ddd
                                                                                                                              0x00401de5
                                                                                                                              0x00401df4
                                                                                                                              0x00401df4
                                                                                                                              0x004029bb
                                                                                                                              0x004029c7

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1849352358-0
                                                                                                                              • Opcode ID: 00f1612270fd0f543acd8efcffc28e16e01318b1b3b826732ee9862bf9fbfd2f
                                                                                                                              • Instruction ID: 7a7dd6c208c7a4d57f36c402fdb0fe657614a2e015b6db45afd3f1aca9992802
                                                                                                                              • Opcode Fuzzy Hash: 00f1612270fd0f543acd8efcffc28e16e01318b1b3b826732ee9862bf9fbfd2f
                                                                                                                              • Instruction Fuzzy Hash: 30215172E00109AFDB05DF98DE44AEEBBB9FB58310F10403AF945F62A1CB789941CB58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401C0A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 59%
                                                                                                                              			E00401C0A(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402B0A(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402B0A(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x20) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402B2C(0x33);
				}
				__eflags =  *(_t64 - 0x20) & 0x00000002;
				if(( *(_t64 - 0x20) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402B2C(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x38)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402B2C();
					_t32 = E00402B2C();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402B0A();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402B0A(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x20) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8)); // executed
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x34)) >= _t46) {
					_push( *(_t64 - 0xc));
					E00405F6E();
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                                                              0x00401c0a
                                                                                                                              0x00401c0c
                                                                                                                              0x00401c13
                                                                                                                              0x00401c16
                                                                                                                              0x00401c19
                                                                                                                              0x00401c23
                                                                                                                              0x00401c27
                                                                                                                              0x00401c2a
                                                                                                                              0x00401c33
                                                                                                                              0x00401c33
                                                                                                                              0x00401c36
                                                                                                                              0x00401c3a
                                                                                                                              0x00401c43
                                                                                                                              0x00401c43
                                                                                                                              0x00401c46
                                                                                                                              0x00401c4a
                                                                                                                              0x00401c4c
                                                                                                                              0x00401ca1
                                                                                                                              0x00401ca3
                                                                                                                              0x00401cac
                                                                                                                              0x00401cb4
                                                                                                                              0x00401cb7
                                                                                                                              0x00401cb7
                                                                                                                              0x00401cc0
                                                                                                                              0x00000000
                                                                                                                              0x00401c4e
                                                                                                                              0x00401c55
                                                                                                                              0x00401c57
                                                                                                                              0x00401c5a
                                                                                                                              0x00401c60
                                                                                                                              0x00401c67
                                                                                                                              0x00401c6a
                                                                                                                              0x00401c92
                                                                                                                              0x00401cc6
                                                                                                                              0x00401cc6
                                                                                                                              0x00401c6c
                                                                                                                              0x00401c7a
                                                                                                                              0x00401c82
                                                                                                                              0x00401c85
                                                                                                                              0x00401c85
                                                                                                                              0x00401c6a
                                                                                                                              0x00401cc9
                                                                                                                              0x00401ccc
                                                                                                                              0x00401cd2
                                                                                                                              0x00402960
                                                                                                                              0x00402960
                                                                                                                              0x004029bb
                                                                                                                              0x004029c7

                                                                                                                              APIs
                                                                                                                              • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C7A
                                                                                                                              • SendMessageA.USER32 ref: 00401C92
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                              • String ID: !
                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                              • Opcode ID: d1a5455d7aacc09bf912e97d7887ce2258fe7abf1a6a230a252a42dd7e2e40c1
                                                                                                                              • Instruction ID: f2250e9d7a54984aac42e0f48c7b57cae310fb8b86675e6ff90c870375dfe4cb
                                                                                                                              • Opcode Fuzzy Hash: d1a5455d7aacc09bf912e97d7887ce2258fe7abf1a6a230a252a42dd7e2e40c1
                                                                                                                              • Instruction Fuzzy Hash: 4D216BB1944208BEEF06AFA4D98AAAD7FB5EB44304F10447EF501B61D1C7B88640DB18
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040243D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 83%
                                                                                                                              			E0040243D(void* __eax, int __ebx, intOrPtr __edx, void* __eflags) {
				void* _t18;
				void* _t19;
				int _t22;
				long _t23;
				int _t28;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t35;
				void* _t37;
				void* _t40;

				_t40 = __eflags;
				_t31 = __edx;
				_t28 = __ebx;
				_t35 =  *((intOrPtr*)(_t37 - 0x24));
				_t32 = __eax;
				 *(_t37 - 0x10) =  *(_t37 - 0x20);
				 *(_t37 - 0x4c) = E00402B2C(2);
				_t18 = E00402B2C(0x11);
				 *(_t37 - 4) = 1;
				_t19 = E00402BBC(_t40, _t32, _t18, 2); // executed
				 *(_t37 + 8) = _t19;
				if(_t19 != __ebx) {
					_t22 = 0;
					if(_t35 == 1) {
						E00402B2C(0x23);
						_t22 = lstrlenA(0x40ac18) + 1;
					}
					if(_t35 == 4) {
						 *0x40ac18 = E00402B0A(3);
						 *((intOrPtr*)(_t37 - 0x44)) = _t31;
						_t22 = _t35;
					}
					if(_t35 == 3) {
						_t22 = E00402FFB( *((intOrPtr*)(_t37 - 0x28)), _t28, 0x40ac18, 0xc00);
					}
					_t23 = RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x4c), _t28,  *(_t37 - 0x10), 0x40ac18, _t22); // executed
					if(_t23 == 0) {
						 *(_t37 - 4) = _t28;
					}
					_push( *(_t37 + 8));
					RegCloseKey(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *(_t37 - 4);
				return 0;
			}













                                                                                                                              0x0040243d
                                                                                                                              0x0040243d
                                                                                                                              0x0040243d
                                                                                                                              0x0040243d
                                                                                                                              0x00402440
                                                                                                                              0x00402447
                                                                                                                              0x00402451
                                                                                                                              0x00402454
                                                                                                                              0x0040245d
                                                                                                                              0x00402464
                                                                                                                              0x0040246b
                                                                                                                              0x0040246e
                                                                                                                              0x00402474
                                                                                                                              0x0040247e
                                                                                                                              0x00402482
                                                                                                                              0x0040248d
                                                                                                                              0x0040248d
                                                                                                                              0x00402491
                                                                                                                              0x0040249b
                                                                                                                              0x004024a1
                                                                                                                              0x004024a4
                                                                                                                              0x004024a4
                                                                                                                              0x004024a8
                                                                                                                              0x004024b4
                                                                                                                              0x004024b4
                                                                                                                              0x004024c5
                                                                                                                              0x004024cd
                                                                                                                              0x004024cf
                                                                                                                              0x004024cf
                                                                                                                              0x004024d2
                                                                                                                              0x004025a9
                                                                                                                              0x004025a9
                                                                                                                              0x004029bb
                                                                                                                              0x004029c7

                                                                                                                              APIs
                                                                                                                              • lstrlenA.KERNEL32(C:\Program Files (x86)\Wildix\WIService\proxyex.lnk,00000023,00000011,00000002), ref: 00402488
                                                                                                                              • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Program Files (x86)\Wildix\WIService\proxyex.lnk,00000000,00000011,00000002), ref: 004024C5
                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,C:\Program Files (x86)\Wildix\WIService\proxyex.lnk,00000000,00000011,00000002), ref: 004025A9
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseValuelstrlen
                                                                                                                              • String ID: C:\Program Files (x86)\Wildix\WIService\proxyex.lnk
                                                                                                                              • API String ID: 2655323295-2130598922
                                                                                                                              • Opcode ID: 220cfe30d1646cf9600db30c69b26d3c8c914c002f0e367b9718bea176d4d9e9
                                                                                                                              • Instruction ID: 559559637a649bcd28a1cc64439ef7fed2494afba8ff337a7fe29a68e97d1b61
                                                                                                                              • Opcode Fuzzy Hash: 220cfe30d1646cf9600db30c69b26d3c8c914c002f0e367b9718bea176d4d9e9
                                                                                                                              • Instruction Fuzzy Hash: 26115E71E00218AFEB01AFA58E49EAE7AB4EB48314F21443BF504B71C1D6F95D419B68
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405A96 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 53%
                                                                                                                              			E00405A96(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00406010(0x42bc78, _a4);
				_t21 = E00405A41(0x42bc78);
				if(_t21 != 0) {
					E0040627A(_t21);
					if(( *0x42f41c & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x42bc78;
						while(1) {
							_t11 = lstrlenA(0x42bc78);
							_push(0x42bc78);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00406313();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E004059EF(0x42bc78);
								continue;
							} else {
								goto L1;
							}
						}
						E004059A8();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                                                              0x00405aa2
                                                                                                                              0x00405aad
                                                                                                                              0x00405ab1
                                                                                                                              0x00405ab8
                                                                                                                              0x00405ac4
                                                                                                                              0x00405ad0
                                                                                                                              0x00405ad0
                                                                                                                              0x00405ae8
                                                                                                                              0x00405ae9
                                                                                                                              0x00405af0
                                                                                                                              0x00405af1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405ad4
                                                                                                                              0x00405adb
                                                                                                                              0x00405ae3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405adb
                                                                                                                              0x00405af3
                                                                                                                              0x00405af9
                                                                                                                              0x00000000
                                                                                                                              0x00405b07
                                                                                                                              0x00405ac6
                                                                                                                              0x00405aca
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405aca
                                                                                                                              0x00405ab3
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00406010: lstrcpynA.KERNEL32(?,?,00000400,0040333D,Wildix WIService v2.15.2 Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040601D
                                                                                                                                • Part of subcall function 00405A41: CharNextA.USER32(?,?,C:\,?,00405AAD,C:\,C:\,74D0FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A4F
                                                                                                                                • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A54
                                                                                                                                • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A68
                                                                                                                              • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,74D0FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405AE9
                                                                                                                              • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,74D0FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,74D0FA90,C:\Users\user\AppData\Local\Temp\), ref: 00405AF9
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                              • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 3248276644-3942820052
                                                                                                                              • Opcode ID: a0e90dbc06f1550ade5f4dfcb0fddeac6c7db65a8ba4490088ce0944d0043635
                                                                                                                              • Instruction ID: 19c9bca0149f7da3aa3ccb8fe98c792d35a3de88cc2685bd8f8020a319c38c36
                                                                                                                              • Opcode Fuzzy Hash: a0e90dbc06f1550ade5f4dfcb0fddeac6c7db65a8ba4490088ce0944d0043635
                                                                                                                              • Instruction Fuzzy Hash: 94F0F425305D6116DA22323A5D85AAF2A44CED632471A073BF852B12C3DB3C89439DFE
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040206A Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 60%
                                                                                                                              			E0040206A(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x42f4d8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42f4a8 =  *0x42f4a8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402B2C(0xfffffff0);
				 *(_t34 + 8) = E00402B2C(1);
				if( *((intOrPtr*)(_t34 - 0x24)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00405137(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x2c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x430000, 0x40b858, 0x40a000);
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x2c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x28)) == _t27 && E004037CD(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                              0x0040206a
                                                                                                                              0x0040206a
                                                                                                                              0x0040206f
                                                                                                                              0x00402076
                                                                                                                              0x00402131
                                                                                                                              0x004022a4
                                                                                                                              0x004022a4
                                                                                                                              0x004029b8
                                                                                                                              0x004029bb
                                                                                                                              0x004029c7
                                                                                                                              0x004029c7
                                                                                                                              0x00402085
                                                                                                                              0x0040208f
                                                                                                                              0x00402092
                                                                                                                              0x004020a1
                                                                                                                              0x004020a5
                                                                                                                              0x004020ab
                                                                                                                              0x004020af
                                                                                                                              0x0040212a
                                                                                                                              0x00000000
                                                                                                                              0x0040212a
                                                                                                                              0x004020b1
                                                                                                                              0x004020ba
                                                                                                                              0x004020be
                                                                                                                              0x00402102
                                                                                                                              0x004020c0
                                                                                                                              0x004020c3
                                                                                                                              0x004020c6
                                                                                                                              0x004020f6
                                                                                                                              0x004020c8
                                                                                                                              0x004020cb
                                                                                                                              0x004020d4
                                                                                                                              0x004020d6
                                                                                                                              0x004020d6
                                                                                                                              0x004020d4
                                                                                                                              0x004020c6
                                                                                                                              0x0040210a
                                                                                                                              0x0040211f
                                                                                                                              0x0040211f
                                                                                                                              0x00000000
                                                                                                                              0x0040210a
                                                                                                                              0x00402095
                                                                                                                              0x0040209b
                                                                                                                              0x0040209f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00402095
                                                                                                                                • Part of subcall function 00405137: lstrlenA.KERNEL32(Completed,00000000,007D844C,74D0EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                                                                                • Part of subcall function 00405137: lstrlenA.KERNEL32(00403156,Completed,00000000,007D844C,74D0EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                                                                                • Part of subcall function 00405137: lstrcatA.KERNEL32(Completed,00403156,00403156,Completed,00000000,007D844C,74D0EA30), ref: 00405193
                                                                                                                                • Part of subcall function 00405137: SetWindowTextA.USER32(Completed,Completed), ref: 004051A5
                                                                                                                                • Part of subcall function 00405137: SendMessageA.USER32 ref: 004051CB
                                                                                                                                • Part of subcall function 00405137: SendMessageA.USER32 ref: 004051E5
                                                                                                                                • Part of subcall function 00405137: SendMessageA.USER32 ref: 004051F3
                                                                                                                              • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020A5
                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 004020B5
                                                                                                                              • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040211F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2987980305-0
                                                                                                                              • Opcode ID: 532ce0de4b0eb58012e9db3c58e41f5788510b7f5f76953fa1d2d9dfe9513583
                                                                                                                              • Instruction ID: 166643d80e3f452ca3a3677f95ea327ecca8534a485506fba34b2def260d9046
                                                                                                                              • Opcode Fuzzy Hash: 532ce0de4b0eb58012e9db3c58e41f5788510b7f5f76953fa1d2d9dfe9513583
                                                                                                                              • Instruction Fuzzy Hash: EA21C671900214ABCF217FA4CF89AAE7A74AF15318F20413BF601B62D0D6FD49829A5E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402C2E Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 84%
                                                                                                                              			E00402C2E(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				char _v272;
				void* _t19;
				signed int _t25;
				intOrPtr* _t27;
				signed int _t32;
				signed int _t33;
				signed int _t34;

				_t33 = _a12;
				_t34 = _t33 & 0x00000300;
				_t32 = _t33 & 0x00000001;
				_t19 = E00405E96(__eflags, _a4, _a8, _t34 | 0x00000008,  &_v8); // executed
				if(_t19 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _t32;
						if(__eflags != 0) {
							RegCloseKey(_v8);
							return 0x3eb;
						}
						_t25 = E00402C2E(__eflags, _v8,  &_v272, _a12);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E004063A8(3);
					if(_t27 == 0) {
						return RegDeleteKeyA(_a4, _a8);
					}
					return  *_t27(_a4, _a8, _t34, 0);
				}
				return _t19;
			}











                                                                                                                              0x00402c39
                                                                                                                              0x00402c42
                                                                                                                              0x00402c4b
                                                                                                                              0x00402c57
                                                                                                                              0x00402c5e
                                                                                                                              0x00402c82
                                                                                                                              0x00402c68
                                                                                                                              0x00402c6a
                                                                                                                              0x00402cbd
                                                                                                                              0x00000000
                                                                                                                              0x00402cc3
                                                                                                                              0x00402c79
                                                                                                                              0x00402c7e
                                                                                                                              0x00402c80
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402c80
                                                                                                                              0x00402c9c
                                                                                                                              0x00402ca4
                                                                                                                              0x00402cab
                                                                                                                              0x00000000
                                                                                                                              0x00402cd0
                                                                                                                              0x00000000
                                                                                                                              0x00402cb6
                                                                                                                              0x00402cda

                                                                                                                              APIs
                                                                                                                              • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402C93
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402C9C
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402CBD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Close$Enum
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 464197530-0
                                                                                                                              • Opcode ID: effb832a44eae474ef75c518ed00afd6638a3a1b55d5a88c518eff5d822b0912
                                                                                                                              • Instruction ID: 2c23bb11d6ae01cf130d195ddd5538b48d854d6e1d77fd04796d14e07e1bb179
                                                                                                                              • Opcode Fuzzy Hash: effb832a44eae474ef75c518ed00afd6638a3a1b55d5a88c518eff5d822b0912
                                                                                                                              • Instruction Fuzzy Hash: 70116A32504109FBEF129F90DF09B9E7B6DEB54340F204036BD45B61E0E7B59E15ABA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 87%
                                                                                                                              			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402B2C(0xfffffff0);
				_t13 = E00405A41(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E004059D3(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E0040567A(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x2c)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x2c)) == _t26 || E00405697(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E004055FD(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x30)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406010("C:\\Program Files (x86)\\Wildix\\WIService", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                                                                                              0x004015bb
                                                                                                                              0x004015c2
                                                                                                                              0x004015c5
                                                                                                                              0x004015ca
                                                                                                                              0x004015ce
                                                                                                                              0x004015d0
                                                                                                                              0x004015d8
                                                                                                                              0x004015da
                                                                                                                              0x004015dc
                                                                                                                              0x004015e0
                                                                                                                              0x004015e3
                                                                                                                              0x004015fb
                                                                                                                              0x004015fc
                                                                                                                              0x004015e5
                                                                                                                              0x004015e5
                                                                                                                              0x004015e8
                                                                                                                              0x00000000
                                                                                                                              0x004015f3
                                                                                                                              0x004015f4
                                                                                                                              0x004015f4
                                                                                                                              0x004015e8
                                                                                                                              0x00401603
                                                                                                                              0x0040160a
                                                                                                                              0x00401617
                                                                                                                              0x00401617
                                                                                                                              0x0040160c
                                                                                                                              0x0040160d
                                                                                                                              0x00401615
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00401615
                                                                                                                              0x0040160a
                                                                                                                              0x0040161a
                                                                                                                              0x0040161d
                                                                                                                              0x0040161f
                                                                                                                              0x00401620
                                                                                                                              0x004015d0
                                                                                                                              0x00401627
                                                                                                                              0x00401652
                                                                                                                              0x004022a4
                                                                                                                              0x00401629
                                                                                                                              0x0040162b
                                                                                                                              0x00401636
                                                                                                                              0x0040163c
                                                                                                                              0x00401644
                                                                                                                              0x0040164a
                                                                                                                              0x0040164a
                                                                                                                              0x00401644
                                                                                                                              0x004029bb
                                                                                                                              0x004029c7

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00405A41: CharNextA.USER32(?,?,C:\,?,00405AAD,C:\,C:\,74D0FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A4F
                                                                                                                                • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A54
                                                                                                                                • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A68
                                                                                                                              • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                                                                                                • Part of subcall function 004055FD: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405640
                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Program Files (x86)\Wildix\WIService,00000000,00000000,000000F0), ref: 0040163C
                                                                                                                              Strings
                                                                                                                              • C:\Program Files (x86)\Wildix\WIService, xrefs: 00401631
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                              • String ID: C:\Program Files (x86)\Wildix\WIService
                                                                                                                              • API String ID: 1892508949-4211190453
                                                                                                                              • Opcode ID: 08a3087bb2a30077ba34e7e92968e352eff6a2b7baf1aa2c3a4ea80dfe544a50
                                                                                                                              • Instruction ID: 1afb8a6b6fc663fc0b529d5452f3d1f5a7876e1f873962654dbae4e79628cbca
                                                                                                                              • Opcode Fuzzy Hash: 08a3087bb2a30077ba34e7e92968e352eff6a2b7baf1aa2c3a4ea80dfe544a50
                                                                                                                              • Instruction Fuzzy Hash: 08112731508141EBCB217FB54D41A7F36B4AE96324F68093FE4D1B22E2D63D4842AA2F
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401EC3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 69%
                                                                                                                              			E00401EC3(void* __ecx, void* __eflags) {
				intOrPtr _t20;
				void* _t39;
				void* _t42;
				void* _t47;

				_t42 = __ecx;
				_t45 = E00402B2C(_t39);
				_t20 = E00402B2C(0x31);
				_t43 = E00402B2C(0x22);
				E00402B2C(0x15);
				E00401423(0xffffffec);
				 *(_t47 - 0x80) =  *(_t47 - 0x24);
				 *((intOrPtr*)(_t47 - 0x7c)) =  *((intOrPtr*)(_t47 - 8));
				 *((intOrPtr*)(_t47 - 0x68)) =  *((intOrPtr*)(_t47 - 0x28));
				asm("sbb eax, eax");
				 *((intOrPtr*)(_t47 - 0x74)) = _t20;
				 *(_t47 - 0x78) =  ~( *_t19) & _t45;
				asm("sbb eax, eax");
				 *(_t47 - 0x6c) = "C:\\Program Files (x86)\\Wildix\\WIService";
				 *(_t47 - 0x70) =  ~( *_t21) & _t43;
				if(E004056F2(_t47 - 0x84) == 0) {
					 *((intOrPtr*)(_t47 - 4)) = 1;
				} else {
					if(( *(_t47 - 0x80) & 0x00000040) != 0) {
						E0040641D(_t42,  *((intOrPtr*)(_t47 - 0x4c)));
						_push( *((intOrPtr*)(_t47 - 0x4c)));
						FindCloseChangeNotification(); // executed
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t47 - 4));
				return 0;
			}







                                                                                                                              0x00401ec3
                                                                                                                              0x00401ecb
                                                                                                                              0x00401ecd
                                                                                                                              0x00401edd
                                                                                                                              0x00401edf
                                                                                                                              0x00401ee6
                                                                                                                              0x00401eee
                                                                                                                              0x00401ef4
                                                                                                                              0x00401efa
                                                                                                                              0x00401f01
                                                                                                                              0x00401f03
                                                                                                                              0x00401f08
                                                                                                                              0x00401f0f
                                                                                                                              0x00401f11
                                                                                                                              0x00401f1a
                                                                                                                              0x00401f2b
                                                                                                                              0x00402783
                                                                                                                              0x00401f31
                                                                                                                              0x00401f35
                                                                                                                              0x00401f3e
                                                                                                                              0x00401f43
                                                                                                                              0x00401f8d
                                                                                                                              0x00401f8d
                                                                                                                              0x00401f35
                                                                                                                              0x004029bb
                                                                                                                              0x004029c7

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 004056F2: ShellExecuteExA.SHELL32(?,004044E5,?), ref: 00405701
                                                                                                                                • Part of subcall function 0040641D: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040642E
                                                                                                                                • Part of subcall function 0040641D: GetExitCodeProcess.KERNEL32 ref: 00406450
                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401F8D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ChangeCloseCodeExecuteExitFindNotificationObjectProcessShellSingleWait
                                                                                                                              • String ID: @$C:\Program Files (x86)\Wildix\WIService
                                                                                                                              • API String ID: 4215836453-1207270012
                                                                                                                              • Opcode ID: 7a305fa7ebdee270b2f6feef7d621283433115b8e7cc8e56de74ece495ab6e09
                                                                                                                              • Instruction ID: 577b900a760e5ca89da3760b6b8950c99b83f280e087cd582299b2594771d0cd
                                                                                                                              • Opcode Fuzzy Hash: 7a305fa7ebdee270b2f6feef7d621283433115b8e7cc8e56de74ece495ab6e09
                                                                                                                              • Instruction Fuzzy Hash: 66113D71E042049ACB11EFB98A45A8DBFF4AF08314F64057BE450F72C2D7B88805DF18
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405EF7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E00405EF7(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x400;
				_t21 = E00405E96(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8); // executed
					_t21 = RegCloseKey(_a20); // executed
					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                                                              0x00405f05
                                                                                                                              0x00405f07
                                                                                                                              0x00405f1f
                                                                                                                              0x00405f24
                                                                                                                              0x00405f29
                                                                                                                              0x00405f66
                                                                                                                              0x00405f66
                                                                                                                              0x00405f2b
                                                                                                                              0x00405f3d
                                                                                                                              0x00405f48
                                                                                                                              0x00405f4e
                                                                                                                              0x00405f58
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405f58
                                                                                                                              0x00405f6b

                                                                                                                              APIs
                                                                                                                              • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,00000400,: Completed,?,?,?,?,00000002,: Completed,?,0040613B,80000002), ref: 00405F3D
                                                                                                                              • RegCloseKey.KERNELBASE(?,?,0040613B,80000002,Software\Microsoft\Windows\CurrentVersion,: Completed,: Completed,: Completed,?,Completed), ref: 00405F48
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseQueryValue
                                                                                                                              • String ID: : Completed
                                                                                                                              • API String ID: 3356406503-2954849223
                                                                                                                              • Opcode ID: 074503bd4819f587f33d8f4257f8029770edcc3592d90d126d241b317bef6944
                                                                                                                              • Instruction ID: 2ff6a7a209fcbf00177f68e0cac6a7fed3d2e9df1b1dc864ec66af95abe17f1f
                                                                                                                              • Opcode Fuzzy Hash: 074503bd4819f587f33d8f4257f8029770edcc3592d90d126d241b317bef6944
                                                                                                                              • Instruction Fuzzy Hash: 63017C7250060AABDF228F61CD09FDB3FA8EF59364F04403AF955E2190D2B8DA54CFA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004056AF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004056AF(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x42c078->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x42c078,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                              0x004056b8
                                                                                                                              0x004056d8
                                                                                                                              0x004056e0
                                                                                                                              0x004056e5
                                                                                                                              0x00000000
                                                                                                                              0x004056eb
                                                                                                                              0x004056ef

                                                                                                                              APIs
                                                                                                                              • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C078,Error launching installer), ref: 004056D8
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 004056E5
                                                                                                                              Strings
                                                                                                                              • Error launching installer, xrefs: 004056C2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                              • String ID: Error launching installer
                                                                                                                              • API String ID: 3712363035-66219284
                                                                                                                              • Opcode ID: a2b9ecb8406674d5a7d1aded78611502900df459338db245270d40db8d5eaf79
                                                                                                                              • Instruction ID: d682804100e664e073205113f6b11307167482a28e2818ee20dd6d85df95f7a7
                                                                                                                              • Opcode Fuzzy Hash: a2b9ecb8406674d5a7d1aded78611502900df459338db245270d40db8d5eaf79
                                                                                                                              • Instruction Fuzzy Hash: CFE046F0640209BFEB109FA0EE49F7F7AADEB00704F404521BD00F2190EA7498088A7C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401B63 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 59%
                                                                                                                              			E00401B63(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				char* _t36;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x2c));
				_t30 =  *0x40b858; // 0x783da0
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x404); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E00406032(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x34)));
						_t11 =  *0x40b858; // 0x783da0
						 *_t34 = _t11;
						 *0x40b858 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x783da4
							E00406010(_t33, _t2);
							_push(_t30);
							 *0x40b858 =  *_t30; // executed
							GlobalFree(); // executed
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								_t36 = "\"C:\\Windows\\explorer.exe\" \"C:\\Program Files (x86)\\Wildix\\WIService\\wiservice.exe\"";
								E00406010(_t36, _t30 + 4);
								_t21 =  *0x40b858; // 0x783da0
								E00406010(_t32, _t21 + 4);
								_t24 =  *0x40b858; // 0x783da0
								_push(_t36);
								_push(_t24 + 4);
								E00406010();
								L15:
								 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E00406032(_t27, _t30, _t33, _t27, 0xffffffe8));
					E0040572C();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}














                                                                                                                              0x00401b63
                                                                                                                              0x00401b63
                                                                                                                              0x00401b66
                                                                                                                              0x00401b6e
                                                                                                                              0x00401bb6
                                                                                                                              0x00401be4
                                                                                                                              0x00401bed
                                                                                                                              0x00401bef
                                                                                                                              0x00401bf3
                                                                                                                              0x00401bf8
                                                                                                                              0x00401bfd
                                                                                                                              0x00401bff
                                                                                                                              0x00401bb8
                                                                                                                              0x00401bba
                                                                                                                              0x00402783
                                                                                                                              0x00401bc0
                                                                                                                              0x00401bc0
                                                                                                                              0x00401bc5
                                                                                                                              0x00401bcc
                                                                                                                              0x00401bcd
                                                                                                                              0x00401bd2
                                                                                                                              0x00401bd2
                                                                                                                              0x00401bba
                                                                                                                              0x00000000
                                                                                                                              0x00401b70
                                                                                                                              0x00401b70
                                                                                                                              0x00401b70
                                                                                                                              0x00401b73
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00401b79
                                                                                                                              0x00401b7d
                                                                                                                              0x00000000
                                                                                                                              0x00401b7f
                                                                                                                              0x00401b81
                                                                                                                              0x00000000
                                                                                                                              0x00401b87
                                                                                                                              0x00401b87
                                                                                                                              0x00401b8a
                                                                                                                              0x00401b91
                                                                                                                              0x00401b96
                                                                                                                              0x00401ba0
                                                                                                                              0x00401ba5
                                                                                                                              0x00401baa
                                                                                                                              0x00401bae
                                                                                                                              0x004028d6
                                                                                                                              0x004029b8
                                                                                                                              0x004029bb
                                                                                                                              0x004029c1
                                                                                                                              0x004029c1
                                                                                                                              0x00401b81
                                                                                                                              0x00000000
                                                                                                                              0x00401b7d
                                                                                                                              0x0040233b
                                                                                                                              0x00402348
                                                                                                                              0x00402349
                                                                                                                              0x0040234e
                                                                                                                              0x0040234e
                                                                                                                              0x004029c3
                                                                                                                              0x004029c7

                                                                                                                              APIs
                                                                                                                              • GlobalFree.KERNEL32 ref: 00401BD2
                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401BE4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$AllocFree
                                                                                                                              • String ID: "C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exe"
                                                                                                                              • API String ID: 3394109436-3775993315
                                                                                                                              • Opcode ID: 6d7ff2a269b29df243dac5a31b31c390212993cd2cb387205d16563d3155f2c3
                                                                                                                              • Instruction ID: d4b557a109d17d81ab43e8b3f8c0bc9708487bd5a7f62e569783b32eaae16c6e
                                                                                                                              • Opcode Fuzzy Hash: 6d7ff2a269b29df243dac5a31b31c390212993cd2cb387205d16563d3155f2c3
                                                                                                                              • Instruction Fuzzy Hash: 8D2193B2640140ABC710FFA8DA88A5E73ADEB44314B21843BF142F72D1D77899919B9D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040254C Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E0040254C(int* __ebx, intOrPtr __edx, char* __esi) {
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				void* _t22;
				char* _t24;
				void* _t26;
				void* _t29;

				_t24 = __esi;
				_t21 = __edx;
				_t16 = __ebx;
				_t22 = E00402B6C(_t29, 0x20019);
				_t10 = E00402B0A(3);
				 *((intOrPtr*)(_t26 - 0x10)) = _t21;
				 *__esi = __ebx;
				if(_t22 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x24)) == __ebx) {
						_t13 = RegEnumValueA(_t22, _t10, __esi, _t26 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyA(_t22, _t10, __esi, 0x3ff);
					}
					_t24[0x3ff] = _t16;
					_push(_t22); // executed
					RegCloseKey(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}











                                                                                                                              0x0040254c
                                                                                                                              0x0040254c
                                                                                                                              0x0040254c
                                                                                                                              0x00402558
                                                                                                                              0x0040255a
                                                                                                                              0x00402562
                                                                                                                              0x00402565
                                                                                                                              0x00402567
                                                                                                                              0x00402783
                                                                                                                              0x0040256d
                                                                                                                              0x00402575
                                                                                                                              0x00402578
                                                                                                                              0x00402591
                                                                                                                              0x00402597
                                                                                                                              0x00402599
                                                                                                                              0x0040259b
                                                                                                                              0x0040259b
                                                                                                                              0x0040257a
                                                                                                                              0x0040257e
                                                                                                                              0x0040257e
                                                                                                                              0x004025a2
                                                                                                                              0x004025a8
                                                                                                                              0x004025a9
                                                                                                                              0x004025a9
                                                                                                                              0x004029bb
                                                                                                                              0x004029c7

                                                                                                                              APIs
                                                                                                                              • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 0040257E
                                                                                                                              • RegEnumValueA.ADVAPI32(00000000,00000000,?,?), ref: 00402591
                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,C:\Program Files (x86)\Wildix\WIService\proxyex.lnk,00000000,00000011,00000002), ref: 004025A9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Enum$CloseValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 397863658-0
                                                                                                                              • Opcode ID: 37e738cec324d61a2f70768af6b191aeff6b55d76fe7f4a5df61323c4f48b18c
                                                                                                                              • Instruction ID: 759f5540e81814690deb71b34766d19dbbd7be08400e999f0e3afb18397e9514
                                                                                                                              • Opcode Fuzzy Hash: 37e738cec324d61a2f70768af6b191aeff6b55d76fe7f4a5df61323c4f48b18c
                                                                                                                              • Instruction Fuzzy Hash: 7501BCB1A01205FFE7119F699E89ABF7ABCEB40344F10003EF442B62C0D6F84E049669
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004024DA Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 84%
                                                                                                                              			E004024DA(int* __ebx, char* __esi) {
				void* _t17;
				char* _t18;
				long _t21;
				void* _t33;
				void* _t37;
				void* _t40;

				_t35 = __esi;
				_t27 = __ebx;
				_t17 = E00402B6C(_t40, 0x20019); // executed
				_t33 = _t17;
				_t18 = E00402B2C(0x33);
				 *__esi = __ebx;
				if(_t33 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x10) = 0x400;
					_t21 = RegQueryValueExA(_t33, _t18, __ebx, _t37 + 8, __esi, _t37 - 0x10); // executed
					if(_t21 != 0) {
						L7:
						 *_t35 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x24) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x24) == __ebx;
							E00405F6E(__esi,  *__esi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x24);
								_t35[0x3ff] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t33); // executed
					RegCloseKey(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *(_t37 - 4);
				return 0;
			}









                                                                                                                              0x004024da
                                                                                                                              0x004024da
                                                                                                                              0x004024df
                                                                                                                              0x004024e6
                                                                                                                              0x004024e8
                                                                                                                              0x004024ef
                                                                                                                              0x004024f1
                                                                                                                              0x00402783
                                                                                                                              0x004024f7
                                                                                                                              0x004024fa
                                                                                                                              0x0040250a
                                                                                                                              0x00402515
                                                                                                                              0x00402545
                                                                                                                              0x00402545
                                                                                                                              0x00402547
                                                                                                                              0x00402517
                                                                                                                              0x0040251b
                                                                                                                              0x00402534
                                                                                                                              0x0040253b
                                                                                                                              0x0040253e
                                                                                                                              0x0040251d
                                                                                                                              0x00402520
                                                                                                                              0x0040252b
                                                                                                                              0x004025a2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402520
                                                                                                                              0x0040251b
                                                                                                                              0x004025a8
                                                                                                                              0x004025a9
                                                                                                                              0x004025a9
                                                                                                                              0x004029bb
                                                                                                                              0x004029c7

                                                                                                                              APIs
                                                                                                                              • RegQueryValueExA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040250A
                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,C:\Program Files (x86)\Wildix\WIService\proxyex.lnk,00000000,00000011,00000002), ref: 004025A9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseQueryValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3356406503-0
                                                                                                                              • Opcode ID: a37d31d288198b64adb47b8aa86d19c7af9168ca8919097579984168ba4b2254
                                                                                                                              • Instruction ID: 8c7c89e59df7b4709da067e0fd7ec9be99446db0afc11a297a964fac99c2b4a6
                                                                                                                              • Opcode Fuzzy Hash: a37d31d288198b64adb47b8aa86d19c7af9168ca8919097579984168ba4b2254
                                                                                                                              • Instruction Fuzzy Hash: E5116A71901205EEDB11CF64CA599AEBAB4AB19348F60447FE042B62C0D6B88A45DB6D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 59%
                                                                                                                              			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42f450;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42ebec =  *0x42ebec + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42ebec, 0x7530,  *0x42ebd4), 0); // executed
					}
				}
				return 0;
			}











                                                                                                                              0x0040138a
                                                                                                                              0x004013fa
                                                                                                                              0x0040139b
                                                                                                                              0x004013a0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004013a2
                                                                                                                              0x004013a3
                                                                                                                              0x004013ad
                                                                                                                              0x00000000
                                                                                                                              0x00401404
                                                                                                                              0x004013b0
                                                                                                                              0x004013b7
                                                                                                                              0x004013bd
                                                                                                                              0x004013be
                                                                                                                              0x004013c0
                                                                                                                              0x004013c2
                                                                                                                              0x004013b9
                                                                                                                              0x004013b9
                                                                                                                              0x004013ba
                                                                                                                              0x004013ba
                                                                                                                              0x004013c9
                                                                                                                              0x004013cb
                                                                                                                              0x004013f4
                                                                                                                              0x004013f4
                                                                                                                              0x004013c9
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                              • SendMessageA.USER32 ref: 004013F4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3850602802-0
                                                                                                                              • Opcode ID: 3ffebd5fca59fb87aab51f7597ede924ce92eaed1a0ec0a619fe9c5b1ad01a7d
                                                                                                                              • Instruction ID: 5ed4d9c38c73c282456bb639181f16eab54b9a7fb1a82fe129ff52a3f74c88ba
                                                                                                                              • Opcode Fuzzy Hash: 3ffebd5fca59fb87aab51f7597ede924ce92eaed1a0ec0a619fe9c5b1ad01a7d
                                                                                                                              • Instruction Fuzzy Hash: B101F4317242109BE7199B399D04B6A3698E710719F54823FF852F61F1D678EC028B4C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004023E8 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004023E8(void* __ebx, void* __edx) {
				long _t6;
				void* _t9;
				long _t11;
				void* _t13;
				long _t18;
				void* _t20;
				void* _t22;
				void* _t23;

				_t13 = __ebx;
				_t26 =  *(_t23 - 0x24) - __ebx;
				_t20 = __edx;
				if( *(_t23 - 0x24) != __ebx) {
					_t6 = E00402BEA(_t20, E00402B2C(0x22),  *(_t23 - 0x24) >> 1); // executed
					_t18 = _t6;
					goto L4;
				} else {
					_t9 = E00402B6C(_t26, 2); // executed
					_t22 = _t9;
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t11 = RegDeleteValueA(_t22, E00402B2C(0x33)); // executed
						_t18 = _t11; // executed
						RegCloseKey(_t22); // executed
						L4:
						if(_t18 != _t13) {
							goto L6;
						}
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}











                                                                                                                              0x004023e8
                                                                                                                              0x004023e8
                                                                                                                              0x004023eb
                                                                                                                              0x004023ed
                                                                                                                              0x00402429
                                                                                                                              0x0040242e
                                                                                                                              0x00000000
                                                                                                                              0x004023ef
                                                                                                                              0x004023f1
                                                                                                                              0x004023f6
                                                                                                                              0x004023fa
                                                                                                                              0x00402783
                                                                                                                              0x00402783
                                                                                                                              0x00402400
                                                                                                                              0x00402409
                                                                                                                              0x00402410
                                                                                                                              0x00402412
                                                                                                                              0x00402430
                                                                                                                              0x00402432
                                                                                                                              0x00000000
                                                                                                                              0x00402438
                                                                                                                              0x00402432
                                                                                                                              0x004023fa
                                                                                                                              0x004029bb
                                                                                                                              0x004029c7

                                                                                                                              APIs
                                                                                                                              • RegDeleteValueA.KERNELBASE(00000000,00000000,00000033), ref: 00402409
                                                                                                                              • RegCloseKey.KERNELBASE(00000000), ref: 00402412
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseDeleteValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2831762973-0
                                                                                                                              • Opcode ID: e7d8a32b6411c19df594e44ef8f442ab4c5114c567b1e7e96baca4bbbe39ce49
                                                                                                                              • Instruction ID: 992cd2d97de9e3103286cc81bf95427654d5587fd7cb6228862516595ad29640
                                                                                                                              • Opcode Fuzzy Hash: e7d8a32b6411c19df594e44ef8f442ab4c5114c567b1e7e96baca4bbbe39ce49
                                                                                                                              • Instruction Fuzzy Hash: 17F0BB32A00120ABD701AFB89B4DBAE72B9DB54314F15017FF502B72C1D5F85E01876D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405209 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 50%
                                                                                                                              			E00405209(signed int __eax) {
				intOrPtr _v0;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t12;

				_t11 =  *0x42f448;
				_t10 =  *0x42f44c;
				__imp__OleInitialize(0);
				 *0x42f4d8 =  *0x42f4d8 | __eax;
				E004040EA(0);
				if(_t10 != 0) {
					_t12 = _t11 + 0xc;
					while(1) {
						_t10 = _t10 - 1;
						if(( *(_t12 - 4) & 0x00000001) != 0 && E00401389( *_t12, _v0) != 0) {
							break;
						}
						_t12 = _t12 + 0x418;
						if(_t10 != 0) {
							continue;
						} else {
						}
						goto L7;
					}
					 *0x42f4ac =  *0x42f4ac + 1;
				}
				L7:
				E004040EA(0x404); // executed
				__imp__OleUninitialize(); // executed
				return  *0x42f4ac;
			}







                                                                                                                              0x0040520a
                                                                                                                              0x00405211
                                                                                                                              0x00405219
                                                                                                                              0x0040521f
                                                                                                                              0x00405227
                                                                                                                              0x0040522e
                                                                                                                              0x00405230
                                                                                                                              0x00405233
                                                                                                                              0x00405233
                                                                                                                              0x00405238
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405249
                                                                                                                              0x00405251
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405253
                                                                                                                              0x00000000
                                                                                                                              0x00405251
                                                                                                                              0x00405255
                                                                                                                              0x00405255
                                                                                                                              0x0040525b
                                                                                                                              0x00405260
                                                                                                                              0x00405265
                                                                                                                              0x00405272

                                                                                                                              APIs
                                                                                                                              • OleInitialize.OLE32(00000000), ref: 00405219
                                                                                                                                • Part of subcall function 004040EA: SendMessageA.USER32 ref: 004040FC
                                                                                                                              • OleUninitialize.OLE32(00000404,00000000), ref: 00405265
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeMessageSendUninitialize
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2896919175-0
                                                                                                                              • Opcode ID: ff5a6a7b65a814117e5c60406d4b68c11f41b4a06df9feb66e55404f69fd7fd5
                                                                                                                              • Instruction ID: 9a3391529ab878983223843ca161e5b6bea3d4eac8d78fefe4e57b08d02bc963
                                                                                                                              • Opcode Fuzzy Hash: ff5a6a7b65a814117e5c60406d4b68c11f41b4a06df9feb66e55404f69fd7fd5
                                                                                                                              • Instruction Fuzzy Hash: 7CF02E76600A009BE7607B419D00B2773B0EFE4304F89407EEF84B32E0C6B4480A8E2D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004063A8 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004063A8(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a240);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a240));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a244));
				}
				_t5 = E0040633A(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                                                              0x004063b0
                                                                                                                              0x004063b3
                                                                                                                              0x004063ba
                                                                                                                              0x004063c2
                                                                                                                              0x004063ce
                                                                                                                              0x00000000
                                                                                                                              0x004063d5
                                                                                                                              0x004063c5
                                                                                                                              0x004063cc
                                                                                                                              0x00000000
                                                                                                                              0x004063dd
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(?,?,?,004032DE,0000000A), ref: 004063BA
                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 004063D5
                                                                                                                                • Part of subcall function 0040633A: GetSystemDirectoryA.KERNEL32 ref: 00406351
                                                                                                                                • Part of subcall function 0040633A: wsprintfA.USER32 ref: 0040638A
                                                                                                                                • Part of subcall function 0040633A: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040639E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2547128583-0
                                                                                                                              • Opcode ID: dd9300423111a071ed2c714751f7876f95e5d132df45129638b184150075da19
                                                                                                                              • Instruction ID: 650a49b09a3c495eabc0f371936d9c907298e200c4f2363c251d84495e191d7a
                                                                                                                              • Opcode Fuzzy Hash: dd9300423111a071ed2c714751f7876f95e5d132df45129638b184150075da19
                                                                                                                              • Instruction Fuzzy Hash: B4E08C32604220ABD2106A74AE0493B72A89E94710302083EF947F2240DB389C3697AD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405BA9 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E00405BA9(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                              0x00405bad
                                                                                                                              0x00405bba
                                                                                                                              0x00405bcf
                                                                                                                              0x00405bd5

                                                                                                                              APIs
                                                                                                                              • GetFileAttributesA.KERNELBASE(00000003,00402E04,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405BAD
                                                                                                                              • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BCF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 415043291-0
                                                                                                                              • Opcode ID: 80243517f436f95d2d00e5b5224d95f101b34955670c918b0becce4e09b30ec3
                                                                                                                              • Instruction ID: 6905ba7dec075751c4c8bdaf1e97cd52a4ed4154a0977e2bcfee25d1bc4df630
                                                                                                                              • Opcode Fuzzy Hash: 80243517f436f95d2d00e5b5224d95f101b34955670c918b0becce4e09b30ec3
                                                                                                                              • Instruction Fuzzy Hash: F5D09E31254201EFEF098F20DE16F2EBBA2EB94B00F11952CB682944E1DA715819AB19
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405B84 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405B84(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                                                                              0x00405b89
                                                                                                                              0x00405b8f
                                                                                                                              0x00405b94
                                                                                                                              0x00405b9d
                                                                                                                              0x00405b9d
                                                                                                                              0x00405ba6

                                                                                                                              APIs
                                                                                                                              • GetFileAttributesA.KERNELBASE(?,?,0040579C,?,?,00000000,0040597F,?,?,?,?), ref: 00405B89
                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405B9D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AttributesFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3188754299-0
                                                                                                                              • Opcode ID: a53a5738952024e77fe51bdf82e6835a24f68a8863f167a8e3b3ad13dd9f075c
                                                                                                                              • Instruction ID: 89bb1c08115ccb47c9876ad1094a3663263f91dea81084495bed50ebcc9a35d2
                                                                                                                              • Opcode Fuzzy Hash: a53a5738952024e77fe51bdf82e6835a24f68a8863f167a8e3b3ad13dd9f075c
                                                                                                                              • Instruction Fuzzy Hash: B7D0C972504421ABD2102728AE0889BBBA5DB542717028A36F9A5A22B1DB304C569A99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040567A Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040567A(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                                                              0x00405680
                                                                                                                              0x00405688
                                                                                                                              0x00000000
                                                                                                                              0x0040568e
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • CreateDirectoryA.KERNELBASE(?,00000000,0040325E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 00405680
                                                                                                                              • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 0040568E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1375471231-0
                                                                                                                              • Opcode ID: f012ed4f2e447eb03a7c1a9074efbf4aa4d4dcf66ab1e3e2b7403bfb804529af
                                                                                                                              • Instruction ID: cb450b3a329ff4c2b820c3640ee2c86a22e1ba63869c3c930ac7c2b00640337e
                                                                                                                              • Opcode Fuzzy Hash: f012ed4f2e447eb03a7c1a9074efbf4aa4d4dcf66ab1e3e2b7403bfb804529af
                                                                                                                              • Instruction Fuzzy Hash: B3C04C302145029EDA515B319E08B1B7A59AB90781F528839654AE81B0DE768455DD2E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401F48 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 78%
                                                                                                                              			E00401F48(void* __ecx) {
				void* _t8;
				void* _t12;
				void* _t14;
				void* _t16;
				void* _t17;
				void* _t20;
				void* _t22;

				_t16 = __ecx;
				_t19 = E00402B2C(_t14);
				E00405137(0xffffffeb, _t6); // executed
				_t8 = E004056AF(_t19); // executed
				_t20 = _t8;
				if(_t20 == _t14) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x2c)) != _t14) {
						_t12 = E0040641D(_t16, _t20);
						if( *((intOrPtr*)(_t22 - 0x30)) < _t14) {
							if(_t12 != _t14) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E00405F6E(_t17, _t12);
						}
					}
					_push(_t20); // executed
					FindCloseChangeNotification(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}










                                                                                                                              0x00401f48
                                                                                                                              0x00401f4e
                                                                                                                              0x00401f53
                                                                                                                              0x00401f59
                                                                                                                              0x00401f5e
                                                                                                                              0x00401f62
                                                                                                                              0x00402783
                                                                                                                              0x00401f68
                                                                                                                              0x00401f6b
                                                                                                                              0x00401f6e
                                                                                                                              0x00401f76
                                                                                                                              0x00401f83
                                                                                                                              0x00401f85
                                                                                                                              0x00401f85
                                                                                                                              0x00401f78
                                                                                                                              0x00401f7a
                                                                                                                              0x00401f7a
                                                                                                                              0x00401f76
                                                                                                                              0x00401f8c
                                                                                                                              0x00401f8d
                                                                                                                              0x00401f8d
                                                                                                                              0x004029bb
                                                                                                                              0x004029c7

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00405137: lstrlenA.KERNEL32(Completed,00000000,007D844C,74D0EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                                                                                • Part of subcall function 00405137: lstrlenA.KERNEL32(00403156,Completed,00000000,007D844C,74D0EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                                                                                • Part of subcall function 00405137: lstrcatA.KERNEL32(Completed,00403156,00403156,Completed,00000000,007D844C,74D0EA30), ref: 00405193
                                                                                                                                • Part of subcall function 00405137: SetWindowTextA.USER32(Completed,Completed), ref: 004051A5
                                                                                                                                • Part of subcall function 00405137: SendMessageA.USER32 ref: 004051CB
                                                                                                                                • Part of subcall function 00405137: SendMessageA.USER32 ref: 004051E5
                                                                                                                                • Part of subcall function 00405137: SendMessageA.USER32 ref: 004051F3
                                                                                                                                • Part of subcall function 004056AF: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C078,Error launching installer), ref: 004056D8
                                                                                                                                • Part of subcall function 004056AF: CloseHandle.KERNEL32(?), ref: 004056E5
                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401F8D
                                                                                                                                • Part of subcall function 0040641D: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040642E
                                                                                                                                • Part of subcall function 0040641D: GetExitCodeProcess.KERNEL32 ref: 00406450
                                                                                                                                • Part of subcall function 00405F6E: wsprintfA.USER32 ref: 00405F7B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1543427666-0
                                                                                                                              • Opcode ID: 4d1dbd549cc0ea850eaf704625dc632adefc872b984d05e79ff9616bf0b299dc
                                                                                                                              • Instruction ID: 496c5526ea8919913ac139df2c9003272b56504e991eb5cf70cacdc6c7c0cc95
                                                                                                                              • Opcode Fuzzy Hash: 4d1dbd549cc0ea850eaf704625dc632adefc872b984d05e79ff9616bf0b299dc
                                                                                                                              • Instruction Fuzzy Hash: B2F09072A04121ABCB21BBA59A849EF72A8DF41314F51017BE901B72D1C37C0A428ABE
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004026EF Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 40%
                                                                                                                              			E004026EF(intOrPtr __edx, void* __eflags) {
				long _t7;
				long _t9;
				LONG* _t11;
				void* _t13;
				intOrPtr _t14;
				void* _t17;
				void* _t19;

				_t14 = __edx;
				_push(ds);
				if(__eflags != 0) {
					_t7 = E00402B0A(2);
					_pop(_t13);
					 *((intOrPtr*)(_t19 - 0x10)) = _t14;
					_t9 = SetFilePointer(E00405F87(_t13, _t17), _t7, _t11,  *(_t19 - 0x28)); // executed
					if( *((intOrPtr*)(_t19 - 0x30)) >= _t11) {
						_push(_t9);
						E00405F6E();
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}










                                                                                                                              0x004026ef
                                                                                                                              0x004026ef
                                                                                                                              0x004026f0
                                                                                                                              0x004026f8
                                                                                                                              0x004026fd
                                                                                                                              0x004026fe
                                                                                                                              0x0040270d
                                                                                                                              0x00402716
                                                                                                                              0x0040295e
                                                                                                                              0x00402960
                                                                                                                              0x00402960
                                                                                                                              0x00402716
                                                                                                                              0x004029bb
                                                                                                                              0x004029c7

                                                                                                                              APIs
                                                                                                                              • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 0040270D
                                                                                                                                • Part of subcall function 00405F6E: wsprintfA.USER32 ref: 00405F7B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FilePointerwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 327478801-0
                                                                                                                              • Opcode ID: e2356404ccad4a8935ddbf8fc280853e41599541898f6f199fb76157ee16f907
                                                                                                                              • Instruction ID: 342abdd748c97434aad0a636f6a3342ea7e6d44647dfd0d52b4034c74de68662
                                                                                                                              • Opcode Fuzzy Hash: e2356404ccad4a8935ddbf8fc280853e41599541898f6f199fb76157ee16f907
                                                                                                                              • Instruction Fuzzy Hash: 32E06DB2700215ABD702ABA4AE89DBF776CEB44314F10043BF200F10C0C6B948428A69
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040273B Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 41%
                                                                                                                              			E0040273B(char __ebx, void* __ecx, char* __esi, void* __eflags) {
				void* _t5;
				int _t8;
				char _t11;
				void* _t15;
				void* _t19;

				_t17 = __esi;
				_t11 = __ebx;
				_t5 = E00405F87(__ecx, _t15);
				if(_t5 == __ebx) {
					L2:
					 *((intOrPtr*)(_t19 - 4)) = 1;
					 *_t17 = _t11;
				} else {
					_t8 = FindNextFileA(_t5, _t19 - 0x1c8); // executed
					if(_t8 != 0) {
						_push(_t19 - 0x19c);
						_push(__esi);
						E00406010();
					} else {
						goto L2;
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}








                                                                                                                              0x0040273b
                                                                                                                              0x0040273b
                                                                                                                              0x0040273c
                                                                                                                              0x00402743
                                                                                                                              0x00402757
                                                                                                                              0x00402757
                                                                                                                              0x0040275e
                                                                                                                              0x00402745
                                                                                                                              0x0040274d
                                                                                                                              0x00402755
                                                                                                                              0x0040279c
                                                                                                                              0x0040279d
                                                                                                                              0x004028d6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402755
                                                                                                                              0x004029bb
                                                                                                                              0x004029c7

                                                                                                                              APIs
                                                                                                                              • FindNextFileA.KERNELBASE(00000000,?), ref: 0040274D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileFindNext
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2029273394-0
                                                                                                                              • Opcode ID: 6c16fb3265d5434a67bbc3a754364c03fa3765a95b5e2a99f6dd1015abf345d3
                                                                                                                              • Instruction ID: d4e75fc674a14897d4eb9114d760336efd11fbe9bbc54defada1aced3dc9a7b2
                                                                                                                              • Opcode Fuzzy Hash: 6c16fb3265d5434a67bbc3a754364c03fa3765a95b5e2a99f6dd1015abf345d3
                                                                                                                              • Instruction Fuzzy Hash: E7E06D726001159BD711EBA49A88AAEB3ACEB15314F60447BD142F31C0E6B999869B29
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405EC4 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405EC4(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00405E1B(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExA(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                                                              0x00405ece
                                                                                                                              0x00405ed7
                                                                                                                              0x00405eed
                                                                                                                              0x00000000
                                                                                                                              0x00405eed
                                                                                                                              0x00405edb
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • RegCreateKeyExA.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402BDD,00000000,?,?), ref: 00405EED
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Create
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2289755597-0
                                                                                                                              • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                              • Instruction ID: 1d4fb08659ff36ace7b23f5759770be8a1f2413d8495cc917bdfefdc51ec9cff
                                                                                                                              • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                              • Instruction Fuzzy Hash: 64E0E67201050DBEDF195F50DD0AD7B371DE704304F10492EFA45D5150E6B5AA716B78
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405C50 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405C50(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                              0x00405c54
                                                                                                                              0x00405c64
                                                                                                                              0x00405c6c
                                                                                                                              0x00000000
                                                                                                                              0x00405c73
                                                                                                                              0x00000000
                                                                                                                              0x00405c75

                                                                                                                              APIs
                                                                                                                              • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004031D6,00000000,0041D428,000000FF,0041D428,000000FF,000000FF,00000004,00000000), ref: 00405C64
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileWrite
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3934441357-0
                                                                                                                              • Opcode ID: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
                                                                                                                              • Instruction ID: df976955bb7b77361248817f919be03bb6bd2f6f3b4dc1c0c3d16748aaf5f5c5
                                                                                                                              • Opcode Fuzzy Hash: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
                                                                                                                              • Instruction Fuzzy Hash: 65E0EC3221476EABEF509F559D04EEB7B6CEB06360F004436FE25E2550D631E9219BA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405C21 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405C21(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                              0x00405c25
                                                                                                                              0x00405c35
                                                                                                                              0x00405c3d
                                                                                                                              0x00000000
                                                                                                                              0x00405c44
                                                                                                                              0x00000000
                                                                                                                              0x00405c46

                                                                                                                              APIs
                                                                                                                              • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403220,00000000,00000000,0040304A,000000FF,00000004,00000000,00000000,00000000), ref: 00405C35
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileRead
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2738559852-0
                                                                                                                              • Opcode ID: c828ac78080eafadef002e80ceae40fa9d69551b6ff84e56452d6cc727993955
                                                                                                                              • Instruction ID: 6d14d449f293f6f00ca5a49b865ea561f53b7d8d8b79739f6419f9b8fb6d3ad5
                                                                                                                              • Opcode Fuzzy Hash: c828ac78080eafadef002e80ceae40fa9d69551b6ff84e56452d6cc727993955
                                                                                                                              • Instruction Fuzzy Hash: 9EE0EC3221476AABEF109E559C00EEB7B6CEB05361F008836F915E3150D631E8219FA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 73912921 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x73914038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x7391404c, 4, 0x40, 0x7391403c); // executed
					 *0x7391404c = 0xc2;
					 *0x7391403c = 0;
					 *0x73914044 = 0;
					 *0x73914058 = 0;
					 *0x73914048 = 0;
					 *0x73914040 = 0;
					 *0x73914050 = 0;
					 *0x7391404e = 0;
				}
				return 1;
			}



                                                                                                                              0x7391292a
                                                                                                                              0x7391292f
                                                                                                                              0x7391293f
                                                                                                                              0x73912947
                                                                                                                              0x7391294e
                                                                                                                              0x73912953
                                                                                                                              0x73912958
                                                                                                                              0x7391295d
                                                                                                                              0x73912962
                                                                                                                              0x73912967
                                                                                                                              0x7391296c
                                                                                                                              0x7391296c
                                                                                                                              0x73912974

                                                                                                                              APIs
                                                                                                                              • VirtualProtect.KERNELBASE(7391404C,00000004,00000040,7391403C), ref: 7391293F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.523462386.0000000073911000.00000020.00000001.01000000.00000005.sdmp, Offset: 73910000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.523447585.0000000073910000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.523475506.0000000073913000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.523488453.0000000073915000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_73910000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ProtectVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 544645111-0
                                                                                                                              • Opcode ID: 60cfda6316338315a49601ce77bc2bd921b4ab6affec93f9a2934ad46e9abd4b
                                                                                                                              • Instruction ID: 58c34c5932723a0c7e73916fe16ccf69b53c5c1cb0eb10605db4d0b73bbf7f1f
                                                                                                                              • Opcode Fuzzy Hash: 60cfda6316338315a49601ce77bc2bd921b4ab6affec93f9a2934ad46e9abd4b
                                                                                                                              • Instruction Fuzzy Hash: 96F079B2A0C2A1DEC362EF6B88847153EF0A35C254B2A453AE59CFF281F3344554CF52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405E96 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405E96(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00405E1B(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExA(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                                                              0x00405ea0
                                                                                                                              0x00405ea7
                                                                                                                              0x00405eba
                                                                                                                              0x00000000
                                                                                                                              0x00405eba
                                                                                                                              0x00405eab
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,?,?,?,?,?,00405F24,?,?,?,?,00000002,: Completed), ref: 00405EBA
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Open
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 71445658-0
                                                                                                                              • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                              • Instruction ID: 4562f56e26d1b405a4b2aa3aa7a0366252bc09d65f2ff82b9814b1ce5e7315b9
                                                                                                                              • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                              • Instruction Fuzzy Hash: 19D0EC3200020DBADF115F90DD05FAB3B2EEB04310F004426FA45A50A0D775D630AA58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402721 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00402721(void* __ebx, void* __eflags) {
				void* _t2;
				void* _t8;
				void* _t10;
				void* _t12;

				_t2 = E00405F87(_t8, _t10);
				if(_t2 != __ebx) {
					FindClose(_t2); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t12 - 4));
				return 0;
			}







                                                                                                                              0x00402722
                                                                                                                              0x00402729
                                                                                                                              0x00402730
                                                                                                                              0x00402730
                                                                                                                              0x004029bb
                                                                                                                              0x004029c7

                                                                                                                              APIs
                                                                                                                              • FindClose.KERNELBASE(00000000), ref: 00402730
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseFind
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1863332320-0
                                                                                                                              • Opcode ID: 4506bba4b704d6741d86915a9ca1c5bc908dce85ff837cb48e803fd9577ae136
                                                                                                                              • Instruction ID: 19961fc132e34598667f6606421f923b3b198842f905c93f4125f20b851fcaf6
                                                                                                                              • Opcode Fuzzy Hash: 4506bba4b704d6741d86915a9ca1c5bc908dce85ff837cb48e803fd9577ae136
                                                                                                                              • Instruction Fuzzy Hash: 8DD012737011019BC711EBE8AB8895F73A8EB61365B600437D141F6180D67C89064A6D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040409E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040409E(intOrPtr _a12) {
				intOrPtr _v0;
				struct HWND__* _v4;
				int _t7;
				void* _t8;
				void* _t9;
				void* _t10;

				_t7 = SetDlgItemTextA(_v4, _v0 + 0x3e8, E00406032(_t8, _t9, _t10, 0, _a12)); // executed
				return _t7;
			}









                                                                                                                              0x004040b8
                                                                                                                              0x004040bd

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ItemText
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3367045223-0
                                                                                                                              • Opcode ID: 3342009c4bcc52ea6558533371d894f69e84579cd7c87dcd0a7fc8e4b7aae4f8
                                                                                                                              • Instruction ID: 6a473d6abd2afb14868c07d698b52ed5b96812309ea8467a529f180f5ae5c3ae
                                                                                                                              • Opcode Fuzzy Hash: 3342009c4bcc52ea6558533371d894f69e84579cd7c87dcd0a7fc8e4b7aae4f8
                                                                                                                              • Instruction Fuzzy Hash: 7BC04C75188300FFD641E769CC42F1FB7DDEFA4716F40C52EB15CA11D1C63589209A26
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004040EA Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004040EA(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x42ebd8; // 0x1041c
				if(_t2 != 0) {
					_t3 = SendMessageA(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                                                                              0x004040ea
                                                                                                                              0x004040f1
                                                                                                                              0x004040fc
                                                                                                                              0x00000000
                                                                                                                              0x004040fc
                                                                                                                              0x00404102

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3850602802-0
                                                                                                                              • Opcode ID: 72d0fdd0e21cb56c477cf419d385c95605940825065c69d2cee1e8d6d2b2924a
                                                                                                                              • Instruction ID: 7943fe6562f209d381c89a283f4c80e3b99f892abcbfa0530db3e7c971cb473d
                                                                                                                              • Opcode Fuzzy Hash: 72d0fdd0e21cb56c477cf419d385c95605940825065c69d2cee1e8d6d2b2924a
                                                                                                                              • Instruction Fuzzy Hash: D1C04C717406006AEA20CB519D4DF0677556750B01F5484797351E50D0C674E850DA1C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403223 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00403223(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                              0x00403231
                                                                                                                              0x00403237

                                                                                                                              APIs
                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402F89,?), ref: 00403231
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FilePointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 973152223-0
                                                                                                                              • Opcode ID: af556f1437a27586b8d302be8c6d190c2fb2fb51029204f11d8d070fc2108142
                                                                                                                              • Instruction ID: 81fdcbbc46e9ac73494c3809a02cbb86869920566b24394b282a4516d046c7b0
                                                                                                                              • Opcode Fuzzy Hash: af556f1437a27586b8d302be8c6d190c2fb2fb51029204f11d8d070fc2108142
                                                                                                                              • Instruction Fuzzy Hash: 32B01231140300BFDA214F00DF09F057B21AB90700F10C034B384780F086711075EB0D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004040D3 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004040D3(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x42f408, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                                                              0x004040e1
                                                                                                                              0x004040e7

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3850602802-0
                                                                                                                              • Opcode ID: 2bf10b83fa6dd9bc40a18547b02fbce2a65827e50004d0a7ab2884d4d9fdcea2
                                                                                                                              • Instruction ID: 0adc9c0e194aa77c868d6ef978719a9753de7db756a7c543b14a3307e76eee0a
                                                                                                                              • Opcode Fuzzy Hash: 2bf10b83fa6dd9bc40a18547b02fbce2a65827e50004d0a7ab2884d4d9fdcea2
                                                                                                                              • Instruction Fuzzy Hash: B2B09235280A00AAEA215B00DE09F467A62A764701F408038B240250B1CAB200A6DB18
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004040C0 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004040C0(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x42a86c, _a4); // executed
				return _t2;
			}




                                                                                                                              0x004040ca
                                                                                                                              0x004040d0

                                                                                                                              APIs
                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,00403E9C), ref: 004040CA
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2492992576-0
                                                                                                                              • Opcode ID: a5e593389213340eb0093cabe197c3c64578a6f34cb7028dbabfa569c0510a2c
                                                                                                                              • Instruction ID: d750239a91494785f156a03a2b8d5ac9aaa4eec5ddabb582aaccf4f48b9497e5
                                                                                                                              • Opcode Fuzzy Hash: a5e593389213340eb0093cabe197c3c64578a6f34cb7028dbabfa569c0510a2c
                                                                                                                              • Instruction Fuzzy Hash: C9A012710000009BCB015B00EF04C057F61AB507007018434A2404003186310432FF1D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004014D6(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402B0A(_t7);
				 *((intOrPtr*)(_t13 - 0x10)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                                                                                              0x004014d6
                                                                                                                              0x004014d7
                                                                                                                              0x004014e0
                                                                                                                              0x004014e3
                                                                                                                              0x004014e7
                                                                                                                              0x004014e7
                                                                                                                              0x004014e9
                                                                                                                              0x004029bb
                                                                                                                              0x004029c7

                                                                                                                              APIs
                                                                                                                              • Sleep.KERNELBASE(00000000), ref: 004014E9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Sleep
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3472027048-0
                                                                                                                              • Opcode ID: 304e40c09ca84ea39dbdbc89486c3f13133389b82dc946018d0dbde829e4e3d0
                                                                                                                              • Instruction ID: bd841e02301729f6c733b5dcab67e03884b535d4bcf0bc385101bf129f75e5b0
                                                                                                                              • Opcode Fuzzy Hash: 304e40c09ca84ea39dbdbc89486c3f13133389b82dc946018d0dbde829e4e3d0
                                                                                                                              • Instruction Fuzzy Hash: A6D05E73B10201CBD710EBB8AE8485F73B8E7503257604837D542F2191E6B8C9428668
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 00404530 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 78%
                                                                                                                              			E00404530(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;
				void* _t205;

				_t156 = __edx;
				_t82 =  *0x42a048; // 0x758dbc
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x430000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405710(0x3fb, _t146);
					E0040627A(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405710(0x3fb, _t146);
							if(E00405A96(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00406010(0x429840, _t146);
							_t87 = E004063A8(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406010(0x429840, _t146);
								_t89 = E00405A41(0x429840);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x429840,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x429840) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x429840,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E004059EF(0x429840);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x429840) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E004049C4(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42ebdc; // 0x75d51b
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E004049AC(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x429830);
									} else {
										E004048E7(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42f4c4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E004040C0(0 | _v8 == _t158);
								if(_v8 == _t158) {
									_t205 =  *0x42a860 - _t158; // 0x0
									if(_t205 == 0) {
										E00404489();
									}
								}
								 *0x42a860 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x42a870;
							_v60 = E00404881;
							_v56 = _t146;
							_v68 = E00406032(_t146, 0x42a870, _t166, 0x429c48, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004059A8(_t146);
								_t125 =  *((intOrPtr*)( *0x42f414 + 0x11c));
								if( *((intOrPtr*)( *0x42f414 + 0x11c)) != 0 && _t146 == "C:\\Program Files (x86)\\Wildix\\WIService") {
									E00406032(_t146, 0x42a870, _t166, 0, _t125);
									if(lstrcmpiA(0x42e3a0, 0x42a870) != 0) {
										lstrcatA(_t146, 0x42e3a0);
									}
								}
								 *0x42a860 =  *0x42a860 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					} else {
						_a8 = 0x40f;
						goto L12;
					}
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405A15(_t146) != 0 && E00405A41(_t146) == 0) {
						E004059A8(_t146);
					}
					 *0x42ebd8 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E0040409E(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E0040409E(_t166);
					E004040D3(_t165);
					_t138 = E004063A8(7);
					if(_t138 == 0) {
						L53:
						return E00404105(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}















































                                                                                                                              0x00404530
                                                                                                                              0x00404536
                                                                                                                              0x0040453c
                                                                                                                              0x00404549
                                                                                                                              0x00404557
                                                                                                                              0x0040455a
                                                                                                                              0x00404562
                                                                                                                              0x00404568
                                                                                                                              0x00404568
                                                                                                                              0x00404574
                                                                                                                              0x00404577
                                                                                                                              0x004045e5
                                                                                                                              0x004045ec
                                                                                                                              0x004046c3
                                                                                                                              0x004046ca
                                                                                                                              0x004046d9
                                                                                                                              0x004046d9
                                                                                                                              0x004046dd
                                                                                                                              0x004046e7
                                                                                                                              0x004046f4
                                                                                                                              0x004046f6
                                                                                                                              0x004046f6
                                                                                                                              0x00404704
                                                                                                                              0x0040470b
                                                                                                                              0x00404712
                                                                                                                              0x00404715
                                                                                                                              0x0040474c
                                                                                                                              0x0040474e
                                                                                                                              0x00404754
                                                                                                                              0x00404759
                                                                                                                              0x0040475d
                                                                                                                              0x0040475f
                                                                                                                              0x0040475f
                                                                                                                              0x0040477b
                                                                                                                              0x00000000
                                                                                                                              0x0040477d
                                                                                                                              0x00404780
                                                                                                                              0x0040478e
                                                                                                                              0x00404794
                                                                                                                              0x00404795
                                                                                                                              0x00404798
                                                                                                                              0x0040479b
                                                                                                                              0x00000000
                                                                                                                              0x0040479b
                                                                                                                              0x00404717
                                                                                                                              0x00404719
                                                                                                                              0x0040471d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040471f
                                                                                                                              0x0040471f
                                                                                                                              0x0040472c
                                                                                                                              0x00404731
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404735
                                                                                                                              0x00404737
                                                                                                                              0x00404737
                                                                                                                              0x0040473f
                                                                                                                              0x00404741
                                                                                                                              0x00404744
                                                                                                                              0x00404747
                                                                                                                              0x0040474a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040474a
                                                                                                                              0x004047a7
                                                                                                                              0x004047b1
                                                                                                                              0x004047b4
                                                                                                                              0x004047b7
                                                                                                                              0x004047be
                                                                                                                              0x004047be
                                                                                                                              0x004047c0
                                                                                                                              0x004047c0
                                                                                                                              0x004047c5
                                                                                                                              0x004047c7
                                                                                                                              0x004047cf
                                                                                                                              0x004047d6
                                                                                                                              0x004047d8
                                                                                                                              0x004047e3
                                                                                                                              0x004047e3
                                                                                                                              0x004047d8
                                                                                                                              0x004047ea
                                                                                                                              0x004047f3
                                                                                                                              0x004047fd
                                                                                                                              0x00404805
                                                                                                                              0x00404820
                                                                                                                              0x00404807
                                                                                                                              0x00404810
                                                                                                                              0x00404810
                                                                                                                              0x00404805
                                                                                                                              0x00404825
                                                                                                                              0x0040482a
                                                                                                                              0x0040482f
                                                                                                                              0x00404838
                                                                                                                              0x00404838
                                                                                                                              0x00404841
                                                                                                                              0x00404843
                                                                                                                              0x00404843
                                                                                                                              0x0040484f
                                                                                                                              0x00404857
                                                                                                                              0x00404859
                                                                                                                              0x0040485f
                                                                                                                              0x00404861
                                                                                                                              0x00404861
                                                                                                                              0x0040485f
                                                                                                                              0x00404866
                                                                                                                              0x00000000
                                                                                                                              0x00404866
                                                                                                                              0x00404715
                                                                                                                              0x004046cc
                                                                                                                              0x004046d3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004046d3
                                                                                                                              0x004045f2
                                                                                                                              0x004045fb
                                                                                                                              0x00404615
                                                                                                                              0x0040461a
                                                                                                                              0x00404624
                                                                                                                              0x0040462b
                                                                                                                              0x00404637
                                                                                                                              0x0040463a
                                                                                                                              0x0040463d
                                                                                                                              0x00404644
                                                                                                                              0x0040464c
                                                                                                                              0x0040464f
                                                                                                                              0x00404653
                                                                                                                              0x0040465a
                                                                                                                              0x00404662
                                                                                                                              0x004046bc
                                                                                                                              0x00404664
                                                                                                                              0x00404665
                                                                                                                              0x0040466c
                                                                                                                              0x00404676
                                                                                                                              0x0040467e
                                                                                                                              0x0040468b
                                                                                                                              0x0040469f
                                                                                                                              0x004046a3
                                                                                                                              0x004046a3
                                                                                                                              0x0040469f
                                                                                                                              0x004046a8
                                                                                                                              0x004046b5
                                                                                                                              0x004046b5
                                                                                                                              0x00404662
                                                                                                                              0x00000000
                                                                                                                              0x0040461a
                                                                                                                              0x00404608
                                                                                                                              0x00000000
                                                                                                                              0x0040460e
                                                                                                                              0x0040460e
                                                                                                                              0x00000000
                                                                                                                              0x0040460e
                                                                                                                              0x00404579
                                                                                                                              0x00404586
                                                                                                                              0x0040458f
                                                                                                                              0x0040459c
                                                                                                                              0x0040459c
                                                                                                                              0x004045a3
                                                                                                                              0x004045a9
                                                                                                                              0x004045b2
                                                                                                                              0x004045b5
                                                                                                                              0x004045b8
                                                                                                                              0x004045c0
                                                                                                                              0x004045c3
                                                                                                                              0x004045c6
                                                                                                                              0x004045cc
                                                                                                                              0x004045d3
                                                                                                                              0x004045da
                                                                                                                              0x0040486c
                                                                                                                              0x0040487e
                                                                                                                              0x004045e0
                                                                                                                              0x004045e3
                                                                                                                              0x00000000
                                                                                                                              0x004045e3
                                                                                                                              0x004045da

                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32 ref: 0040457F
                                                                                                                              • SetWindowTextA.USER32(00000000,?), ref: 004045A9
                                                                                                                              • SHBrowseForFolderA.SHELL32(?,00429C48,?), ref: 0040465A
                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404665
                                                                                                                              • lstrcmpiA.KERNEL32(: Completed,Wildix WIService v2.15.2 Setup: Completed,00000000,?,?), ref: 00404697
                                                                                                                              • lstrcatA.KERNEL32(?,: Completed), ref: 004046A3
                                                                                                                              • SetDlgItemTextA.USER32 ref: 004046B5
                                                                                                                                • Part of subcall function 00405710: GetDlgItemTextA.USER32 ref: 00405723
                                                                                                                                • Part of subcall function 0040627A: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SetupWIService.exe",74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062D2
                                                                                                                                • Part of subcall function 0040627A: CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004062DF
                                                                                                                                • Part of subcall function 0040627A: CharNextA.USER32(?,"C:\Users\user\Desktop\SetupWIService.exe",74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062E4
                                                                                                                                • Part of subcall function 0040627A: CharPrevA.USER32(?,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062F4
                                                                                                                              • GetDiskFreeSpaceA.KERNEL32(00429840,?,?,0000040F,?,00429840,00429840,?,00000001,00429840,?,?,000003FB,?), ref: 00404773
                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040478E
                                                                                                                                • Part of subcall function 004048E7: lstrlenA.KERNEL32(Wildix WIService v2.15.2 Setup: Completed,Wildix WIService v2.15.2 Setup: Completed,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404802,000000DF,00000000,00000400,?), ref: 00404985
                                                                                                                                • Part of subcall function 004048E7: wsprintfA.USER32 ref: 0040498D
                                                                                                                                • Part of subcall function 004048E7: SetDlgItemTextA.USER32 ref: 004049A0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                              • String ID: : Completed$A$C:\Program Files (x86)\Wildix\WIService$Wildix WIService v2.15.2 Setup: Completed
                                                                                                                              • API String ID: 2624150263-1400710911
                                                                                                                              • Opcode ID: f8c5b323b79a30612e5f20638997160abd30a80c2805ffb51c5d0b55a3138d2a
                                                                                                                              • Instruction ID: 05eea3de79cf24fe9bb33e9012793c4f482d3b98f46f23a5f19240ee3c7d349e
                                                                                                                              • Opcode Fuzzy Hash: f8c5b323b79a30612e5f20638997160abd30a80c2805ffb51c5d0b55a3138d2a
                                                                                                                              • Instruction Fuzzy Hash: 78A160B1900218ABDB11AFA6CD45AAF77B8AF85314F14843BF601B62D1D77C8A418B6D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 73911A98 Relevance: 20.1, APIs: 13, Instructions: 591stringlibrarymemoryCOMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 95%
                                                                                                                              			E73911A98() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				CHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				CHAR* _t207;
				signed int _t210;
				void* _t212;
				void* _t214;
				CHAR* _t216;
				void* _t224;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t228;
				signed short _t230;
				struct HINSTANCE__* _t233;
				struct HINSTANCE__* _t235;
				void* _t236;
				char* _t237;
				void* _t248;
				signed char _t249;
				signed int _t250;
				struct HINSTANCE__* _t256;
				void* _t257;
				signed int _t259;
				intOrPtr _t260;
				char* _t263;
				signed int _t268;
				signed int _t271;
				signed int _t273;
				void* _t276;
				void* _t280;
				struct HINSTANCE__* _t282;
				intOrPtr _t285;
				void _t286;
				signed int _t287;
				signed int _t299;
				signed int _t300;
				intOrPtr _t303;
				void* _t304;
				signed int _t308;
				signed int _t311;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				intOrPtr _t319;
				intOrPtr* _t320;
				CHAR* _t321;
				CHAR* _t323;
				CHAR* _t324;
				struct HINSTANCE__* _t325;
				void* _t327;
				signed int _t328;
				void* _t329;

				_t282 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t329 = 0;
				_v52 = 0;
				_v44 = 0;
				_t207 = E73911215();
				_v24 = _t207;
				_v28 = _t207;
				_v48 = E73911215();
				_t320 = E7391123B();
				_v56 = _t320;
				_v12 = _t320;
				while(1) {
					_t210 = _v32;
					_v60 = _t210;
					if(_t210 != _t282 && _t329 == _t282) {
						break;
					}
					_t319 =  *_t320;
					_t285 = _t319;
					_t212 = _t285 - _t282;
					if(_t212 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t214 = _v60 - _t282;
						if(_t214 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							__eflags = _t329 - _t282;
							if(_t329 == _t282) {
								_t329 = GlobalAlloc(0x40, 0x14a4);
								 *(_t329 + 0x810) = _t282;
								 *(_t329 + 0x814) = _t282;
							}
							_t286 = _v36;
							_t47 = _t329 + 8; // 0x8
							_t216 = _t47;
							_t48 = _t329 + 0x408; // 0x408
							_t321 = _t48;
							 *_t329 = _t286;
							 *_t216 =  *_t216 & 0x00000000;
							 *(_t329 + 0x808) = _t282;
							 *_t321 =  *_t321 & 0x00000000;
							_t287 = _t286 - _t282;
							__eflags = _t287;
							 *(_t329 + 0x80c) = _t282;
							 *(_t329 + 4) = _t282;
							if(_t287 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t327 = 0;
								GlobalFree(_t329);
								_t329 = E739112FE(_v24);
								__eflags = _t329 - _t282;
								if(_t329 == _t282) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t248 =  *(_t329 + 0x14a0);
									__eflags = _t248 - _t282;
									if(_t248 == _t282) {
										break;
									}
									_t327 = _t329;
									_t329 = _t248;
									__eflags = _t329 - _t282;
									if(_t329 != _t282) {
										continue;
									}
									break;
								}
								__eflags = _t327 - _t282;
								if(_t327 != _t282) {
									 *(_t327 + 0x14a0) = _t282;
								}
								_t249 =  *(_t329 + 0x810);
								__eflags = _t249 & 0x00000008;
								if((_t249 & 0x00000008) == 0) {
									_t250 = _t249 | 0x00000002;
									__eflags = _t250;
									 *(_t329 + 0x810) = _t250;
								} else {
									_t329 = E73911534(_t329);
									 *(_t329 + 0x810) =  *(_t329 + 0x810) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t299 = _t287 - 1;
								__eflags = _t299;
								if(_t299 == 0) {
									L31:
									lstrcpyA(_t216, _v48);
									L32:
									lstrcpyA(_t321, _v24);
									goto L42;
								}
								_t300 = _t299 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									goto L32;
								}
								__eflags = _t300 != 1;
								if(_t300 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t214 == 1) {
								_t256 = _v16;
								if(_v40 == _t282) {
									_t256 = _t256 - 1;
								}
								 *(_t329 + 0x814) = _t256;
							}
							L42:
							_v12 = _v12 + 1;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t320 = _v12;
								continue;
							}
							break;
						}
					}
					_t257 = _t212 - 0x23;
					if(_t257 == 0) {
						__eflags = _t320 - _v56;
						if(_t320 <= _v56) {
							L17:
							__eflags = _v44 - _t282;
							if(_v44 != _t282) {
								L43:
								_t259 = _v32 - _t282;
								__eflags = _t259;
								if(_t259 == 0) {
									_t260 = _t319;
									while(1) {
										__eflags = _t260 - 0x22;
										if(_t260 != 0x22) {
											break;
										}
										_t320 = _t320 + 1;
										__eflags = _v44 - _t282;
										_v12 = _t320;
										if(_v44 == _t282) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[1]);
											 *_v28 =  *_t320;
											L58:
											_t328 = _t320 + 1;
											__eflags = _t328;
											_v12 = _t328;
											goto L59;
										}
										_t260 =  *_t320;
										_v44 = _t282;
									}
									__eflags = _t260 - 0x2a;
									if(_t260 == 0x2a) {
										_v36 = 2;
										L57:
										_t320 = _v12;
										_v28 = _v24;
										_t282 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t260 - 0x2d;
									if(_t260 == 0x2d) {
										L151:
										_t303 =  *_t320;
										__eflags = _t303 - 0x2d;
										if(_t303 != 0x2d) {
											L154:
											_t263 = _t320 + 1;
											__eflags =  *_t263 - 0x3a;
											if( *_t263 != 0x3a) {
												goto L162;
											}
											__eflags = _t303 - 0x2d;
											if(_t303 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t263;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 =  *_v48 & 0x00000000;
											} else {
												 *_v28 =  *_v28 & 0x00000000;
												lstrcpyA(_v48, _v24);
											}
											goto L57;
										}
										_t263 = _t320 + 1;
										__eflags =  *_t263 - 0x3e;
										if( *_t263 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t260 - 0x3a;
									if(_t260 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t268 = _t259 - 1;
								__eflags = _t268;
								if(_t268 == 0) {
									L80:
									_t304 = _t285 + 0xffffffde;
									__eflags = _t304 - 0x55;
									if(_t304 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t304 + 0x73912259) & 0x000000ff) * 4 +  &M739121CD))) {
										case 0:
											__eax = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												L131:
												__eflags =  *(__edi + 1) - __dl;
												if( *(__edi + 1) != __dl) {
													L136:
													 *__eax =  *__eax & 0x00000000;
													__eax = E73911224(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __cl;
												if(__cl == 0) {
													goto L136;
												}
												__eflags = __cl - __dl;
												if(__cl == __dl) {
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__cl =  *__edi;
												 *__eax =  *__edi;
												__eax = __eax + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 1;
											__ebx = E73911215();
											 &_v12 = E73911A36( &_v12);
											__eax = E73911429(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E73911A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eflags = 0;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t270 =  *(_t329 + 0x814);
											__eflags = _t270 - _v16;
											if(_t270 > _v16) {
												_v16 = _t270;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t270 - (_v36 == 3);
											if(_t270 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E73911A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(3);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x7391305c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x818) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x828) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E73911A36( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x81c)) = _v8;
												_t136 = _v16 + 0x41; // 0x41
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x830)) = 0;
												 *((intOrPtr*)(__edi + 0x82c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x82c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x830; // 0x830
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t271 = _t268 - 1;
								__eflags = _t271;
								if(_t271 == 0) {
									_v16 = _t282;
									goto L80;
								}
								__eflags = _t271 != 1;
								if(_t271 != 1) {
									goto L162;
								}
								__eflags = _t285 - 0x6e;
								if(__eflags > 0) {
									_t308 = _t285 - 0x72;
									__eflags = _t308;
									if(_t308 == 0) {
										_push(4);
										L74:
										_pop(_t273);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t329 + 0x810;
											 *_t96 =  *(_t329 + 0x810) &  !_t273;
											__eflags =  *_t96;
										} else {
											 *(_t329 + 0x810) =  *(_t329 + 0x810) | _t273;
										}
										_v8 = 1;
										goto L57;
									}
									_t311 = _t308 - 1;
									__eflags = _t311;
									if(_t311 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t311 != 0;
									if(_t311 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t314 = _t285 - 0x21;
								__eflags = _t314;
								if(_t314 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t315 = _t314 - 0x11;
								__eflags = _t315;
								if(_t315 == 0) {
									_t273 = 0x100;
									goto L75;
								}
								_t316 = _t315 - 0x31;
								__eflags = _t316;
								if(_t316 == 0) {
									_t273 = 1;
									goto L75;
								}
								__eflags = _t316 != 0;
								if(_t316 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t282;
								_v36 = _t282;
								goto L20;
							}
						}
						__eflags =  *((char*)(_t320 - 1)) - 0x3a;
						if( *((char*)(_t320 - 1)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t282;
						if(_v32 == _t282) {
							goto L43;
						}
						goto L17;
					}
					_t276 = _t257 - 5;
					if(_t276 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t282;
							_v20 = _t282;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t282;
							goto L20;
						}
					}
					_t280 = _t276 - 1;
					if(_t280 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t282;
							_v20 = _t282;
							goto L20;
						}
					}
					if(_t280 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t329 == _t282 ||  *(_t329 + 0x80c) != _t282) {
					L182:
					return _t329;
				} else {
					_t224 =  *_t329 - 1;
					if(_t224 == 0) {
						_t187 = _t329 + 8; // 0x8
						_t323 = _t187;
						__eflags =  *_t323;
						if( *_t323 != 0) {
							_t225 = GetModuleHandleA(_t323);
							__eflags = _t225 - _t282;
							 *(_t329 + 0x808) = _t225;
							if(_t225 != _t282) {
								L171:
								_t192 = _t329 + 0x408; // 0x408
								_t324 = _t192;
								_t226 = E739115C2( *(_t329 + 0x808), _t324);
								__eflags = _t226 - _t282;
								 *(_t329 + 0x80c) = _t226;
								if(_t226 == _t282) {
									__eflags =  *_t324 - 0x23;
									if( *_t324 == 0x23) {
										_t195 = _t329 + 0x409; // 0x409
										_t230 = E739112FE(_t195);
										__eflags = _t230 - _t282;
										if(_t230 != _t282) {
											__eflags = _t230 & 0xffff0000;
											if((_t230 & 0xffff0000) == 0) {
												 *(_t329 + 0x80c) = GetProcAddress( *(_t329 + 0x808), _t230 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t282;
								if(_v52 != _t282) {
									L178:
									_t324[lstrlenA(_t324)] = 0x41;
									_t228 = E739115C2( *(_t329 + 0x808), _t324);
									__eflags = _t228 - _t282;
									if(_t228 != _t282) {
										L166:
										 *(_t329 + 0x80c) = _t228;
										goto L182;
									}
									__eflags =  *(_t329 + 0x80c) - _t282;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t205 = _t329 + 4;
									 *_t205 =  *(_t329 + 4) | 0xffffffff;
									__eflags =  *_t205;
									goto L182;
								} else {
									__eflags =  *(_t329 + 0x80c) - _t282;
									if( *(_t329 + 0x80c) != _t282) {
										goto L182;
									}
									goto L178;
								}
							}
							_t233 = LoadLibraryA(_t323);
							__eflags = _t233 - _t282;
							 *(_t329 + 0x808) = _t233;
							if(_t233 == _t282) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t329 + 0x408; // 0x408
						_t235 = E739112FE(_t188);
						 *(_t329 + 0x80c) = _t235;
						__eflags = _t235 - _t282;
						goto L180;
					}
					_t236 = _t224 - 1;
					if(_t236 == 0) {
						_t185 = _t329 + 0x408; // 0x408
						_t237 = _t185;
						__eflags =  *_t237;
						if( *_t237 == 0) {
							goto L182;
						}
						_t228 = E739112FE(_t237);
						L165:
						goto L166;
					}
					if(_t236 != 1) {
						goto L182;
					}
					_t81 = _t329 + 8; // 0x8
					_t283 = _t81;
					_t325 = E739112FE(_t81);
					 *(_t329 + 0x808) = _t325;
					if(_t325 == 0) {
						goto L181;
					}
					 *(_t329 + 0x84c) =  *(_t329 + 0x84c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x850)) = E73911224(_t283);
					 *(_t329 + 0x83c) =  *(_t329 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x848)) = 1;
					 *((intOrPtr*)(_t329 + 0x838)) = 1;
					_t90 = _t329 + 0x408; // 0x408
					_t228 =  *(_t325->i + E739112FE(_t90) * 4);
					goto L165;
				}
			}


































































                                                                                                                              0x73911aa0
                                                                                                                              0x73911aa3
                                                                                                                              0x73911aa6
                                                                                                                              0x73911aa9
                                                                                                                              0x73911aac
                                                                                                                              0x73911aaf
                                                                                                                              0x73911ab2
                                                                                                                              0x73911ab4
                                                                                                                              0x73911ab7
                                                                                                                              0x73911aba
                                                                                                                              0x73911abf
                                                                                                                              0x73911ac2
                                                                                                                              0x73911aca
                                                                                                                              0x73911ad2
                                                                                                                              0x73911ad4
                                                                                                                              0x73911ad7
                                                                                                                              0x73911adf
                                                                                                                              0x73911adf
                                                                                                                              0x73911ae4
                                                                                                                              0x73911ae7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911af1
                                                                                                                              0x73911af3
                                                                                                                              0x73911af8
                                                                                                                              0x73911afa
                                                                                                                              0x73911b8b
                                                                                                                              0x73911b8b
                                                                                                                              0x73911b8b
                                                                                                                              0x73911b8f
                                                                                                                              0x73911b92
                                                                                                                              0x73911b94
                                                                                                                              0x73911bb6
                                                                                                                              0x73911bb9
                                                                                                                              0x73911bbb
                                                                                                                              0x73911bca
                                                                                                                              0x73911bcc
                                                                                                                              0x73911bd2
                                                                                                                              0x73911bd2
                                                                                                                              0x73911bd8
                                                                                                                              0x73911bdb
                                                                                                                              0x73911bdb
                                                                                                                              0x73911bde
                                                                                                                              0x73911bde
                                                                                                                              0x73911be4
                                                                                                                              0x73911be6
                                                                                                                              0x73911be9
                                                                                                                              0x73911bef
                                                                                                                              0x73911bf2
                                                                                                                              0x73911bf2
                                                                                                                              0x73911bf4
                                                                                                                              0x73911bfa
                                                                                                                              0x73911bfd
                                                                                                                              0x73911c21
                                                                                                                              0x73911c24
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911c27
                                                                                                                              0x73911c29
                                                                                                                              0x73911c37
                                                                                                                              0x73911c3a
                                                                                                                              0x73911c3c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911c3e
                                                                                                                              0x73911c3e
                                                                                                                              0x73911c3e
                                                                                                                              0x73911c44
                                                                                                                              0x73911c46
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911c48
                                                                                                                              0x73911c4a
                                                                                                                              0x73911c4c
                                                                                                                              0x73911c4e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911c4e
                                                                                                                              0x73911c50
                                                                                                                              0x73911c52
                                                                                                                              0x73911c54
                                                                                                                              0x73911c54
                                                                                                                              0x73911c5a
                                                                                                                              0x73911c60
                                                                                                                              0x73911c62
                                                                                                                              0x73911c76
                                                                                                                              0x73911c76
                                                                                                                              0x73911c78
                                                                                                                              0x73911c64
                                                                                                                              0x73911c6a
                                                                                                                              0x73911c6d
                                                                                                                              0x73911c6d
                                                                                                                              0x00000000
                                                                                                                              0x73911bff
                                                                                                                              0x73911bff
                                                                                                                              0x73911bff
                                                                                                                              0x73911c00
                                                                                                                              0x73911c08
                                                                                                                              0x73911c0c
                                                                                                                              0x73911c12
                                                                                                                              0x73911c16
                                                                                                                              0x00000000
                                                                                                                              0x73911c16
                                                                                                                              0x73911c02
                                                                                                                              0x73911c02
                                                                                                                              0x73911c03
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911c05
                                                                                                                              0x73911c06
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911c06
                                                                                                                              0x73911b96
                                                                                                                              0x73911b97
                                                                                                                              0x73911ba0
                                                                                                                              0x73911ba3
                                                                                                                              0x73911bb0
                                                                                                                              0x73911bb0
                                                                                                                              0x73911ba5
                                                                                                                              0x73911ba5
                                                                                                                              0x73911c7e
                                                                                                                              0x73911c81
                                                                                                                              0x73911c84
                                                                                                                              0x73911cf6
                                                                                                                              0x73911cfa
                                                                                                                              0x73911adc
                                                                                                                              0x00000000
                                                                                                                              0x73911adc
                                                                                                                              0x00000000
                                                                                                                              0x73911cfa
                                                                                                                              0x73911b94
                                                                                                                              0x73911b00
                                                                                                                              0x73911b03
                                                                                                                              0x73911b66
                                                                                                                              0x73911b69
                                                                                                                              0x73911b7a
                                                                                                                              0x73911b7a
                                                                                                                              0x73911b7d
                                                                                                                              0x73911c89
                                                                                                                              0x73911c8c
                                                                                                                              0x73911c8c
                                                                                                                              0x73911c8e
                                                                                                                              0x73912033
                                                                                                                              0x73912045
                                                                                                                              0x73912045
                                                                                                                              0x73912047
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73912037
                                                                                                                              0x73912038
                                                                                                                              0x7391203b
                                                                                                                              0x7391203e
                                                                                                                              0x739120ba
                                                                                                                              0x739120c1
                                                                                                                              0x739120c6
                                                                                                                              0x739120c9
                                                                                                                              0x73911cf2
                                                                                                                              0x73911cf2
                                                                                                                              0x73911cf2
                                                                                                                              0x73911cf3
                                                                                                                              0x00000000
                                                                                                                              0x73911cf3
                                                                                                                              0x73912040
                                                                                                                              0x73912042
                                                                                                                              0x73912042
                                                                                                                              0x73912049
                                                                                                                              0x7391204b
                                                                                                                              0x739120ae
                                                                                                                              0x73911ce7
                                                                                                                              0x73911cea
                                                                                                                              0x73911ced
                                                                                                                              0x73911cf0
                                                                                                                              0x73911cf0
                                                                                                                              0x00000000
                                                                                                                              0x73911cf0
                                                                                                                              0x7391204d
                                                                                                                              0x7391204f
                                                                                                                              0x73912055
                                                                                                                              0x73912055
                                                                                                                              0x73912057
                                                                                                                              0x7391205a
                                                                                                                              0x7391206d
                                                                                                                              0x7391206d
                                                                                                                              0x73912070
                                                                                                                              0x73912073
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73912075
                                                                                                                              0x73912078
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x7391207a
                                                                                                                              0x73912081
                                                                                                                              0x73912081
                                                                                                                              0x73912087
                                                                                                                              0x7391208a
                                                                                                                              0x739120a6
                                                                                                                              0x7391208c
                                                                                                                              0x73912095
                                                                                                                              0x73912098
                                                                                                                              0x73912098
                                                                                                                              0x00000000
                                                                                                                              0x7391208a
                                                                                                                              0x7391205c
                                                                                                                              0x7391205f
                                                                                                                              0x73912062
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73912064
                                                                                                                              0x00000000
                                                                                                                              0x73912064
                                                                                                                              0x73912051
                                                                                                                              0x73912053
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73912053
                                                                                                                              0x73911c94
                                                                                                                              0x73911c94
                                                                                                                              0x73911c95
                                                                                                                              0x73911dde
                                                                                                                              0x73911dde
                                                                                                                              0x73911de5
                                                                                                                              0x73911de8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911df5
                                                                                                                              0x00000000
                                                                                                                              0x73911fdb
                                                                                                                              0x73911fde
                                                                                                                              0x73911fe1
                                                                                                                              0x73911fe1
                                                                                                                              0x73911fe2
                                                                                                                              0x73911fe5
                                                                                                                              0x73911fe7
                                                                                                                              0x73911fe9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911feb
                                                                                                                              0x73911feb
                                                                                                                              0x73911fee
                                                                                                                              0x73912000
                                                                                                                              0x73912003
                                                                                                                              0x73912006
                                                                                                                              0x7391200c
                                                                                                                              0x00000000
                                                                                                                              0x7391200c
                                                                                                                              0x73911ff0
                                                                                                                              0x73911ff0
                                                                                                                              0x73911ff2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911ff4
                                                                                                                              0x73911ff6
                                                                                                                              0x73911ff8
                                                                                                                              0x73911ff8
                                                                                                                              0x73911ff8
                                                                                                                              0x73911ff9
                                                                                                                              0x73911ffb
                                                                                                                              0x73911ffd
                                                                                                                              0x73911fe1
                                                                                                                              0x73911fe2
                                                                                                                              0x73911fe5
                                                                                                                              0x73911fe7
                                                                                                                              0x73911fe9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911fe9
                                                                                                                              0x00000000
                                                                                                                              0x73911e3c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911e48
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911e2f
                                                                                                                              0x73911e33
                                                                                                                              0x73911e37
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911fad
                                                                                                                              0x73911fb1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911fb7
                                                                                                                              0x73911fbf
                                                                                                                              0x73911fc6
                                                                                                                              0x73911fce
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f15
                                                                                                                              0x73911f15
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911e51
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x7391202b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f1d
                                                                                                                              0x73911f1f
                                                                                                                              0x73911f1f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x7391201b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x7391201f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73912027
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f64
                                                                                                                              0x73911f66
                                                                                                                              0x73911f66
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f2f
                                                                                                                              0x73911f31
                                                                                                                              0x73911f31
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f41
                                                                                                                              0x73911f43
                                                                                                                              0x73911f43
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f72
                                                                                                                              0x73911f74
                                                                                                                              0x73911f74
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f4c
                                                                                                                              0x73911f4e
                                                                                                                              0x73911f4e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f53
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73912023
                                                                                                                              0x7391202d
                                                                                                                              0x7391202d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f7d
                                                                                                                              0x73911f81
                                                                                                                              0x73911f86
                                                                                                                              0x73911f89
                                                                                                                              0x73911f8a
                                                                                                                              0x73911f8d
                                                                                                                              0x73911f93
                                                                                                                              0x73911f93
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73912013
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f57
                                                                                                                              0x73911f57
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911e58
                                                                                                                              0x73911e58
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f6b
                                                                                                                              0x73911f6d
                                                                                                                              0x73911f6d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911dfc
                                                                                                                              0x73911e02
                                                                                                                              0x73911e05
                                                                                                                              0x73911e07
                                                                                                                              0x73911e07
                                                                                                                              0x73911e0a
                                                                                                                              0x73911e0e
                                                                                                                              0x73911e1b
                                                                                                                              0x73911e1d
                                                                                                                              0x73911e23
                                                                                                                              0x73911e23
                                                                                                                              0x73911e23
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f20
                                                                                                                              0x73911f20
                                                                                                                              0x73911f22
                                                                                                                              0x73911f29
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f67
                                                                                                                              0x73911f67
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f32
                                                                                                                              0x73911f32
                                                                                                                              0x73911f34
                                                                                                                              0x73911f3b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f44
                                                                                                                              0x73911f44
                                                                                                                              0x73911f46
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f75
                                                                                                                              0x73911f75
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f4f
                                                                                                                              0x73911f4f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f9b
                                                                                                                              0x73911f9f
                                                                                                                              0x73911fa4
                                                                                                                              0x73911fa7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f59
                                                                                                                              0x73911f59
                                                                                                                              0x73911f5c
                                                                                                                              0x73911f5e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911f6e
                                                                                                                              0x73911f6e
                                                                                                                              0x73911f77
                                                                                                                              0x73911f77
                                                                                                                              0x73911e5a
                                                                                                                              0x73911e5a
                                                                                                                              0x73911e5d
                                                                                                                              0x73911e64
                                                                                                                              0x73911e66
                                                                                                                              0x73911e68
                                                                                                                              0x73911e6f
                                                                                                                              0x73911e72
                                                                                                                              0x73911e77
                                                                                                                              0x73911e79
                                                                                                                              0x73911e7b
                                                                                                                              0x73911e7f
                                                                                                                              0x73911e85
                                                                                                                              0x73911e8b
                                                                                                                              0x73911e8b
                                                                                                                              0x73911e8d
                                                                                                                              0x73911e8d
                                                                                                                              0x73911e8e
                                                                                                                              0x73911e8e
                                                                                                                              0x73911e92
                                                                                                                              0x73911e98
                                                                                                                              0x73911e9a
                                                                                                                              0x73911e9e
                                                                                                                              0x73911ea3
                                                                                                                              0x73911ea3
                                                                                                                              0x73911ea5
                                                                                                                              0x73911ea5
                                                                                                                              0x73911ea8
                                                                                                                              0x73911eab
                                                                                                                              0x73911eb4
                                                                                                                              0x73911eb7
                                                                                                                              0x73911eba
                                                                                                                              0x73911eba
                                                                                                                              0x73911ebc
                                                                                                                              0x73911ebf
                                                                                                                              0x73911ec5
                                                                                                                              0x73911ecb
                                                                                                                              0x73911ecb
                                                                                                                              0x73911ecd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911ed3
                                                                                                                              0x73911ed3
                                                                                                                              0x73911ed7
                                                                                                                              0x73911ede
                                                                                                                              0x73911f02
                                                                                                                              0x73911f02
                                                                                                                              0x73911f06
                                                                                                                              0x73911f08
                                                                                                                              0x73911f0b
                                                                                                                              0x73911f0b
                                                                                                                              0x73911f0e
                                                                                                                              0x73911f0e
                                                                                                                              0x00000000
                                                                                                                              0x73911f06
                                                                                                                              0x73911ee3
                                                                                                                              0x73911ee6
                                                                                                                              0x73911ee6
                                                                                                                              0x73911eed
                                                                                                                              0x73911eef
                                                                                                                              0x73911ef2
                                                                                                                              0x73911ef9
                                                                                                                              0x73911efa
                                                                                                                              0x73911f00
                                                                                                                              0x73911f00
                                                                                                                              0x00000000
                                                                                                                              0x73911f00
                                                                                                                              0x73911ef4
                                                                                                                              0x73911ef7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911ef7
                                                                                                                              0x73911e87
                                                                                                                              0x73911e89
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911df5
                                                                                                                              0x73911c9b
                                                                                                                              0x73911c9b
                                                                                                                              0x73911c9c
                                                                                                                              0x73911ddb
                                                                                                                              0x00000000
                                                                                                                              0x73911ddb
                                                                                                                              0x73911ca2
                                                                                                                              0x73911ca3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911ca9
                                                                                                                              0x73911cac
                                                                                                                              0x73911da0
                                                                                                                              0x73911da0
                                                                                                                              0x73911da3
                                                                                                                              0x73911db8
                                                                                                                              0x73911dba
                                                                                                                              0x73911dba
                                                                                                                              0x73911dbb
                                                                                                                              0x73911dbe
                                                                                                                              0x73911dc1
                                                                                                                              0x73911dcd
                                                                                                                              0x73911dcd
                                                                                                                              0x73911dcd
                                                                                                                              0x73911dc3
                                                                                                                              0x73911dc3
                                                                                                                              0x73911dc3
                                                                                                                              0x73911dd3
                                                                                                                              0x00000000
                                                                                                                              0x73911dd3
                                                                                                                              0x73911da5
                                                                                                                              0x73911da5
                                                                                                                              0x73911da6
                                                                                                                              0x73911db4
                                                                                                                              0x00000000
                                                                                                                              0x73911db4
                                                                                                                              0x73911da9
                                                                                                                              0x73911daa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911db0
                                                                                                                              0x00000000
                                                                                                                              0x73911db0
                                                                                                                              0x73911cb2
                                                                                                                              0x73911d9c
                                                                                                                              0x00000000
                                                                                                                              0x73911d9c
                                                                                                                              0x73911cb8
                                                                                                                              0x73911cb8
                                                                                                                              0x73911cbb
                                                                                                                              0x73911ce4
                                                                                                                              0x00000000
                                                                                                                              0x73911ce4
                                                                                                                              0x73911cbd
                                                                                                                              0x73911cbd
                                                                                                                              0x73911cc0
                                                                                                                              0x73911cda
                                                                                                                              0x00000000
                                                                                                                              0x73911cda
                                                                                                                              0x73911cc2
                                                                                                                              0x73911cc2
                                                                                                                              0x73911cc5
                                                                                                                              0x73911cd4
                                                                                                                              0x00000000
                                                                                                                              0x73911cd4
                                                                                                                              0x73911cc8
                                                                                                                              0x73911cc9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911ccb
                                                                                                                              0x00000000
                                                                                                                              0x73911b83
                                                                                                                              0x73911b83
                                                                                                                              0x73911b86
                                                                                                                              0x00000000
                                                                                                                              0x73911b86
                                                                                                                              0x73911b7d
                                                                                                                              0x73911b6b
                                                                                                                              0x73911b6f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911b71
                                                                                                                              0x73911b74
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911b74
                                                                                                                              0x73911b05
                                                                                                                              0x73911b08
                                                                                                                              0x73911b3e
                                                                                                                              0x73911b41
                                                                                                                              0x00000000
                                                                                                                              0x73911b47
                                                                                                                              0x73911b49
                                                                                                                              0x73911b4d
                                                                                                                              0x73911b54
                                                                                                                              0x73911b5b
                                                                                                                              0x73911b5e
                                                                                                                              0x73911b61
                                                                                                                              0x00000000
                                                                                                                              0x73911b61
                                                                                                                              0x73911b41
                                                                                                                              0x73911b0a
                                                                                                                              0x73911b0b
                                                                                                                              0x73911b26
                                                                                                                              0x73911b29
                                                                                                                              0x00000000
                                                                                                                              0x73911b2f
                                                                                                                              0x73911b2f
                                                                                                                              0x73911b36
                                                                                                                              0x73911b39
                                                                                                                              0x00000000
                                                                                                                              0x73911b39
                                                                                                                              0x73911b29
                                                                                                                              0x73911b10
                                                                                                                              0x00000000
                                                                                                                              0x73911b16
                                                                                                                              0x73911b16
                                                                                                                              0x73911b1d
                                                                                                                              0x00000000
                                                                                                                              0x73911b1d
                                                                                                                              0x73911b10
                                                                                                                              0x73911d09
                                                                                                                              0x73911d0e
                                                                                                                              0x73911d13
                                                                                                                              0x73911d17
                                                                                                                              0x739121c6
                                                                                                                              0x739121cc
                                                                                                                              0x73911d29
                                                                                                                              0x73911d2b
                                                                                                                              0x73911d2c
                                                                                                                              0x739120f1
                                                                                                                              0x739120f1
                                                                                                                              0x739120f4
                                                                                                                              0x739120f7
                                                                                                                              0x73912114
                                                                                                                              0x7391211a
                                                                                                                              0x7391211c
                                                                                                                              0x73912122
                                                                                                                              0x73912139
                                                                                                                              0x73912139
                                                                                                                              0x73912139
                                                                                                                              0x73912146
                                                                                                                              0x7391214c
                                                                                                                              0x7391214f
                                                                                                                              0x73912155
                                                                                                                              0x73912157
                                                                                                                              0x7391215a
                                                                                                                              0x7391215c
                                                                                                                              0x73912163
                                                                                                                              0x73912168
                                                                                                                              0x7391216b
                                                                                                                              0x7391216d
                                                                                                                              0x73912172
                                                                                                                              0x73912184
                                                                                                                              0x73912184
                                                                                                                              0x73912172
                                                                                                                              0x7391216b
                                                                                                                              0x7391215a
                                                                                                                              0x7391218a
                                                                                                                              0x7391218d
                                                                                                                              0x73912197
                                                                                                                              0x7391219f
                                                                                                                              0x739121ab
                                                                                                                              0x739121b1
                                                                                                                              0x739121b4
                                                                                                                              0x739120e6
                                                                                                                              0x739120e6
                                                                                                                              0x00000000
                                                                                                                              0x739120e6
                                                                                                                              0x739121ba
                                                                                                                              0x739121c0
                                                                                                                              0x739121c0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x739121c2
                                                                                                                              0x739121c2
                                                                                                                              0x739121c2
                                                                                                                              0x739121c2
                                                                                                                              0x00000000
                                                                                                                              0x7391218f
                                                                                                                              0x7391218f
                                                                                                                              0x73912195
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73912195
                                                                                                                              0x7391218d
                                                                                                                              0x73912125
                                                                                                                              0x7391212b
                                                                                                                              0x7391212d
                                                                                                                              0x73912133
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73912133
                                                                                                                              0x739120f9
                                                                                                                              0x73912100
                                                                                                                              0x73912106
                                                                                                                              0x7391210c
                                                                                                                              0x00000000
                                                                                                                              0x7391210c
                                                                                                                              0x73911d32
                                                                                                                              0x73911d33
                                                                                                                              0x739120d0
                                                                                                                              0x739120d0
                                                                                                                              0x739120d6
                                                                                                                              0x739120d9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x739120e0
                                                                                                                              0x739120e5
                                                                                                                              0x00000000
                                                                                                                              0x739120e5
                                                                                                                              0x73911d3a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911d40
                                                                                                                              0x73911d40
                                                                                                                              0x73911d49
                                                                                                                              0x73911d4e
                                                                                                                              0x73911d54
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911d5a
                                                                                                                              0x73911d67
                                                                                                                              0x73911d6d
                                                                                                                              0x73911d77
                                                                                                                              0x73911d7d
                                                                                                                              0x73911d85
                                                                                                                              0x73911d95
                                                                                                                              0x00000000
                                                                                                                              0x73911d95

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 73911215: GlobalAlloc.KERNEL32(00000040,73911233,?,739112CF,-7391404B,739111AB,-000000A0), ref: 7391121D
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,000014A4), ref: 73911BC4
                                                                                                                              • lstrcpyA.KERNEL32(00000008,?), ref: 73911C0C
                                                                                                                              • lstrcpyA.KERNEL32(00000408,?), ref: 73911C16
                                                                                                                              • GlobalFree.KERNEL32 ref: 73911C29
                                                                                                                              • GlobalFree.KERNEL32 ref: 73911D09
                                                                                                                              • GlobalFree.KERNEL32 ref: 73911D0E
                                                                                                                              • GlobalFree.KERNEL32 ref: 73911D13
                                                                                                                              • GlobalFree.KERNEL32 ref: 73911EFA
                                                                                                                              • lstrcpyA.KERNEL32(?,?), ref: 73912098
                                                                                                                              • GetModuleHandleA.KERNEL32(00000008), ref: 73912114
                                                                                                                              • LoadLibraryA.KERNEL32(00000008), ref: 73912125
                                                                                                                              • GetProcAddress.KERNEL32(?,?), ref: 7391217E
                                                                                                                              • lstrlenA.KERNEL32(00000408), ref: 73912198
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.523462386.0000000073911000.00000020.00000001.01000000.00000005.sdmp, Offset: 73910000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.523447585.0000000073910000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.523475506.0000000073913000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.523488453.0000000073915000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_73910000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 245916457-0
                                                                                                                              • Opcode ID: d63aef8a72243a4dba0bb20733796409bdd75333a6d095f9f984377bac05c843
                                                                                                                              • Instruction ID: 89adf555a04e6016e177251439eae16f385b52c35d248521d13c2f3b214f9a92
                                                                                                                              • Opcode Fuzzy Hash: d63aef8a72243a4dba0bb20733796409bdd75333a6d095f9f984377bac05c843
                                                                                                                              • Instruction Fuzzy Hash: D222A97290460FEFDB12DFA489803EEBBF9FB05345F14452AD1A6B6280D77096A1CB53
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004067ED Relevance: .3, Instructions: 334COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 79%
                                                                                                                              			E004067ED(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E00406F5C( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x408400; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x408400; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E00406FC4( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M00406F1C))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x42e388;
												if( *0x42e388 != 0) {
													L22:
													_t412 =  *0x40a40c; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x40a410; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x42d204; // 0x0
													_t446[5] = _t414;
													_t415 =  *0x42d200; // 0x0
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x42d208;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x42d688;
													if(_t416 < 0x42d688) {
														L15:
														__eflags = _t416 - 0x42d444;
														_t438 = 8;
														if(_t416 > 0x42d444) {
															__eflags = _t416 - 0x42d608;
															if(_t416 >= 0x42d608) {
																__eflags = _t416 - 0x42d668;
																if(_t416 < 0x42d668) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E00406FC4(0x42d208, 0x120, 0x101, 0x408414, 0x408454, 0x42d204, 0x40a40c, 0x42db08, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x42d208, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x42d208 + _t440;
														E00406FC4(0x42d208, 0x1e, 0, 0x408494, 0x4084d0, 0x42d200, 0x40a410, 0x42db08, _t448 - 8);
														 *0x42e388 =  *0x42e388 + 1;
														__eflags =  *0x42e388;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405B64( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E00406FC4( &(__esi[3]), __edi, 0x101, 0x408414, 0x408454, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E00406FC4(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x408494, 0x4084d0, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                                                                                                              0x004067ed
                                                                                                                              0x004067ed
                                                                                                                              0x004067ed
                                                                                                                              0x004067ed
                                                                                                                              0x004067ed
                                                                                                                              0x004067f1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004067f7
                                                                                                                              0x004067f7
                                                                                                                              0x004067fa
                                                                                                                              0x004067fd
                                                                                                                              0x00406802
                                                                                                                              0x00406804
                                                                                                                              0x00406807
                                                                                                                              0x0040680a
                                                                                                                              0x0040680d
                                                                                                                              0x0040680d
                                                                                                                              0x00406810
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406812
                                                                                                                              0x00406812
                                                                                                                              0x00406815
                                                                                                                              0x0040681a
                                                                                                                              0x0040681c
                                                                                                                              0x0040681f
                                                                                                                              0x00406825
                                                                                                                              0x00406584
                                                                                                                              0x00406584
                                                                                                                              0x00406587
                                                                                                                              0x0040658d
                                                                                                                              0x00406593
                                                                                                                              0x0040659c
                                                                                                                              0x004065a2
                                                                                                                              0x004065a5
                                                                                                                              0x004065ac
                                                                                                                              0x004065b1
                                                                                                                              0x004065b7
                                                                                                                              0x004065c2
                                                                                                                              0x004065c2
                                                                                                                              0x0040682b
                                                                                                                              0x0040682b
                                                                                                                              0x00406835
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040683b
                                                                                                                              0x0040683b
                                                                                                                              0x0040683f
                                                                                                                              0x00406842
                                                                                                                              0x00406842
                                                                                                                              0x00406846
                                                                                                                              0x0040684c
                                                                                                                              0x0040684c
                                                                                                                              0x0040684f
                                                                                                                              0x00406852
                                                                                                                              0x00406858
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040685a
                                                                                                                              0x0040687c
                                                                                                                              0x0040687c
                                                                                                                              0x0040687f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040685c
                                                                                                                              0x00406860
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406866
                                                                                                                              0x00406866
                                                                                                                              0x00406869
                                                                                                                              0x0040686c
                                                                                                                              0x00406871
                                                                                                                              0x00406873
                                                                                                                              0x00406876
                                                                                                                              0x00406879
                                                                                                                              0x00406879
                                                                                                                              0x00406881
                                                                                                                              0x00406881
                                                                                                                              0x00406887
                                                                                                                              0x0040688a
                                                                                                                              0x0040688d
                                                                                                                              0x0040688d
                                                                                                                              0x00406894
                                                                                                                              0x00406898
                                                                                                                              0x0040689c
                                                                                                                              0x0040689f
                                                                                                                              0x004068a2
                                                                                                                              0x004068a8
                                                                                                                              0x004068ad
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004068af
                                                                                                                              0x004068c3
                                                                                                                              0x004068c3
                                                                                                                              0x004068c7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004068b1
                                                                                                                              0x004068b4
                                                                                                                              0x004068b4
                                                                                                                              0x004068bb
                                                                                                                              0x004068c0
                                                                                                                              0x004068c0
                                                                                                                              0x004068c0
                                                                                                                              0x004068c9
                                                                                                                              0x004068c9
                                                                                                                              0x004068cc
                                                                                                                              0x004068da
                                                                                                                              0x004068e0
                                                                                                                              0x004068e5
                                                                                                                              0x004068eb
                                                                                                                              0x004068f1
                                                                                                                              0x004068f7
                                                                                                                              0x004068fe
                                                                                                                              0x00406912
                                                                                                                              0x00406912
                                                                                                                              0x00406ee1
                                                                                                                              0x00406ee1
                                                                                                                              0x00406ee1
                                                                                                                              0x00406ee6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040651e
                                                                                                                              0x0040651e
                                                                                                                              0x00000000
                                                                                                                              0x00406b19
                                                                                                                              0x00406b19
                                                                                                                              0x00406b1d
                                                                                                                              0x00406b20
                                                                                                                              0x00406b23
                                                                                                                              0x00406b26
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406b2c
                                                                                                                              0x00406b2c
                                                                                                                              0x00406b51
                                                                                                                              0x00406b51
                                                                                                                              0x00406b51
                                                                                                                              0x00406b53
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406b31
                                                                                                                              0x00406b31
                                                                                                                              0x00406b35
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406b3b
                                                                                                                              0x00406b3b
                                                                                                                              0x00406b3e
                                                                                                                              0x00406b41
                                                                                                                              0x00406b44
                                                                                                                              0x00406b46
                                                                                                                              0x00406b48
                                                                                                                              0x00406b4b
                                                                                                                              0x00406b4e
                                                                                                                              0x00406b4e
                                                                                                                              0x00406b4e
                                                                                                                              0x00406b55
                                                                                                                              0x00406b55
                                                                                                                              0x00406b5d
                                                                                                                              0x00406b60
                                                                                                                              0x00406b63
                                                                                                                              0x00406b66
                                                                                                                              0x00406b6a
                                                                                                                              0x00406b6d
                                                                                                                              0x00406b6f
                                                                                                                              0x00406b72
                                                                                                                              0x00406b74
                                                                                                                              0x00406b88
                                                                                                                              0x00406b88
                                                                                                                              0x00406b8b
                                                                                                                              0x00406ba5
                                                                                                                              0x00406ba5
                                                                                                                              0x00406ba8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bae
                                                                                                                              0x00406bae
                                                                                                                              0x00406bb1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bb7
                                                                                                                              0x00406bb7
                                                                                                                              0x00000000
                                                                                                                              0x00406bb7
                                                                                                                              0x00406b8d
                                                                                                                              0x00406b90
                                                                                                                              0x00406b97
                                                                                                                              0x00406b9a
                                                                                                                              0x00000000
                                                                                                                              0x00406b9a
                                                                                                                              0x00406b76
                                                                                                                              0x00406b7a
                                                                                                                              0x00406b7d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bc2
                                                                                                                              0x00406bc2
                                                                                                                              0x00406be7
                                                                                                                              0x00406be7
                                                                                                                              0x00406be7
                                                                                                                              0x00406be9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bc7
                                                                                                                              0x00406bc7
                                                                                                                              0x00406bcb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406bd1
                                                                                                                              0x00406bd1
                                                                                                                              0x00406bd4
                                                                                                                              0x00406bd7
                                                                                                                              0x00406bda
                                                                                                                              0x00406bdc
                                                                                                                              0x00406bde
                                                                                                                              0x00406be1
                                                                                                                              0x00406be4
                                                                                                                              0x00406be4
                                                                                                                              0x00406be4
                                                                                                                              0x00406beb
                                                                                                                              0x00406bf3
                                                                                                                              0x00406bf6
                                                                                                                              0x00406bf9
                                                                                                                              0x00406bfb
                                                                                                                              0x00406bfe
                                                                                                                              0x00406bfe
                                                                                                                              0x00406c00
                                                                                                                              0x00406c04
                                                                                                                              0x00406c07
                                                                                                                              0x00406c0a
                                                                                                                              0x00406c0d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c13
                                                                                                                              0x00406c13
                                                                                                                              0x00406c38
                                                                                                                              0x00406c38
                                                                                                                              0x00406c38
                                                                                                                              0x00406c3a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c18
                                                                                                                              0x00406c18
                                                                                                                              0x00406c1c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c22
                                                                                                                              0x00406c22
                                                                                                                              0x00406c25
                                                                                                                              0x00406c28
                                                                                                                              0x00406c2b
                                                                                                                              0x00406c2d
                                                                                                                              0x00406c2f
                                                                                                                              0x00406c32
                                                                                                                              0x00406c35
                                                                                                                              0x00406c35
                                                                                                                              0x00406c35
                                                                                                                              0x00406c3c
                                                                                                                              0x00406c3c
                                                                                                                              0x00406c44
                                                                                                                              0x00406c47
                                                                                                                              0x00406c4a
                                                                                                                              0x00406c4d
                                                                                                                              0x00406c51
                                                                                                                              0x00406c54
                                                                                                                              0x00406c56
                                                                                                                              0x00406c59
                                                                                                                              0x00406c5c
                                                                                                                              0x00406c76
                                                                                                                              0x00406c76
                                                                                                                              0x00406c79
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c7f
                                                                                                                              0x00406c7f
                                                                                                                              0x00406c82
                                                                                                                              0x00406c89
                                                                                                                              0x00000000
                                                                                                                              0x00406c89
                                                                                                                              0x00406c5e
                                                                                                                              0x00406c61
                                                                                                                              0x00406c68
                                                                                                                              0x00406c6b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c91
                                                                                                                              0x00406c91
                                                                                                                              0x00406cb6
                                                                                                                              0x00406cb6
                                                                                                                              0x00406cb6
                                                                                                                              0x00406cb8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406c96
                                                                                                                              0x00406c96
                                                                                                                              0x00406c9a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406ca0
                                                                                                                              0x00406ca0
                                                                                                                              0x00406ca3
                                                                                                                              0x00406ca6
                                                                                                                              0x00406ca9
                                                                                                                              0x00406cab
                                                                                                                              0x00406cad
                                                                                                                              0x00406cb0
                                                                                                                              0x00406cb3
                                                                                                                              0x00406cb3
                                                                                                                              0x00406cb3
                                                                                                                              0x00406cba
                                                                                                                              0x00406cc2
                                                                                                                              0x00406cc5
                                                                                                                              0x00406cc8
                                                                                                                              0x00406cca
                                                                                                                              0x00406ccd
                                                                                                                              0x00406ccd
                                                                                                                              0x00406ccf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406cd5
                                                                                                                              0x00406cd5
                                                                                                                              0x00406cd8
                                                                                                                              0x00406cdd
                                                                                                                              0x00406cdf
                                                                                                                              0x00406ce5
                                                                                                                              0x00406ce7
                                                                                                                              0x00406cfc
                                                                                                                              0x00406cfe
                                                                                                                              0x00406cfe
                                                                                                                              0x00406ce9
                                                                                                                              0x00406cef
                                                                                                                              0x00406cf1
                                                                                                                              0x00406cf3
                                                                                                                              0x00406cf3
                                                                                                                              0x00406d00
                                                                                                                              0x00406d04
                                                                                                                              0x00406d07
                                                                                                                              0x00406d0d
                                                                                                                              0x00406d0d
                                                                                                                              0x00406d10
                                                                                                                              0x00406d10
                                                                                                                              0x00406d10
                                                                                                                              0x00406d12
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d18
                                                                                                                              0x00406d18
                                                                                                                              0x00406d1e
                                                                                                                              0x00406d20
                                                                                                                              0x00406d45
                                                                                                                              0x00406d48
                                                                                                                              0x00406d4e
                                                                                                                              0x00406d53
                                                                                                                              0x00406d59
                                                                                                                              0x00406d5f
                                                                                                                              0x00406d61
                                                                                                                              0x00406d64
                                                                                                                              0x00406d6d
                                                                                                                              0x00406d73
                                                                                                                              0x00406d73
                                                                                                                              0x00406d66
                                                                                                                              0x00406d68
                                                                                                                              0x00406d6a
                                                                                                                              0x00406d6a
                                                                                                                              0x00406d75
                                                                                                                              0x00406d7b
                                                                                                                              0x00406d7d
                                                                                                                              0x00406d80
                                                                                                                              0x00406d82
                                                                                                                              0x00406d88
                                                                                                                              0x00406d8a
                                                                                                                              0x00406d8c
                                                                                                                              0x00406d8e
                                                                                                                              0x00406d90
                                                                                                                              0x00406d93
                                                                                                                              0x00406d9c
                                                                                                                              0x00406d9f
                                                                                                                              0x00406d9f
                                                                                                                              0x00406d95
                                                                                                                              0x00406d95
                                                                                                                              0x00406d98
                                                                                                                              0x00406d98
                                                                                                                              0x00406d93
                                                                                                                              0x00406d8a
                                                                                                                              0x00406da1
                                                                                                                              0x00406da3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406da3
                                                                                                                              0x00406d22
                                                                                                                              0x00406d22
                                                                                                                              0x00406d28
                                                                                                                              0x00406d2e
                                                                                                                              0x00406d30
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406d32
                                                                                                                              0x00406d32
                                                                                                                              0x00406d34
                                                                                                                              0x00406d36
                                                                                                                              0x00406d3f
                                                                                                                              0x00406d3f
                                                                                                                              0x00406d38
                                                                                                                              0x00406d38
                                                                                                                              0x00406d3b
                                                                                                                              0x00406d3b
                                                                                                                              0x00406d41
                                                                                                                              0x00406d43
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406da9
                                                                                                                              0x00406da9
                                                                                                                              0x00406dae
                                                                                                                              0x00406db0
                                                                                                                              0x00406db1
                                                                                                                              0x00406db2
                                                                                                                              0x00406db3
                                                                                                                              0x00406db9
                                                                                                                              0x00406dbc
                                                                                                                              0x00406dbf
                                                                                                                              0x00406dc2
                                                                                                                              0x00406dc4
                                                                                                                              0x00406dca
                                                                                                                              0x00406dca
                                                                                                                              0x00406dcd
                                                                                                                              0x00406dcd
                                                                                                                              0x00406dcd
                                                                                                                              0x00406dcd
                                                                                                                              0x00406dd6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406ddb
                                                                                                                              0x00406ddb
                                                                                                                              0x00406dde
                                                                                                                              0x00406de1
                                                                                                                              0x00406de3
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e7d
                                                                                                                              0x00406e7f
                                                                                                                              0x00406e80
                                                                                                                              0x00406e81
                                                                                                                              0x00406e84
                                                                                                                              0x00000000
                                                                                                                              0x00406e84
                                                                                                                              0x00406de9
                                                                                                                              0x00406de9
                                                                                                                              0x00406def
                                                                                                                              0x00406df1
                                                                                                                              0x00406e16
                                                                                                                              0x00406e19
                                                                                                                              0x00406e1f
                                                                                                                              0x00406e24
                                                                                                                              0x00406e2a
                                                                                                                              0x00406e30
                                                                                                                              0x00406e32
                                                                                                                              0x00406e35
                                                                                                                              0x00406e3e
                                                                                                                              0x00406e44
                                                                                                                              0x00406e44
                                                                                                                              0x00406e37
                                                                                                                              0x00406e39
                                                                                                                              0x00406e3b
                                                                                                                              0x00406e3b
                                                                                                                              0x00406e46
                                                                                                                              0x00406e4c
                                                                                                                              0x00406e4e
                                                                                                                              0x00406e51
                                                                                                                              0x00406e53
                                                                                                                              0x00406e59
                                                                                                                              0x00406e5b
                                                                                                                              0x00406e5d
                                                                                                                              0x00406e5f
                                                                                                                              0x00406e61
                                                                                                                              0x00406e64
                                                                                                                              0x00406e6d
                                                                                                                              0x00406e70
                                                                                                                              0x00406e70
                                                                                                                              0x00406e66
                                                                                                                              0x00406e66
                                                                                                                              0x00406e69
                                                                                                                              0x00406e69
                                                                                                                              0x00406e64
                                                                                                                              0x00406e5b
                                                                                                                              0x00406e72
                                                                                                                              0x00406e74
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e74
                                                                                                                              0x00406df3
                                                                                                                              0x00406df3
                                                                                                                              0x00406df9
                                                                                                                              0x00406dff
                                                                                                                              0x00406e01
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e03
                                                                                                                              0x00406e03
                                                                                                                              0x00406e05
                                                                                                                              0x00406e07
                                                                                                                              0x00406e0e
                                                                                                                              0x00406e0e
                                                                                                                              0x00406e10
                                                                                                                              0x00406e09
                                                                                                                              0x00406e09
                                                                                                                              0x00406e0b
                                                                                                                              0x00406e0b
                                                                                                                              0x00406e12
                                                                                                                              0x00406e14
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e8c
                                                                                                                              0x00406e8c
                                                                                                                              0x00406e8f
                                                                                                                              0x00406e91
                                                                                                                              0x00406e94
                                                                                                                              0x00406e97
                                                                                                                              0x00406e97
                                                                                                                              0x00406e97
                                                                                                                              0x00406e97
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406545
                                                                                                                              0x00406529
                                                                                                                              0x00000000
                                                                                                                              0x0040652f
                                                                                                                              0x00406532
                                                                                                                              0x0040653c
                                                                                                                              0x0040653f
                                                                                                                              0x00406542
                                                                                                                              0x00000000
                                                                                                                              0x00406542
                                                                                                                              0x00406529
                                                                                                                              0x0040654d
                                                                                                                              0x00406550
                                                                                                                              0x00406554
                                                                                                                              0x0040655e
                                                                                                                              0x00406568
                                                                                                                              0x0040656b
                                                                                                                              0x00406571
                                                                                                                              0x004066a5
                                                                                                                              0x004066a7
                                                                                                                              0x004066ad
                                                                                                                              0x004066b0
                                                                                                                              0x004066b3
                                                                                                                              0x00000000
                                                                                                                              0x004066b3
                                                                                                                              0x00406577
                                                                                                                              0x00406577
                                                                                                                              0x00406578
                                                                                                                              0x004065d0
                                                                                                                              0x004065d0
                                                                                                                              0x004065d7
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x00406682
                                                                                                                              0x00406685
                                                                                                                              0x0040668a
                                                                                                                              0x0040668d
                                                                                                                              0x00406692
                                                                                                                              0x00406695
                                                                                                                              0x0040669a
                                                                                                                              0x0040669d
                                                                                                                              0x0040669d
                                                                                                                              0x00000000
                                                                                                                              0x004065dd
                                                                                                                              0x004065dd
                                                                                                                              0x004065dd
                                                                                                                              0x004065dd
                                                                                                                              0x004065e1
                                                                                                                              0x004065e1
                                                                                                                              0x00406603
                                                                                                                              0x00406606
                                                                                                                              0x00406608
                                                                                                                              0x0040660b
                                                                                                                              0x00406610
                                                                                                                              0x004065e6
                                                                                                                              0x004065e6
                                                                                                                              0x004065eb
                                                                                                                              0x004065ed
                                                                                                                              0x004065ef
                                                                                                                              0x004065f4
                                                                                                                              0x004065fa
                                                                                                                              0x004065ff
                                                                                                                              0x00406601
                                                                                                                              0x00406601
                                                                                                                              0x004065f6
                                                                                                                              0x004065f6
                                                                                                                              0x004065f6
                                                                                                                              0x004065f4
                                                                                                                              0x00000000
                                                                                                                              0x00406612
                                                                                                                              0x0040663f
                                                                                                                              0x00406644
                                                                                                                              0x00406646
                                                                                                                              0x00406647
                                                                                                                              0x00406649
                                                                                                                              0x0040664a
                                                                                                                              0x0040664a
                                                                                                                              0x0040664a
                                                                                                                              0x00406672
                                                                                                                              0x00406677
                                                                                                                              0x00406677
                                                                                                                              0x00000000
                                                                                                                              0x00406677
                                                                                                                              0x00406610
                                                                                                                              0x004065d7
                                                                                                                              0x0040657a
                                                                                                                              0x0040657a
                                                                                                                              0x0040657b
                                                                                                                              0x004065c5
                                                                                                                              0x00000000
                                                                                                                              0x004065c5
                                                                                                                              0x0040657d
                                                                                                                              0x0040657e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004066da
                                                                                                                              0x004066da
                                                                                                                              0x004066da
                                                                                                                              0x004066dd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004066ba
                                                                                                                              0x004066ba
                                                                                                                              0x004066be
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004066c4
                                                                                                                              0x004066c4
                                                                                                                              0x004066c7
                                                                                                                              0x004066ca
                                                                                                                              0x004066cf
                                                                                                                              0x004066d1
                                                                                                                              0x004066d4
                                                                                                                              0x004066d7
                                                                                                                              0x004066d7
                                                                                                                              0x004066d7
                                                                                                                              0x004066df
                                                                                                                              0x004066df
                                                                                                                              0x004066e2
                                                                                                                              0x004066e4
                                                                                                                              0x004066e9
                                                                                                                              0x004066ec
                                                                                                                              0x004066ee
                                                                                                                              0x004066f1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004066f7
                                                                                                                              0x004066f7
                                                                                                                              0x004066f9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004066ff
                                                                                                                              0x004066ff
                                                                                                                              0x00406703
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406709
                                                                                                                              0x00406709
                                                                                                                              0x0040670c
                                                                                                                              0x0040670e
                                                                                                                              0x004067ac
                                                                                                                              0x004067ac
                                                                                                                              0x004067af
                                                                                                                              0x004067b1
                                                                                                                              0x004067b1
                                                                                                                              0x004067b4
                                                                                                                              0x004067b7
                                                                                                                              0x004067b9
                                                                                                                              0x004067bb
                                                                                                                              0x004067bd
                                                                                                                              0x004067bd
                                                                                                                              0x004067c6
                                                                                                                              0x004067cb
                                                                                                                              0x004067ce
                                                                                                                              0x004067d1
                                                                                                                              0x004067d4
                                                                                                                              0x004067d7
                                                                                                                              0x004067d7
                                                                                                                              0x004067d7
                                                                                                                              0x004067da
                                                                                                                              0x004067e0
                                                                                                                              0x004067e0
                                                                                                                              0x004067e6
                                                                                                                              0x004067e6
                                                                                                                              0x004067e6
                                                                                                                              0x00000000
                                                                                                                              0x004067da
                                                                                                                              0x00406714
                                                                                                                              0x00406714
                                                                                                                              0x0040671a
                                                                                                                              0x0040671d
                                                                                                                              0x0040671f
                                                                                                                              0x0040674a
                                                                                                                              0x0040674d
                                                                                                                              0x00406753
                                                                                                                              0x00406758
                                                                                                                              0x0040675e
                                                                                                                              0x00406764
                                                                                                                              0x00406766
                                                                                                                              0x00406769
                                                                                                                              0x00406772
                                                                                                                              0x00406778
                                                                                                                              0x00406778
                                                                                                                              0x0040676b
                                                                                                                              0x0040676d
                                                                                                                              0x0040676f
                                                                                                                              0x0040676f
                                                                                                                              0x0040677a
                                                                                                                              0x00406780
                                                                                                                              0x00406783
                                                                                                                              0x00406785
                                                                                                                              0x00406787
                                                                                                                              0x0040678d
                                                                                                                              0x0040678f
                                                                                                                              0x00406791
                                                                                                                              0x00406794
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x0040679f
                                                                                                                              0x00406796
                                                                                                                              0x00406796
                                                                                                                              0x00406799
                                                                                                                              0x00406799
                                                                                                                              0x004067a1
                                                                                                                              0x004067a1
                                                                                                                              0x0040678f
                                                                                                                              0x004067a4
                                                                                                                              0x004067a6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004067a6
                                                                                                                              0x00406721
                                                                                                                              0x00406721
                                                                                                                              0x00406727
                                                                                                                              0x0040672d
                                                                                                                              0x0040672f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406731
                                                                                                                              0x00406731
                                                                                                                              0x00406733
                                                                                                                              0x00406735
                                                                                                                              0x00406738
                                                                                                                              0x0040673f
                                                                                                                              0x0040673f
                                                                                                                              0x00406741
                                                                                                                              0x0040673a
                                                                                                                              0x0040673a
                                                                                                                              0x0040673c
                                                                                                                              0x0040673c
                                                                                                                              0x00406743
                                                                                                                              0x00406745
                                                                                                                              0x00406748
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040684c
                                                                                                                              0x0040684f
                                                                                                                              0x00406852
                                                                                                                              0x00406858
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406a2f
                                                                                                                              0x00406a2f
                                                                                                                              0x00406a2f
                                                                                                                              0x00406a32
                                                                                                                              0x00406a35
                                                                                                                              0x00406a37
                                                                                                                              0x00406a3a
                                                                                                                              0x00406a40
                                                                                                                              0x00406a47
                                                                                                                              0x00406a49
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040691d
                                                                                                                              0x0040691d
                                                                                                                              0x00406945
                                                                                                                              0x00406945
                                                                                                                              0x00406945
                                                                                                                              0x00406947
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406925
                                                                                                                              0x00406925
                                                                                                                              0x00406929
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040692f
                                                                                                                              0x0040692f
                                                                                                                              0x00406932
                                                                                                                              0x00406935
                                                                                                                              0x00406938
                                                                                                                              0x0040693a
                                                                                                                              0x0040693c
                                                                                                                              0x0040693f
                                                                                                                              0x00406942
                                                                                                                              0x00406942
                                                                                                                              0x00406942
                                                                                                                              0x00406949
                                                                                                                              0x00406949
                                                                                                                              0x00406951
                                                                                                                              0x00406954
                                                                                                                              0x0040695a
                                                                                                                              0x0040695d
                                                                                                                              0x00406961
                                                                                                                              0x00406965
                                                                                                                              0x00406968
                                                                                                                              0x0040696b
                                                                                                                              0x00406983
                                                                                                                              0x00406983
                                                                                                                              0x00406986
                                                                                                                              0x00406994
                                                                                                                              0x00406997
                                                                                                                              0x00406988
                                                                                                                              0x00406988
                                                                                                                              0x0040698a
                                                                                                                              0x00406991
                                                                                                                              0x00406991
                                                                                                                              0x004069c0
                                                                                                                              0x004069c0
                                                                                                                              0x004069c0
                                                                                                                              0x004069c3
                                                                                                                              0x004069c5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004069a0
                                                                                                                              0x004069a0
                                                                                                                              0x004069a4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004069aa
                                                                                                                              0x004069aa
                                                                                                                              0x004069ad
                                                                                                                              0x004069b0
                                                                                                                              0x004069b3
                                                                                                                              0x004069b5
                                                                                                                              0x004069b7
                                                                                                                              0x004069ba
                                                                                                                              0x004069bd
                                                                                                                              0x004069bd
                                                                                                                              0x004069bd
                                                                                                                              0x004069c7
                                                                                                                              0x004069c7
                                                                                                                              0x004069c9
                                                                                                                              0x004069cb
                                                                                                                              0x004069d6
                                                                                                                              0x004069d9
                                                                                                                              0x004069dc
                                                                                                                              0x004069de
                                                                                                                              0x004069e0
                                                                                                                              0x004069e2
                                                                                                                              0x004069e5
                                                                                                                              0x004069e8
                                                                                                                              0x004069ed
                                                                                                                              0x004069f0
                                                                                                                              0x004069f3
                                                                                                                              0x004069f6
                                                                                                                              0x004069fd
                                                                                                                              0x00406a00
                                                                                                                              0x00406a02
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406a08
                                                                                                                              0x00406a08
                                                                                                                              0x00406a0c
                                                                                                                              0x00406a1d
                                                                                                                              0x00406a1d
                                                                                                                              0x00406a1d
                                                                                                                              0x00406a1f
                                                                                                                              0x00406a1f
                                                                                                                              0x00406a23
                                                                                                                              0x00406a23
                                                                                                                              0x00406a23
                                                                                                                              0x00406a25
                                                                                                                              0x00406a26
                                                                                                                              0x00406a29
                                                                                                                              0x00406a29
                                                                                                                              0x00406a29
                                                                                                                              0x00406a2c
                                                                                                                              0x00000000
                                                                                                                              0x00406a2c
                                                                                                                              0x00406a0e
                                                                                                                              0x00406a0e
                                                                                                                              0x00406a11
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406a17
                                                                                                                              0x00406a17
                                                                                                                              0x00000000
                                                                                                                              0x00406a17
                                                                                                                              0x0040696d
                                                                                                                              0x0040696d
                                                                                                                              0x0040696f
                                                                                                                              0x00406971
                                                                                                                              0x00406974
                                                                                                                              0x00406977
                                                                                                                              0x0040697b
                                                                                                                              0x0040697b
                                                                                                                              0x00406a4f
                                                                                                                              0x00406a4f
                                                                                                                              0x00406a52
                                                                                                                              0x00406a59
                                                                                                                              0x00406a5d
                                                                                                                              0x00406a5f
                                                                                                                              0x00406a62
                                                                                                                              0x00406a65
                                                                                                                              0x00406a6a
                                                                                                                              0x00406a6d
                                                                                                                              0x00406a6f
                                                                                                                              0x00406a70
                                                                                                                              0x00406a73
                                                                                                                              0x00406a7e
                                                                                                                              0x00406a81
                                                                                                                              0x00406a98
                                                                                                                              0x00406a9d
                                                                                                                              0x00406aa4
                                                                                                                              0x00406aa9
                                                                                                                              0x00406aad
                                                                                                                              0x00406aaf
                                                                                                                              0x00406aaf
                                                                                                                              0x00406aaf
                                                                                                                              0x00406ab2
                                                                                                                              0x00406ab4
                                                                                                                              0x00000000
                                                                                                                              0x00406aba
                                                                                                                              0x00406aba
                                                                                                                              0x00406abe
                                                                                                                              0x00406ac9
                                                                                                                              0x00406adc
                                                                                                                              0x00406ae1
                                                                                                                              0x00406ae6
                                                                                                                              0x00406ae8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406aee
                                                                                                                              0x00406aee
                                                                                                                              0x00406af1
                                                                                                                              0x00406af3
                                                                                                                              0x00406b01
                                                                                                                              0x00406b01
                                                                                                                              0x00406b04
                                                                                                                              0x00406b04
                                                                                                                              0x00406b07
                                                                                                                              0x00406b0a
                                                                                                                              0x00406b0d
                                                                                                                              0x00406b10
                                                                                                                              0x00406b13
                                                                                                                              0x00406b16
                                                                                                                              0x00000000
                                                                                                                              0x00406b16
                                                                                                                              0x00406af5
                                                                                                                              0x00406af5
                                                                                                                              0x00406afb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406afb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e9a
                                                                                                                              0x00406e9a
                                                                                                                              0x00406ea0
                                                                                                                              0x00406ea6
                                                                                                                              0x00406eab
                                                                                                                              0x00406eb1
                                                                                                                              0x00406eb7
                                                                                                                              0x00406eb9
                                                                                                                              0x00406ebc
                                                                                                                              0x00406ec5
                                                                                                                              0x00406ecb
                                                                                                                              0x00406ecb
                                                                                                                              0x00406ebe
                                                                                                                              0x00406ec0
                                                                                                                              0x00406ec2
                                                                                                                              0x00406ec2
                                                                                                                              0x00406ecd
                                                                                                                              0x00406ecf
                                                                                                                              0x00406ed2
                                                                                                                              0x00406f0d
                                                                                                                              0x00406f0d
                                                                                                                              0x00000000
                                                                                                                              0x00406ed4
                                                                                                                              0x00406ed4
                                                                                                                              0x00406ed4
                                                                                                                              0x00406eda
                                                                                                                              0x00406edd
                                                                                                                              0x00406edf
                                                                                                                              0x00406f14
                                                                                                                              0x00406f16
                                                                                                                              0x00000000
                                                                                                                              0x00406f16
                                                                                                                              0x00000000
                                                                                                                              0x00406edf
                                                                                                                              0x00000000
                                                                                                                              0x0040651e
                                                                                                                              0x00406eec
                                                                                                                              0x00000000
                                                                                                                              0x00406eec
                                                                                                                              0x00406900
                                                                                                                              0x00406902
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406904
                                                                                                                              0x00406904
                                                                                                                              0x00406907
                                                                                                                              0x00000000
                                                                                                                              0x00406907
                                                                                                                              0x0040684c
                                                                                                                              0x0040680d
                                                                                                                              0x00406ef1
                                                                                                                              0x00406ef4
                                                                                                                              0x00406ef6
                                                                                                                              0x00406eff
                                                                                                                              0x00406f05
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 82a44bc8fd526afdff965e1cd5e7f2d0a246497ca5c27b0c944ad4ba04d420dd
                                                                                                                              • Instruction ID: dc39b55080118b2a9f2c57fc2b953182458e36931565741e2945480d6a34e330
                                                                                                                              • Opcode Fuzzy Hash: 82a44bc8fd526afdff965e1cd5e7f2d0a246497ca5c27b0c944ad4ba04d420dd
                                                                                                                              • Instruction Fuzzy Hash: D2E19A7190070ADFDB24CF58D890BAAB7F1EB44305F15842EE897A76C1D738AA95CF44
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406FC4 Relevance: .3, Instructions: 300COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00406FC4(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x42d688 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x42d688;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x42d688 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                                                                                              0x00406fcf
                                                                                                                              0x00406fd7
                                                                                                                              0x00406fdb
                                                                                                                              0x00406fdd
                                                                                                                              0x00406fe0
                                                                                                                              0x00406fe2
                                                                                                                              0x00406fe2
                                                                                                                              0x00406fe4
                                                                                                                              0x00406feb
                                                                                                                              0x00406fed
                                                                                                                              0x00406fed
                                                                                                                              0x00406ff3
                                                                                                                              0x00407008
                                                                                                                              0x00407010
                                                                                                                              0x00407012
                                                                                                                              0x00407014
                                                                                                                              0x00407017
                                                                                                                              0x00407018
                                                                                                                              0x00407018
                                                                                                                              0x0040701e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407020
                                                                                                                              0x00407023
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407023
                                                                                                                              0x00407027
                                                                                                                              0x0040702a
                                                                                                                              0x0040702c
                                                                                                                              0x0040702c
                                                                                                                              0x0040702f
                                                                                                                              0x00407035
                                                                                                                              0x00407036
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407036
                                                                                                                              0x0040703b
                                                                                                                              0x0040703e
                                                                                                                              0x00407040
                                                                                                                              0x00407040
                                                                                                                              0x00407046
                                                                                                                              0x00407048
                                                                                                                              0x00407059
                                                                                                                              0x0040704c
                                                                                                                              0x00407050
                                                                                                                              0x004072f5
                                                                                                                              0x00000000
                                                                                                                              0x004072f5
                                                                                                                              0x00407056
                                                                                                                              0x00407057
                                                                                                                              0x00407057
                                                                                                                              0x0040705f
                                                                                                                              0x00407062
                                                                                                                              0x00407066
                                                                                                                              0x00407068
                                                                                                                              0x0040706a
                                                                                                                              0x0040706d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407075
                                                                                                                              0x0040707b
                                                                                                                              0x0040707d
                                                                                                                              0x0040707f
                                                                                                                              0x00407080
                                                                                                                              0x00407095
                                                                                                                              0x00407095
                                                                                                                              0x00407098
                                                                                                                              0x0040709a
                                                                                                                              0x0040709a
                                                                                                                              0x0040709c
                                                                                                                              0x004070a1
                                                                                                                              0x004070a3
                                                                                                                              0x004070aa
                                                                                                                              0x004070ac
                                                                                                                              0x004070b4
                                                                                                                              0x004070b4
                                                                                                                              0x004070b6
                                                                                                                              0x004070b7
                                                                                                                              0x004070c6
                                                                                                                              0x004070ca
                                                                                                                              0x004070ce
                                                                                                                              0x004070d1
                                                                                                                              0x004070d4
                                                                                                                              0x004070d9
                                                                                                                              0x004070dc
                                                                                                                              0x004070e2
                                                                                                                              0x004070e9
                                                                                                                              0x004070ef
                                                                                                                              0x004072e8
                                                                                                                              0x004072e8
                                                                                                                              0x004072ed
                                                                                                                              0x004072fc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004072ed
                                                                                                                              0x004070fc
                                                                                                                              0x004070ff
                                                                                                                              0x00407102
                                                                                                                              0x00407105
                                                                                                                              0x00407109
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407114
                                                                                                                              0x00407117
                                                                                                                              0x00407118
                                                                                                                              0x0040711a
                                                                                                                              0x00407120
                                                                                                                              0x00407123
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407129
                                                                                                                              0x0040712a
                                                                                                                              0x0040712d
                                                                                                                              0x00407130
                                                                                                                              0x00407133
                                                                                                                              0x00407139
                                                                                                                              0x0040713b
                                                                                                                              0x0040713b
                                                                                                                              0x00407143
                                                                                                                              0x00407147
                                                                                                                              0x0040714c
                                                                                                                              0x00407171
                                                                                                                              0x00407177
                                                                                                                              0x00407179
                                                                                                                              0x0040717b
                                                                                                                              0x0040717e
                                                                                                                              0x00407187
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040714e
                                                                                                                              0x0040714e
                                                                                                                              0x00407157
                                                                                                                              0x0040715b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040716c
                                                                                                                              0x0040716c
                                                                                                                              0x0040716f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040715f
                                                                                                                              0x00407162
                                                                                                                              0x00407164
                                                                                                                              0x00407168
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040716a
                                                                                                                              0x0040716a
                                                                                                                              0x00000000
                                                                                                                              0x0040716c
                                                                                                                              0x00407190
                                                                                                                              0x00407196
                                                                                                                              0x004071a0
                                                                                                                              0x004071a2
                                                                                                                              0x004071a7
                                                                                                                              0x004071a9
                                                                                                                              0x004071df
                                                                                                                              0x004071ab
                                                                                                                              0x004071ab
                                                                                                                              0x004071ae
                                                                                                                              0x004071b1
                                                                                                                              0x004071bb
                                                                                                                              0x004071be
                                                                                                                              0x004071c5
                                                                                                                              0x004071d0
                                                                                                                              0x004071d7
                                                                                                                              0x004071d7
                                                                                                                              0x004071e1
                                                                                                                              0x004071e4
                                                                                                                              0x004071e6
                                                                                                                              0x004071ec
                                                                                                                              0x004071ec
                                                                                                                              0x004071f5
                                                                                                                              0x004071f8
                                                                                                                              0x004071fd
                                                                                                                              0x0040720c
                                                                                                                              0x00407214
                                                                                                                              0x00407219
                                                                                                                              0x0040723d
                                                                                                                              0x00407245
                                                                                                                              0x00407249
                                                                                                                              0x0040724f
                                                                                                                              0x0040721b
                                                                                                                              0x00407229
                                                                                                                              0x0040722c
                                                                                                                              0x00407232
                                                                                                                              0x00407232
                                                                                                                              0x00407253
                                                                                                                              0x0040720e
                                                                                                                              0x0040720e
                                                                                                                              0x0040720e
                                                                                                                              0x00407264
                                                                                                                              0x00407268
                                                                                                                              0x00407274
                                                                                                                              0x0040726f
                                                                                                                              0x00407272
                                                                                                                              0x00407272
                                                                                                                              0x0040727c
                                                                                                                              0x00407281
                                                                                                                              0x00407289
                                                                                                                              0x00407285
                                                                                                                              0x00407287
                                                                                                                              0x00407287
                                                                                                                              0x0040728f
                                                                                                                              0x00407291
                                                                                                                              0x00407298
                                                                                                                              0x004072a2
                                                                                                                              0x004072ac
                                                                                                                              0x004072c8
                                                                                                                              0x004072cc
                                                                                                                              0x00407111
                                                                                                                              0x00407117
                                                                                                                              0x00407118
                                                                                                                              0x0040711a
                                                                                                                              0x00407120
                                                                                                                              0x00407123
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00407123
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004072ae
                                                                                                                              0x004072ae
                                                                                                                              0x004072ae
                                                                                                                              0x004072b3
                                                                                                                              0x004072bc
                                                                                                                              0x004072c5
                                                                                                                              0x00000000
                                                                                                                              0x004072c5
                                                                                                                              0x004072d2
                                                                                                                              0x004072d2
                                                                                                                              0x004072d5
                                                                                                                              0x004072dc
                                                                                                                              0x004072df
                                                                                                                              0x00000000
                                                                                                                              0x00407102
                                                                                                                              0x00407082
                                                                                                                              0x00407084
                                                                                                                              0x00407084
                                                                                                                              0x00407088
                                                                                                                              0x0040708b
                                                                                                                              0x0040708c
                                                                                                                              0x0040708c
                                                                                                                              0x00000000
                                                                                                                              0x00407084
                                                                                                                              0x00406ff8
                                                                                                                              0x00406ffe
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fca4b55698b2abcc8e5cbf272b741b12ffb4e3b740e9774b5bdfc5da95159218
                                                                                                                              • Instruction ID: 2f0950e66cb79552dca6b2fc49cb98149526550dbc918883d7c1b9af38c738a1
                                                                                                                              • Opcode Fuzzy Hash: fca4b55698b2abcc8e5cbf272b741b12ffb4e3b740e9774b5bdfc5da95159218
                                                                                                                              • Instruction Fuzzy Hash: 42C13831E042598BCF18CF68D4905EEB7B2BF99314F25827ED8567B380D734A942CB95
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404AA3 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E00404AA3(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				void* _t205;
				intOrPtr _t206;
				intOrPtr _t208;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t287;
				long _t290;
				void* _t291;
				signed int _t300;
				signed int _t308;
				void* _t309;
				void* _t310;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x42f448;
				_v28 =  *0x42f414 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x42f41d & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E004049F1(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x418 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x42f41c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x42a854; // 0x0
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x42a868; // 0x0
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x42a854 = 0;
								 *0x42a868 = 0;
								 *0x42f480 = 0;
							}
							if(_a8 != 0x40f) {
								L88:
								if(_a8 == 0x420 && ( *0x42f41d & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L91;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404A71();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_t205 =  *0x42a868; // 0x0
									_v36 = _t205;
									_t206 =  *0x42f448;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42f44c <= 0) {
										L86:
										InvalidateRect(_v8, 0, 1);
										_t208 =  *0x42ebdc; // 0x75d51b
										if( *((intOrPtr*)(_t208 + 0x10)) != 0) {
											E004049AC(0x3ff, 0xfffffffb, E004049C4(5));
										}
										goto L88;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x106]);
									} while (_v24 <  *0x42f44c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x42a868);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L91;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L91;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x42f480 = _a4;
					_v20 = 2;
					 *0x42a868 = GlobalAlloc(0x40,  *0x42f44c << 2);
					_t264 = LoadImageA( *0x42f400, 0x6e, 0, 0, 0, 0);
					 *0x42a85c =  *0x42a85c | 0xffffffff;
					_v16 = _t264;
					 *0x42a864 = SetWindowLongA(_v8, 0xfffffffc, E004050AB);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x42a854 = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x42a854);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E00406032(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E0040409E(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E0040409E(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x42f44c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										_t287 = SendMessageA(_v8, 0x1100, 0,  &_v88);
										_t309 =  *0x42a868; // 0x0
										 *(_t309 + _t329 * 4) = _t287;
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_t310 =  *0x42a868; // 0x0
									_v36 = 1;
									 *(_t310 + _t329 * 4) = _t290;
									_t291 =  *0x42a868; // 0x0
									_v16 =  *(_t291 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x418]);
							_v32 = _t316;
						} while (_t329 <  *0x42f44c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004040D3(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004040D3(_v12);
								L91:
								return E00404105(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}































































                                                                                                                              0x00404ac1
                                                                                                                              0x00404ac9
                                                                                                                              0x00404ad1
                                                                                                                              0x00404ad7
                                                                                                                              0x00404aef
                                                                                                                              0x00404af2
                                                                                                                              0x00404af3
                                                                                                                              0x00404d20
                                                                                                                              0x00404d27
                                                                                                                              0x00404d3b
                                                                                                                              0x00404d29
                                                                                                                              0x00404d2b
                                                                                                                              0x00404d2e
                                                                                                                              0x00404d2f
                                                                                                                              0x00404d36
                                                                                                                              0x00404d36
                                                                                                                              0x00404d47
                                                                                                                              0x00404d55
                                                                                                                              0x00404d58
                                                                                                                              0x00404d6e
                                                                                                                              0x00404de3
                                                                                                                              0x00404de6
                                                                                                                              0x00404de8
                                                                                                                              0x00404df2
                                                                                                                              0x00404e00
                                                                                                                              0x00404e00
                                                                                                                              0x00404e02
                                                                                                                              0x00404e0c
                                                                                                                              0x00404e12
                                                                                                                              0x00404e15
                                                                                                                              0x00404e18
                                                                                                                              0x00404e33
                                                                                                                              0x00404e1a
                                                                                                                              0x00404e24
                                                                                                                              0x00404e24
                                                                                                                              0x00404e18
                                                                                                                              0x00404e0c
                                                                                                                              0x00000000
                                                                                                                              0x00404de6
                                                                                                                              0x00404d73
                                                                                                                              0x00404d7e
                                                                                                                              0x00404d83
                                                                                                                              0x00404d8a
                                                                                                                              0x00404d8f
                                                                                                                              0x00404d93
                                                                                                                              0x00404d9e
                                                                                                                              0x00404d9e
                                                                                                                              0x00404da2
                                                                                                                              0x00404da6
                                                                                                                              0x00404daa
                                                                                                                              0x00404dbd
                                                                                                                              0x00404dac
                                                                                                                              0x00404dac
                                                                                                                              0x00404db3
                                                                                                                              0x00404db9
                                                                                                                              0x00404db5
                                                                                                                              0x00404db5
                                                                                                                              0x00404db5
                                                                                                                              0x00404db3
                                                                                                                              0x00404dc1
                                                                                                                              0x00404dc3
                                                                                                                              0x00404dd6
                                                                                                                              0x00404dd9
                                                                                                                              0x00404ddc
                                                                                                                              0x00404ddc
                                                                                                                              0x00404da6
                                                                                                                              0x00000000
                                                                                                                              0x00404d93
                                                                                                                              0x00404d75
                                                                                                                              0x00404d7c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404e36
                                                                                                                              0x00404e36
                                                                                                                              0x00404e3d
                                                                                                                              0x00404eae
                                                                                                                              0x00404eb6
                                                                                                                              0x00404ebe
                                                                                                                              0x00404ebe
                                                                                                                              0x00404ec7
                                                                                                                              0x00404ec9
                                                                                                                              0x00404ed0
                                                                                                                              0x00404ed3
                                                                                                                              0x00404ed3
                                                                                                                              0x00404ed9
                                                                                                                              0x00404ee0
                                                                                                                              0x00404ee3
                                                                                                                              0x00404ee3
                                                                                                                              0x00404ee9
                                                                                                                              0x00404eef
                                                                                                                              0x00404ef5
                                                                                                                              0x00404ef5
                                                                                                                              0x00404f02
                                                                                                                              0x00405058
                                                                                                                              0x0040505f
                                                                                                                              0x0040507c
                                                                                                                              0x00405082
                                                                                                                              0x00405094
                                                                                                                              0x00405094
                                                                                                                              0x00000000
                                                                                                                              0x00404f08
                                                                                                                              0x00404f0a
                                                                                                                              0x00404f0f
                                                                                                                              0x00404f14
                                                                                                                              0x00404f19
                                                                                                                              0x00404f1b
                                                                                                                              0x00404f1b
                                                                                                                              0x00404f1c
                                                                                                                              0x00404f1d
                                                                                                                              0x00404f1f
                                                                                                                              0x00404f1f
                                                                                                                              0x00404f27
                                                                                                                              0x00404f68
                                                                                                                              0x00404f6a
                                                                                                                              0x00404f6f
                                                                                                                              0x00404f7a
                                                                                                                              0x00404f7d
                                                                                                                              0x00404f82
                                                                                                                              0x00404f89
                                                                                                                              0x00404f8c
                                                                                                                              0x0040502e
                                                                                                                              0x00405034
                                                                                                                              0x0040503a
                                                                                                                              0x00405042
                                                                                                                              0x00405053
                                                                                                                              0x00405053
                                                                                                                              0x00000000
                                                                                                                              0x00405042
                                                                                                                              0x00404f92
                                                                                                                              0x00404f95
                                                                                                                              0x00404f9b
                                                                                                                              0x00404fa0
                                                                                                                              0x00404fa2
                                                                                                                              0x00404fa4
                                                                                                                              0x00404faa
                                                                                                                              0x00404fb1
                                                                                                                              0x00404fb6
                                                                                                                              0x00404fbd
                                                                                                                              0x00404fc0
                                                                                                                              0x00404fc0
                                                                                                                              0x00404fc7
                                                                                                                              0x00404fd3
                                                                                                                              0x00404fd7
                                                                                                                              0x00404fd9
                                                                                                                              0x00404fd9
                                                                                                                              0x00404fc9
                                                                                                                              0x00404fcb
                                                                                                                              0x00404fcb
                                                                                                                              0x00404ff9
                                                                                                                              0x00405005
                                                                                                                              0x00405014
                                                                                                                              0x00405014
                                                                                                                              0x00405016
                                                                                                                              0x00405019
                                                                                                                              0x00405022
                                                                                                                              0x00000000
                                                                                                                              0x00404f29
                                                                                                                              0x00404f34
                                                                                                                              0x00404f37
                                                                                                                              0x00404f3c
                                                                                                                              0x00404f3e
                                                                                                                              0x00404f42
                                                                                                                              0x00404f52
                                                                                                                              0x00404f5c
                                                                                                                              0x00404f5e
                                                                                                                              0x00404f61
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404f44
                                                                                                                              0x00404f44
                                                                                                                              0x00404f4a
                                                                                                                              0x00404f4c
                                                                                                                              0x00404f4c
                                                                                                                              0x00404f4d
                                                                                                                              0x00404f4e
                                                                                                                              0x00000000
                                                                                                                              0x00404f44
                                                                                                                              0x00404f27
                                                                                                                              0x00404f02
                                                                                                                              0x00404e45
                                                                                                                              0x00000000
                                                                                                                              0x00404e5b
                                                                                                                              0x00404e65
                                                                                                                              0x00404e6a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404e7c
                                                                                                                              0x00404e81
                                                                                                                              0x00404e8d
                                                                                                                              0x00404e8d
                                                                                                                              0x00404e8f
                                                                                                                              0x00404e9e
                                                                                                                              0x00404ea0
                                                                                                                              0x00404ea4
                                                                                                                              0x00404ea7
                                                                                                                              0x00000000
                                                                                                                              0x00404ea7
                                                                                                                              0x00404e45
                                                                                                                              0x00404af9
                                                                                                                              0x00404afc
                                                                                                                              0x00404aff
                                                                                                                              0x00404b0f
                                                                                                                              0x00404b22
                                                                                                                              0x00404b2d
                                                                                                                              0x00404b33
                                                                                                                              0x00404b41
                                                                                                                              0x00404b54
                                                                                                                              0x00404b59
                                                                                                                              0x00404b64
                                                                                                                              0x00404b6d
                                                                                                                              0x00404b83
                                                                                                                              0x00404b93
                                                                                                                              0x00404b9f
                                                                                                                              0x00404b9f
                                                                                                                              0x00404ba4
                                                                                                                              0x00404baa
                                                                                                                              0x00404bac
                                                                                                                              0x00404baf
                                                                                                                              0x00404bb4
                                                                                                                              0x00404bb9
                                                                                                                              0x00404bbb
                                                                                                                              0x00404bbb
                                                                                                                              0x00404bdb
                                                                                                                              0x00404bdb
                                                                                                                              0x00404bdd
                                                                                                                              0x00404bde
                                                                                                                              0x00404be3
                                                                                                                              0x00404be9
                                                                                                                              0x00404bed
                                                                                                                              0x00404bf2
                                                                                                                              0x00404bfa
                                                                                                                              0x00404bfe
                                                                                                                              0x00404c03
                                                                                                                              0x00404c08
                                                                                                                              0x00404c10
                                                                                                                              0x00404c13
                                                                                                                              0x00404ce2
                                                                                                                              0x00404cf5
                                                                                                                              0x00000000
                                                                                                                              0x00404c19
                                                                                                                              0x00404c1c
                                                                                                                              0x00404c1f
                                                                                                                              0x00404c22
                                                                                                                              0x00404c22
                                                                                                                              0x00404c27
                                                                                                                              0x00404c30
                                                                                                                              0x00404c33
                                                                                                                              0x00404c37
                                                                                                                              0x00404c3a
                                                                                                                              0x00404c3d
                                                                                                                              0x00404c46
                                                                                                                              0x00404c4f
                                                                                                                              0x00404c52
                                                                                                                              0x00404c55
                                                                                                                              0x00404c58
                                                                                                                              0x00404c96
                                                                                                                              0x00404cb9
                                                                                                                              0x00404cbb
                                                                                                                              0x00404cc1
                                                                                                                              0x00404c98
                                                                                                                              0x00404ca7
                                                                                                                              0x00404ca7
                                                                                                                              0x00404c5a
                                                                                                                              0x00404c5d
                                                                                                                              0x00404c6b
                                                                                                                              0x00404c75
                                                                                                                              0x00404c77
                                                                                                                              0x00404c7d
                                                                                                                              0x00404c84
                                                                                                                              0x00404c87
                                                                                                                              0x00404c8f
                                                                                                                              0x00404c8f
                                                                                                                              0x00404c58
                                                                                                                              0x00404cc7
                                                                                                                              0x00404cc8
                                                                                                                              0x00404cd4
                                                                                                                              0x00404cd4
                                                                                                                              0x00404ce0
                                                                                                                              0x00404cfb
                                                                                                                              0x00404cfe
                                                                                                                              0x00404d1b
                                                                                                                              0x00000000
                                                                                                                              0x00404d00
                                                                                                                              0x00404d05
                                                                                                                              0x00404d0e
                                                                                                                              0x00405096
                                                                                                                              0x004050a8
                                                                                                                              0x004050a8
                                                                                                                              0x00404cfe
                                                                                                                              0x00000000
                                                                                                                              0x00404ce0
                                                                                                                              0x00404c13

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                              • String ID: $M$N
                                                                                                                              • API String ID: 2564846305-813528018
                                                                                                                              • Opcode ID: 7979eb89c2ba789210c478efbd40ca5770d0cf58fb7a2a7deeb4f629e08dd5c3
                                                                                                                              • Instruction ID: b93138f0eedc2449d1e9bfda9be5258a8e47cdb0f0c7c2118b7039f3366b9e37
                                                                                                                              • Opcode Fuzzy Hash: 7979eb89c2ba789210c478efbd40ca5770d0cf58fb7a2a7deeb4f629e08dd5c3
                                                                                                                              • Instruction Fuzzy Hash: AA026EB0900209AFEB20DFA5DD45AAE7BB5FB44314F14813AF614B62E0C7799D52CF58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404209 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E00404209(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				intOrPtr _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				signed int _t106;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L11:
						__eflags = _a8 - 0x4e;
						if(_a8 != 0x4e) {
							__eflags = _a8 - 0x40b;
							if(_a8 == 0x40b) {
								 *0x42983c =  *0x42983c + 1;
								__eflags =  *0x42983c;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00404105(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x70b;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b) {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x201;
							if( *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
								_t100 =  *((intOrPtr*)(_t110 + 0x1c));
								_t109 =  *((intOrPtr*)(_t110 + 0x18));
								_v12 = _t100;
								__eflags = _t100 - _t109 - 0x800;
								_v16 = _t109;
								_v8 = 0x42e3a0;
								if(_t100 - _t109 < 0x800) {
									SendMessageA(_t52, 0x44b, 0,  &_v16);
									SetCursor(LoadCursorA(0, 0x7f02));
									_push(1);
									E004044AD(_a4, _v8);
									SetCursor(LoadCursorA(0, 0x7f00));
									_t110 = _a16;
								}
							}
						}
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x700;
						if( *((intOrPtr*)(_t110 + 8)) != 0x700) {
							goto L26;
						} else {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x100;
							if( *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
								goto L26;
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0xd;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x42f408, 0x111, 1, 0);
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0x1b;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x42f408, 0x10, 0, 0);
							}
							return 1;
						}
					}
					__eflags = _a12 >> 0x10;
					if(_a12 >> 0x10 != 0) {
						goto L25;
					}
					__eflags =  *0x42983c; // 0x0
					if(__eflags != 0) {
						goto L25;
					}
					_t103 =  *0x42a048; // 0x758dbc
					_t25 = _t103 + 0x14; // 0x758dd0
					_t112 = _t25;
					__eflags =  *_t112 & 0x00000020;
					if(( *_t112 & 0x00000020) == 0) {
						goto L25;
					}
					_t106 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
					__eflags = _t106;
					 *_t112 = _t106;
					E004040C0(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
					E00404489();
					goto L11;
				} else {
					_t98 = _a16;
					_t113 =  *(_t98 + 0x30);
					if(_t113 < 0) {
						_t107 =  *0x42ebdc; // 0x75d51b
						_t113 =  *(_t107 - 4 + _t113 * 4);
					}
					_push( *((intOrPtr*)(_t98 + 0x34)));
					_t114 = _t113 +  *0x42f458;
					_push(0x22);
					_a16 =  *_t114;
					_v12 = _v12 & 0x00000000;
					_t115 = _t114 + 1;
					_v16 = _t115;
					_v8 = E004041D4;
					E0040409E(_a4);
					_push( *((intOrPtr*)(_t98 + 0x38)));
					_push(0x23);
					E0040409E(_a4);
					CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
					E004040C0( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
					_t99 = GetDlgItem(_a4, 0x3e8);
					E004040D3(_t99);
					SendMessageA(_t99, 0x45b, 1, 0);
					_t86 =  *( *0x42f414 + 0x68);
					if(_t86 < 0) {
						_t86 = GetSysColor( ~_t86);
					}
					SendMessageA(_t99, 0x443, 0, _t86);
					SendMessageA(_t99, 0x445, 0, 0x4010000);
					SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
					 *0x42983c = 0;
					SendMessageA(_t99, 0x449, _a16,  &_v16);
					 *0x42983c = 0;
					return 0;
				}
			}




















                                                                                                                              0x00404219
                                                                                                                              0x0040432b
                                                                                                                              0x0040433e
                                                                                                                              0x0040439a
                                                                                                                              0x0040439a
                                                                                                                              0x0040439e
                                                                                                                              0x00404464
                                                                                                                              0x0040446b
                                                                                                                              0x0040446d
                                                                                                                              0x0040446d
                                                                                                                              0x0040446d
                                                                                                                              0x00404473
                                                                                                                              0x00404473
                                                                                                                              0x00404476
                                                                                                                              0x00000000
                                                                                                                              0x0040447d
                                                                                                                              0x004043ac
                                                                                                                              0x004043ae
                                                                                                                              0x004043b1
                                                                                                                              0x004043b8
                                                                                                                              0x004043ba
                                                                                                                              0x004043c1
                                                                                                                              0x004043c3
                                                                                                                              0x004043c6
                                                                                                                              0x004043c9
                                                                                                                              0x004043ce
                                                                                                                              0x004043d4
                                                                                                                              0x004043d7
                                                                                                                              0x004043de
                                                                                                                              0x004043ec
                                                                                                                              0x00404404
                                                                                                                              0x00404406
                                                                                                                              0x0040440e
                                                                                                                              0x0040441d
                                                                                                                              0x0040441f
                                                                                                                              0x0040441f
                                                                                                                              0x004043de
                                                                                                                              0x004043c1
                                                                                                                              0x00404422
                                                                                                                              0x00404429
                                                                                                                              0x00000000
                                                                                                                              0x0040442b
                                                                                                                              0x0040442b
                                                                                                                              0x00404432
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404434
                                                                                                                              0x00404438
                                                                                                                              0x00404449
                                                                                                                              0x00404449
                                                                                                                              0x0040444b
                                                                                                                              0x0040444f
                                                                                                                              0x0040445d
                                                                                                                              0x0040445d
                                                                                                                              0x00000000
                                                                                                                              0x00404461
                                                                                                                              0x00404429
                                                                                                                              0x00404346
                                                                                                                              0x00404349
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404351
                                                                                                                              0x00404357
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040435d
                                                                                                                              0x00404363
                                                                                                                              0x00404363
                                                                                                                              0x00404366
                                                                                                                              0x00404369
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040438c
                                                                                                                              0x0040438c
                                                                                                                              0x0040438e
                                                                                                                              0x00404390
                                                                                                                              0x00404395
                                                                                                                              0x00000000
                                                                                                                              0x0040421f
                                                                                                                              0x0040421f
                                                                                                                              0x00404222
                                                                                                                              0x00404227
                                                                                                                              0x00404229
                                                                                                                              0x00404238
                                                                                                                              0x00404238
                                                                                                                              0x0040423f
                                                                                                                              0x00404242
                                                                                                                              0x00404244
                                                                                                                              0x00404249
                                                                                                                              0x00404252
                                                                                                                              0x00404258
                                                                                                                              0x00404264
                                                                                                                              0x00404267
                                                                                                                              0x00404270
                                                                                                                              0x00404275
                                                                                                                              0x00404278
                                                                                                                              0x0040427d
                                                                                                                              0x00404294
                                                                                                                              0x0040429b
                                                                                                                              0x004042ae
                                                                                                                              0x004042b1
                                                                                                                              0x004042c6
                                                                                                                              0x004042cd
                                                                                                                              0x004042d2
                                                                                                                              0x004042d7
                                                                                                                              0x004042d7
                                                                                                                              0x004042e6
                                                                                                                              0x004042f5
                                                                                                                              0x00404307
                                                                                                                              0x0040430c
                                                                                                                              0x0040431c
                                                                                                                              0x0040431e
                                                                                                                              0x00000000
                                                                                                                              0x00404324

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                              • String ID: : Completed$N
                                                                                                                              • API String ID: 3103080414-2140067464
                                                                                                                              • Opcode ID: 448c26d367fa4ce24fea73f86f3c1ebcb169a2680b3cc918c82a0762cc84cb42
                                                                                                                              • Instruction ID: e1855738532d9be41fcebd9a9c4146cd0e241e622fdf0fb061f71f1fb699f553
                                                                                                                              • Opcode Fuzzy Hash: 448c26d367fa4ce24fea73f86f3c1ebcb169a2680b3cc918c82a0762cc84cb42
                                                                                                                              • Instruction Fuzzy Hash: 2661A4B1A40208BFDB109F61DD45F6A7B69FB84314F00803AFB057A1D1C7B8A952CF98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42f414;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "Wildix WIService  v2.15.2 Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42f408;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                                                              0x0040100a
                                                                                                                              0x00401039
                                                                                                                              0x00401047
                                                                                                                              0x0040104d
                                                                                                                              0x00401051
                                                                                                                              0x0040105b
                                                                                                                              0x00401061
                                                                                                                              0x00401064
                                                                                                                              0x004010f3
                                                                                                                              0x00401089
                                                                                                                              0x0040108c
                                                                                                                              0x004010a6
                                                                                                                              0x004010bd
                                                                                                                              0x004010cc
                                                                                                                              0x004010cf
                                                                                                                              0x004010d5
                                                                                                                              0x004010d9
                                                                                                                              0x004010e4
                                                                                                                              0x004010ed
                                                                                                                              0x004010ef
                                                                                                                              0x004010ef
                                                                                                                              0x00401100
                                                                                                                              0x00401105
                                                                                                                              0x0040110d
                                                                                                                              0x00401110
                                                                                                                              0x00401112
                                                                                                                              0x00401118
                                                                                                                              0x0040111f
                                                                                                                              0x00401126
                                                                                                                              0x00401130
                                                                                                                              0x00401142
                                                                                                                              0x00401156
                                                                                                                              0x00401160
                                                                                                                              0x00401165
                                                                                                                              0x00401165
                                                                                                                              0x00401110
                                                                                                                              0x0040116e
                                                                                                                              0x00000000
                                                                                                                              0x00401178
                                                                                                                              0x00401010
                                                                                                                              0x00401013
                                                                                                                              0x00401015
                                                                                                                              0x0040101f
                                                                                                                              0x0040101f
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                              • GetClientRect.USER32 ref: 0040105B
                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                              • FillRect.USER32 ref: 004010E4
                                                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                              • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                              • DrawTextA.USER32(00000000,Wildix WIService v2.15.2 Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                              • String ID: F$Wildix WIService v2.15.2 Setup
                                                                                                                              • API String ID: 941294808-1758028607
                                                                                                                              • Opcode ID: 7b2e9886d4a0a86190cfd2eb73994447d751dd60ad8b28ccd238e082d53d4ecc
                                                                                                                              • Instruction ID: a83fe4be3842045fa55e49ef5e4516223b86fcdf0b70f1128ddfc4a40beffe79
                                                                                                                              • Opcode Fuzzy Hash: 7b2e9886d4a0a86190cfd2eb73994447d751dd60ad8b28ccd238e082d53d4ecc
                                                                                                                              • Instruction Fuzzy Hash: 48418C71400209AFCB058FA5DE459BF7BB9FF45314F00842EF9A1AA1A0C7749955DFA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405C7F Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405C7F(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x42c600 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameA( *(_t52 + 0x1c), 0x42ca00, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x42c200, "%s=%s\r\n", 0x42c600, 0x42ca00);
						_t53 = _t52 + 0x10;
						E00406032(_t37, 0x400, 0x42ca00, 0x42ca00,  *((intOrPtr*)( *0x42f414 + 0x128)));
						_t12 = E00405BA9(0x42ca00, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405C21(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405B0E(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405B0E(_t38, _t21 + 0xa, 0x40a3b8);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405B64(_t24 + _t46, 0x42c200, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405C50(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405BA9(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x42c600, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                                                              0x00405c7f
                                                                                                                              0x00405c88
                                                                                                                              0x00405c8f
                                                                                                                              0x00405ca3
                                                                                                                              0x00405ccb
                                                                                                                              0x00405cd6
                                                                                                                              0x00405cda
                                                                                                                              0x00405cfa
                                                                                                                              0x00405d01
                                                                                                                              0x00405d0b
                                                                                                                              0x00405d18
                                                                                                                              0x00405d1d
                                                                                                                              0x00405d22
                                                                                                                              0x00405d26
                                                                                                                              0x00405d35
                                                                                                                              0x00405d37
                                                                                                                              0x00405d44
                                                                                                                              0x00405d48
                                                                                                                              0x00405de3
                                                                                                                              0x00000000
                                                                                                                              0x00405d5e
                                                                                                                              0x00405d6b
                                                                                                                              0x00405d8f
                                                                                                                              0x00405d93
                                                                                                                              0x00405db2
                                                                                                                              0x00405db6
                                                                                                                              0x00405db6
                                                                                                                              0x00405db8
                                                                                                                              0x00405dc1
                                                                                                                              0x00405dcc
                                                                                                                              0x00405dd7
                                                                                                                              0x00405ddd
                                                                                                                              0x00000000
                                                                                                                              0x00405ddd
                                                                                                                              0x00405d95
                                                                                                                              0x00405d98
                                                                                                                              0x00405da3
                                                                                                                              0x00405d9f
                                                                                                                              0x00405da1
                                                                                                                              0x00405da2
                                                                                                                              0x00405da2
                                                                                                                              0x00405daa
                                                                                                                              0x00405dac
                                                                                                                              0x00000000
                                                                                                                              0x00405dac
                                                                                                                              0x00405d76
                                                                                                                              0x00405d7c
                                                                                                                              0x00000000
                                                                                                                              0x00405d7c
                                                                                                                              0x00405d48
                                                                                                                              0x00405d26
                                                                                                                              0x00405ca5
                                                                                                                              0x00405cb0
                                                                                                                              0x00405cb9
                                                                                                                              0x00405cbd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405cbd
                                                                                                                              0x00405dee

                                                                                                                              APIs
                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405E10,?,?), ref: 00405CB0
                                                                                                                              • GetShortPathNameA.KERNEL32 ref: 00405CB9
                                                                                                                                • Part of subcall function 00405B0E: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B1E
                                                                                                                                • Part of subcall function 00405B0E: lstrlenA.KERNEL32(00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B50
                                                                                                                              • GetShortPathNameA.KERNEL32 ref: 00405CD6
                                                                                                                              • wsprintfA.USER32 ref: 00405CF4
                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,0042CA00,C0000000,00000004,0042CA00,?,?,?,?,?), ref: 00405D2F
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405D3E
                                                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D76
                                                                                                                              • SetFilePointer.KERNEL32(0040A3B8,00000000,00000000,00000000,00000000,0042C200,00000000,-0000000A,0040A3B8,00000000,[Rename],00000000,00000000,00000000), ref: 00405DCC
                                                                                                                              • GlobalFree.KERNEL32 ref: 00405DDD
                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405DE4
                                                                                                                                • Part of subcall function 00405BA9: GetFileAttributesA.KERNELBASE(00000003,00402E04,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405BAD
                                                                                                                                • Part of subcall function 00405BA9: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BCF
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                              • String ID: %s=%s$[Rename]
                                                                                                                              • API String ID: 2171350718-1727408572
                                                                                                                              • Opcode ID: f77fbfde1968c6cc6d109ac9641d83ed14e9d60a65f6ef3fc352fd67b9dcf635
                                                                                                                              • Instruction ID: 5f10e72b046bb4c3808544f3b96a1b07f09bbbda3d3e46611c613b54f85f09c3
                                                                                                                              • Opcode Fuzzy Hash: f77fbfde1968c6cc6d109ac9641d83ed14e9d60a65f6ef3fc352fd67b9dcf635
                                                                                                                              • Instruction Fuzzy Hash: F631F231600B15ABD2207BA59D4DFAB3A6CDF42754F14443BFA01F62D2DA7CE8058ABD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 739124D8 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 124COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 89%
                                                                                                                              			E739124D8(intOrPtr* _a4) {
				char _v80;
				int _v84;
				intOrPtr _v88;
				short _v92;
				intOrPtr* _t28;
				void* _t30;
				intOrPtr _t31;
				signed int _t43;
				void* _t44;
				intOrPtr _t45;
				void* _t48;

				_t44 = E73911215();
				_t28 = _a4;
				_t45 =  *((intOrPtr*)(_t28 + 0x814));
				_v88 = _t45;
				_t48 = (_t45 + 0x41 << 5) + _t28;
				do {
					if( *((intOrPtr*)(_t48 - 4)) >= 0) {
					}
					_t43 =  *(_t48 - 8) & 0x000000ff;
					if(_t43 <= 7) {
						switch( *((intOrPtr*)(_t43 * 4 +  &M73912626))) {
							case 0:
								 *_t44 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									_v84 = __ecx;
									__ecx =  *(0x7391307c + __edx * 4);
									__edx = _v84;
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x7391309c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E73911429(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__eax = lstrcpynA(__edi,  *__eax,  *0x7391405c);
								goto L17;
							case 4:
								__ecx =  *0x7391405c;
								__edx = __ecx - 1;
								__eax = WideCharToMultiByte(__ebx, __ebx,  *__eax, __ecx, __edi, __edx, __ebx, __ebx);
								__eax =  *0x7391405c;
								 *((char*)(__eax + __edi - 1)) = __bl;
								goto L17;
							case 5:
								__ecx =  &_v80;
								_push(0x27);
								_push(__ecx);
								_push( *__eax);
								" {xv@uxv"();
								__eax =  &_v92;
								__eax = WideCharToMultiByte(__ebx, __ebx,  &_v92,  &_v92, __edi,  *0x7391405c, __ebx, __ebx);
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfA(__edi, 0x73914000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t30 =  *(_t48 + 0x14);
					if(_t30 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t48 - 4)) > 0)) {
						GlobalFree(_t30);
					}
					_t31 =  *((intOrPtr*)(_t48 + 0xc));
					if(_t31 != 0) {
						if(_t31 != 0xffffffff) {
							if(_t31 > 0) {
								E739112D1(_t31 - 1, _t44);
								goto L26;
							}
						} else {
							E73911266(_t44);
							L26:
						}
					}
					_v88 = _v88 - 1;
					_t48 = _t48 - 0x20;
				} while (_v88 >= 0);
				return GlobalFree(_t44);
			}














                                                                                                                              0x739124e4
                                                                                                                              0x739124e6
                                                                                                                              0x739124f0
                                                                                                                              0x739124f6
                                                                                                                              0x73912500
                                                                                                                              0x73912504
                                                                                                                              0x73912509
                                                                                                                              0x73912509
                                                                                                                              0x73912511
                                                                                                                              0x73912518
                                                                                                                              0x7391251e
                                                                                                                              0x00000000
                                                                                                                              0x73912525
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x7391252c
                                                                                                                              0x73912530
                                                                                                                              0x73912533
                                                                                                                              0x73912537
                                                                                                                              0x7391253e
                                                                                                                              0x73912542
                                                                                                                              0x73912548
                                                                                                                              0x7391254a
                                                                                                                              0x7391254c
                                                                                                                              0x7391254c
                                                                                                                              0x73912553
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x7391255c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x7391256c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73912598
                                                                                                                              0x739125a0
                                                                                                                              0x739125aa
                                                                                                                              0x739125ac
                                                                                                                              0x739125b1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73912574
                                                                                                                              0x73912578
                                                                                                                              0x7391257a
                                                                                                                              0x7391257b
                                                                                                                              0x7391257d
                                                                                                                              0x7391258d
                                                                                                                              0x73912594
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x739125b7
                                                                                                                              0x739125b9
                                                                                                                              0x739125bf
                                                                                                                              0x739125c5
                                                                                                                              0x739125c5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x7391251e
                                                                                                                              0x739125c8
                                                                                                                              0x739125c8
                                                                                                                              0x739125cd
                                                                                                                              0x739125de
                                                                                                                              0x739125de
                                                                                                                              0x739125e4
                                                                                                                              0x739125e9
                                                                                                                              0x739125ee
                                                                                                                              0x739125fa
                                                                                                                              0x739125ff
                                                                                                                              0x00000000
                                                                                                                              0x73912604
                                                                                                                              0x739125f0
                                                                                                                              0x739125f1
                                                                                                                              0x73912605
                                                                                                                              0x73912605
                                                                                                                              0x739125ee
                                                                                                                              0x73912606
                                                                                                                              0x7391260a
                                                                                                                              0x7391260d
                                                                                                                              0x73912625

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 73911215: GlobalAlloc.KERNEL32(00000040,73911233,?,739112CF,-7391404B,739111AB,-000000A0), ref: 7391121D
                                                                                                                              • GlobalFree.KERNEL32 ref: 739125DE
                                                                                                                              • GlobalFree.KERNEL32 ref: 73912618
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.523462386.0000000073911000.00000020.00000001.01000000.00000005.sdmp, Offset: 73910000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.523447585.0000000073910000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.523475506.0000000073913000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.523488453.0000000073915000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_73910000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$Free$Alloc
                                                                                                                              • String ID: {xv@uxv
                                                                                                                              • API String ID: 1780285237-1953920604
                                                                                                                              • Opcode ID: 120cfcd36837a49ee9cd58f397441f6c0d12331edd1c6d04be83ffcba09cf461
                                                                                                                              • Instruction ID: 6566cfe8cef20c9acbf6fad9daa1642881e2ae984d68a5a7e95435600a5ed191
                                                                                                                              • Opcode Fuzzy Hash: 120cfcd36837a49ee9cd58f397441f6c0d12331edd1c6d04be83ffcba09cf461
                                                                                                                              • Instruction Fuzzy Hash: DF41E37210820EEFD702AF55CCD4E6ABBFEEB85244B14452DF595BB144D7319824CB63
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 739122F1 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E739122F1(void* __edx, intOrPtr _a4) {
				signed int _v4;
				signed int _v8;
				void* _t38;
				signed int _t39;
				void* _t40;
				void* _t43;
				void* _t48;
				signed int* _t50;
				signed char* _t51;

				_v8 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t51 = (_v8 << 5) + _t9;
					_t38 = _t51[0x18];
					if(_t38 == 0) {
						goto L9;
					}
					_t48 = 0x1a;
					if(_t38 == _t48) {
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						if(_t38 <= 0 || _t38 > 0x19) {
							_t51[0x18] = _t48;
						} else {
							_t38 = E739112AD(_t38 - 1);
							L10:
						}
						goto L11;
					} else {
						_t38 = E7391123B();
						L11:
						_t43 = _t38;
						_t13 =  &(_t51[8]); // 0x820
						_t50 = _t13;
						if(_t51[4] >= 0) {
						}
						_t39 =  *_t51 & 0x000000ff;
						_t51[0x1c] = _t51[0x1c] & 0x00000000;
						_v4 = _t39;
						if(_t39 > 7) {
							L27:
							_t40 = GlobalFree(_t43);
							if(_v8 == 0) {
								return _t40;
							}
							if(_v8 !=  *((intOrPtr*)(_a4 + 0x814))) {
								_v8 = _v8 + 1;
							} else {
								_v8 = _v8 & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t39 * 4 +  &M7391247E))) {
								case 0:
									 *_t50 =  *_t50 & 0x00000000;
									goto L27;
								case 1:
									__eax = E739112FE(__ebx);
									goto L20;
								case 2:
									 *__ebp = E739112FE(__ebx);
									_a4 = __edx;
									goto L27;
								case 3:
									__eax = E73911224(__ebx);
									 *(__esi + 0x1c) = __eax;
									L20:
									 *__ebp = __eax;
									goto L27;
								case 4:
									 *0x7391405c =  *0x7391405c +  *0x7391405c;
									__edi = GlobalAlloc(0x40,  *0x7391405c +  *0x7391405c);
									 *0x7391405c = MultiByteToWideChar(0, 0, __ebx,  *0x7391405c, __edi,  *0x7391405c);
									if(_v4 != 5) {
										 *(__esi + 0x1c) = __edi;
										 *__ebp = __edi;
									} else {
										__eax = GlobalAlloc(0x40, 0x10);
										_push(__eax);
										 *(__esi + 0x1c) = __eax;
										_push(__edi);
										 *__ebp = __eax;
										__imp__CLSIDFromString();
										__eax = GlobalFree(__edi);
									}
									goto L27;
								case 5:
									if( *__ebx != 0) {
										__eax = E739112FE(__ebx);
										 *__edi = __eax;
									}
									goto L27;
								case 6:
									__esi =  *(__esi + 0x18);
									__esi = __esi - 1;
									__esi = __esi *  *0x7391405c;
									__esi = __esi +  *0x73914064;
									__eax = __esi + 0xc;
									 *__edi = __esi + 0xc;
									asm("cdq");
									__eax = E73911429(__edx, __esi + 0xc, __edx, __esi);
									goto L27;
							}
						}
					}
					L9:
					_t38 = E73911224(0x73914034);
					goto L10;
				}
			}












                                                                                                                              0x73912306
                                                                                                                              0x7391230a
                                                                                                                              0x73912315
                                                                                                                              0x73912315
                                                                                                                              0x7391231c
                                                                                                                              0x73912321
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73912325
                                                                                                                              0x73912328
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x7391232d
                                                                                                                              0x73912338
                                                                                                                              0x73912348
                                                                                                                              0x7391233f
                                                                                                                              0x73912341
                                                                                                                              0x73912357
                                                                                                                              0x73912357
                                                                                                                              0x00000000
                                                                                                                              0x7391232f
                                                                                                                              0x7391232f
                                                                                                                              0x73912358
                                                                                                                              0x7391235c
                                                                                                                              0x7391235e
                                                                                                                              0x7391235e
                                                                                                                              0x73912361
                                                                                                                              0x73912361
                                                                                                                              0x73912369
                                                                                                                              0x7391236c
                                                                                                                              0x73912373
                                                                                                                              0x73912377
                                                                                                                              0x73912446
                                                                                                                              0x73912447
                                                                                                                              0x73912452
                                                                                                                              0x7391247d
                                                                                                                              0x7391247d
                                                                                                                              0x73912462
                                                                                                                              0x7391246e
                                                                                                                              0x73912464
                                                                                                                              0x73912464
                                                                                                                              0x73912464
                                                                                                                              0x00000000
                                                                                                                              0x7391237d
                                                                                                                              0x7391237d
                                                                                                                              0x00000000
                                                                                                                              0x73912384
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x7391238d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x7391239b
                                                                                                                              0x7391239e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x739123a7
                                                                                                                              0x739123ac
                                                                                                                              0x739123af
                                                                                                                              0x739123b0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x739123bd
                                                                                                                              0x739123c8
                                                                                                                              0x739123d7
                                                                                                                              0x739123e2
                                                                                                                              0x73912405
                                                                                                                              0x73912408
                                                                                                                              0x739123e4
                                                                                                                              0x739123e8
                                                                                                                              0x739123ee
                                                                                                                              0x739123ef
                                                                                                                              0x739123f2
                                                                                                                              0x739123f3
                                                                                                                              0x739123f6
                                                                                                                              0x739123fd
                                                                                                                              0x739123fd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73912410
                                                                                                                              0x73912413
                                                                                                                              0x7391241f
                                                                                                                              0x73912421
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73912424
                                                                                                                              0x73912427
                                                                                                                              0x73912428
                                                                                                                              0x7391242f
                                                                                                                              0x73912436
                                                                                                                              0x73912439
                                                                                                                              0x7391243b
                                                                                                                              0x7391243e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x7391237d
                                                                                                                              0x73912377
                                                                                                                              0x7391234d
                                                                                                                              0x73912352
                                                                                                                              0x00000000
                                                                                                                              0x73912352

                                                                                                                              APIs
                                                                                                                              • GlobalFree.KERNEL32 ref: 73912447
                                                                                                                                • Part of subcall function 73911224: lstrcpynA.KERNEL32(00000000,?,739112CF,-7391404B,739111AB,-000000A0), ref: 73911234
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 739123C2
                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 739123D7
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000010), ref: 739123E8
                                                                                                                              • CLSIDFromString.OLE32(00000000,00000000), ref: 739123F6
                                                                                                                              • GlobalFree.KERNEL32 ref: 739123FD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.523462386.0000000073911000.00000020.00000001.01000000.00000005.sdmp, Offset: 73910000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.523447585.0000000073910000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.523475506.0000000073913000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.523488453.0000000073915000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_73910000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                                                                              • String ID: @uxv
                                                                                                                              • API String ID: 3730416702-3068791405
                                                                                                                              • Opcode ID: eda5f9e383eafd3ee94bfeac2a5c70fb93b18f0bb093ec1e9cae08eb0ff9c23d
                                                                                                                              • Instruction ID: b6812539181d0e2d0b34021b0b99ae5a3cff37ea50942908874637cfa9196951
                                                                                                                              • Opcode Fuzzy Hash: eda5f9e383eafd3ee94bfeac2a5c70fb93b18f0bb093ec1e9cae08eb0ff9c23d
                                                                                                                              • Instruction Fuzzy Hash: C741A07150834EEFE312AF619884BAAB7F8FB44711F10492AE4CAFB180D7309565CB63
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040627A Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040627A(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405A15(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004059D3("*?|<>/\":", _t5))) == 0) {
							E00405B64(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                              0x0040627c
                                                                                                                              0x00406284
                                                                                                                              0x00406298
                                                                                                                              0x00406298
                                                                                                                              0x0040629e
                                                                                                                              0x004062ab
                                                                                                                              0x004062ab
                                                                                                                              0x004062ac
                                                                                                                              0x004062ae
                                                                                                                              0x004062b2
                                                                                                                              0x004062b4
                                                                                                                              0x004062bd
                                                                                                                              0x004062bf
                                                                                                                              0x004062d9
                                                                                                                              0x004062e1
                                                                                                                              0x004062e1
                                                                                                                              0x004062e6
                                                                                                                              0x004062e8
                                                                                                                              0x004062ea
                                                                                                                              0x004062ee
                                                                                                                              0x004062ef
                                                                                                                              0x004062f2
                                                                                                                              0x004062fa
                                                                                                                              0x004062fc
                                                                                                                              0x00406300
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406306
                                                                                                                              0x0040630b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040630b
                                                                                                                              0x00406310

                                                                                                                              APIs
                                                                                                                              • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SetupWIService.exe",74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062D2
                                                                                                                              • CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004062DF
                                                                                                                              • CharNextA.USER32(?,"C:\Users\user\Desktop\SetupWIService.exe",74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062E4
                                                                                                                              • CharPrevA.USER32(?,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062F4
                                                                                                                              Strings
                                                                                                                              • *?|<>/":, xrefs: 004062C2
                                                                                                                              • "C:\Users\user\Desktop\SetupWIService.exe", xrefs: 004062B6
                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 0040627B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                              • String ID: "C:\Users\user\Desktop\SetupWIService.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 589700163-3882524949
                                                                                                                              • Opcode ID: a4ab23b94a56fbb4e4ab915d6a0181bd243ee2e30b5e95404a857257d08c8b81
                                                                                                                              • Instruction ID: 6247d5b4c7038ff51e561e9c2f84ae45375c8bcee8d01d3c6d5c321a6abb2e6d
                                                                                                                              • Opcode Fuzzy Hash: a4ab23b94a56fbb4e4ab915d6a0181bd243ee2e30b5e95404a857257d08c8b81
                                                                                                                              • Instruction Fuzzy Hash: 2211E95180479029EB3226246C40BBB7F884F97751F1A00BFE8C2722C1C67C5C52867D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402CDD Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00402CDD(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x41d420; // 0x42bfbf
					_t11 =  *0x42942c; // 0x42e178
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                                              0x00402cea
                                                                                                                              0x00402cf8
                                                                                                                              0x00402cfe
                                                                                                                              0x00402cfe
                                                                                                                              0x00402d0c
                                                                                                                              0x00402d0e
                                                                                                                              0x00402d14
                                                                                                                              0x00402d1b
                                                                                                                              0x00402d1d
                                                                                                                              0x00402d1d
                                                                                                                              0x00402d33
                                                                                                                              0x00402d43
                                                                                                                              0x00402d55
                                                                                                                              0x00402d55
                                                                                                                              0x00402d5d

                                                                                                                              APIs
                                                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402CF8
                                                                                                                              • MulDiv.KERNEL32(0042BFBF,00000064,0042E178), ref: 00402D23
                                                                                                                              • wsprintfA.USER32 ref: 00402D33
                                                                                                                              • SetWindowTextA.USER32(?,?), ref: 00402D43
                                                                                                                              • SetDlgItemTextA.USER32 ref: 00402D55
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                              • String ID: verifying installer: %d%%$xB
                                                                                                                              • API String ID: 1451636040-1929740994
                                                                                                                              • Opcode ID: f8f7fb574b01a37347c2b5a7030e5195f98b1542352a9ab3f35e70a1f9b9ac5a
                                                                                                                              • Instruction ID: 025fba79a5afffe449226ec8edfc98a8674e121caf39d96b1da50a976b993c92
                                                                                                                              • Opcode Fuzzy Hash: f8f7fb574b01a37347c2b5a7030e5195f98b1542352a9ab3f35e70a1f9b9ac5a
                                                                                                                              • Instruction Fuzzy Hash: AA01FF71640209FBEF249F60DE49FAE37A9FB04345F008039FA06B61D0DBB599568F59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404105 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00404105(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                                                              0x00404117
                                                                                                                              0x004041cd
                                                                                                                              0x00000000
                                                                                                                              0x004041cd
                                                                                                                              0x00404128
                                                                                                                              0x0040412c
                                                                                                                              0x00000000
                                                                                                                              0x00404146
                                                                                                                              0x00404146
                                                                                                                              0x0040414f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404151
                                                                                                                              0x0040415d
                                                                                                                              0x00404160
                                                                                                                              0x00404160
                                                                                                                              0x00404166
                                                                                                                              0x0040416c
                                                                                                                              0x0040416c
                                                                                                                              0x00404178
                                                                                                                              0x0040417e
                                                                                                                              0x00404185
                                                                                                                              0x00404188
                                                                                                                              0x0040418b
                                                                                                                              0x0040418d
                                                                                                                              0x0040418d
                                                                                                                              0x00404195
                                                                                                                              0x0040419b
                                                                                                                              0x0040419b
                                                                                                                              0x004041a5
                                                                                                                              0x004041aa
                                                                                                                              0x004041ad
                                                                                                                              0x004041b2
                                                                                                                              0x004041b5
                                                                                                                              0x004041b5
                                                                                                                              0x004041c5
                                                                                                                              0x004041c5
                                                                                                                              0x00000000
                                                                                                                              0x004041c8

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2320649405-0
                                                                                                                              • Opcode ID: 2fd397ab70c88e7053abfa2b1889d7e6adf273714bf8f91ffd366fbe1d5efa4b
                                                                                                                              • Instruction ID: 549509973aaa983cd2a57f184cdff44cbcc336d3318ba047a0b32752f088f93e
                                                                                                                              • Opcode Fuzzy Hash: 2fd397ab70c88e7053abfa2b1889d7e6adf273714bf8f91ffd366fbe1d5efa4b
                                                                                                                              • Instruction Fuzzy Hash: 7D2162715007049BCB219F68DD4CB5BBBF8AF91714B048A3EEA96A66E0C734E984CB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004049F1 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004049F1(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                              0x004049ff
                                                                                                                              0x00404a0c
                                                                                                                              0x00404a12
                                                                                                                              0x00404a50
                                                                                                                              0x00404a50
                                                                                                                              0x00404a5f
                                                                                                                              0x00404a66
                                                                                                                              0x00000000
                                                                                                                              0x00404a68
                                                                                                                              0x00404a14
                                                                                                                              0x00404a23
                                                                                                                              0x00404a2b
                                                                                                                              0x00404a2e
                                                                                                                              0x00404a40
                                                                                                                              0x00404a46
                                                                                                                              0x00404a4d
                                                                                                                              0x00000000
                                                                                                                              0x00404a4d
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                              • String ID: f
                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                              • Opcode ID: b233b2991907e98a40282691d164461162982266b543cde43f51771bab81e11a
                                                                                                                              • Instruction ID: dd2724b276b0829887a11dc4f26b79c7971af77995a7330ace4ae867cc8e4813
                                                                                                                              • Opcode Fuzzy Hash: b233b2991907e98a40282691d164461162982266b543cde43f51771bab81e11a
                                                                                                                              • Instruction Fuzzy Hash: 4B018071940218BADB00DB94DD81BFEBBB8AF95711F10412BBA11B61C0C7B455018FA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401DFF Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 73%
                                                                                                                              			E00401DFF(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402B0A(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40b818->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b828 = E00402B0A(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x24));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40b82f = 1;
				 *0x40b82c = _t15 & 0x00000001;
				 *0x40b82d = _t15 & 0x00000002;
				 *0x40b82e = _t15 & 0x00000004;
				E00406032(_t9, _t31, _t33, "MS Shell Dlg",  *((intOrPtr*)(_t35 - 0x30)));
				_t18 = CreateFontIndirectA(0x40b818);
				_push(_t18);
				_push(_t33);
				E00405F6E();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                                                              0x00401dff
                                                                                                                              0x00401e0a
                                                                                                                              0x00401e0c
                                                                                                                              0x00401e19
                                                                                                                              0x00401e30
                                                                                                                              0x00401e35
                                                                                                                              0x00401e42
                                                                                                                              0x00401e47
                                                                                                                              0x00401e4b
                                                                                                                              0x00401e56
                                                                                                                              0x00401e5d
                                                                                                                              0x00401e6f
                                                                                                                              0x00401e75
                                                                                                                              0x00401e7a
                                                                                                                              0x00401e84
                                                                                                                              0x004025e4
                                                                                                                              0x00401569
                                                                                                                              0x00402960
                                                                                                                              0x004029bb
                                                                                                                              0x004029c7

                                                                                                                              APIs
                                                                                                                              • GetDC.USER32(?), ref: 00401E02
                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E1C
                                                                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00401E24
                                                                                                                              • ReleaseDC.USER32 ref: 00401E35
                                                                                                                              • CreateFontIndirectA.GDI32(0040B818), ref: 00401E84
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                              • String ID: MS Shell Dlg
                                                                                                                              • API String ID: 3808545654-76309092
                                                                                                                              • Opcode ID: 4e2ac4968fbcfc45df335883300c5f964cad547b4711af948e6fa709055a9030
                                                                                                                              • Instruction ID: a7e809a5f5c9b27870585acda152ffb90eb46fec6a88876af75f69e410eeec04
                                                                                                                              • Opcode Fuzzy Hash: 4e2ac4968fbcfc45df335883300c5f964cad547b4711af948e6fa709055a9030
                                                                                                                              • Instruction Fuzzy Hash: A6015672544240AFD7016B74AE4ABA93FB8EB59305F108839F141B61F2C7750505CB9C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004048E7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 77%
                                                                                                                              			E004048E7(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00406032(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00406032(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00406032(_t41, _t47, 0x42a870, 0x42a870, _a8);
				wsprintfA(_t32 + lstrlenA(0x42a870), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x42ebd8, _a4, 0x42a870);
			}



















                                                                                                                              0x004048ed
                                                                                                                              0x004048f2
                                                                                                                              0x004048fa
                                                                                                                              0x004048fb
                                                                                                                              0x00404908
                                                                                                                              0x00404910
                                                                                                                              0x00404911
                                                                                                                              0x00404913
                                                                                                                              0x00404915
                                                                                                                              0x00404917
                                                                                                                              0x0040491a
                                                                                                                              0x0040491a
                                                                                                                              0x00404921
                                                                                                                              0x00404927
                                                                                                                              0x00404927
                                                                                                                              0x0040492e
                                                                                                                              0x00404935
                                                                                                                              0x00404938
                                                                                                                              0x0040493b
                                                                                                                              0x0040493b
                                                                                                                              0x0040493f
                                                                                                                              0x0040494f
                                                                                                                              0x00404951
                                                                                                                              0x00404954
                                                                                                                              0x004048fd
                                                                                                                              0x004048fd
                                                                                                                              0x00404904
                                                                                                                              0x00404904
                                                                                                                              0x0040495c
                                                                                                                              0x00404967
                                                                                                                              0x0040497d
                                                                                                                              0x0040498d
                                                                                                                              0x004049a9

                                                                                                                              APIs
                                                                                                                              • lstrlenA.KERNEL32(Wildix WIService v2.15.2 Setup: Completed,Wildix WIService v2.15.2 Setup: Completed,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404802,000000DF,00000000,00000400,?), ref: 00404985
                                                                                                                              • wsprintfA.USER32 ref: 0040498D
                                                                                                                              • SetDlgItemTextA.USER32 ref: 004049A0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                              • String ID: %u.%u%s%s$Wildix WIService v2.15.2 Setup: Completed
                                                                                                                              • API String ID: 3540041739-2546757289
                                                                                                                              • Opcode ID: 8f52a3d2b7158611b8ddfee5cd82df9920a420a3de20037d500134a76e905cd2
                                                                                                                              • Instruction ID: e3696489e73bdb8ba2be03c53b0d6a47c9a41464d55e6eab91935fd2637341d8
                                                                                                                              • Opcode Fuzzy Hash: 8f52a3d2b7158611b8ddfee5cd82df9920a420a3de20037d500134a76e905cd2
                                                                                                                              • Instruction Fuzzy Hash: 0E11E473A441286BDB10A57D9C41EAF329CDB85374F254237FA26F31D1E978CC2282A9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 73911837 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 97%
                                                                                                                              			E73911837(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v52;
				void _t45;
				void _t46;
				signed int _t47;
				signed int _t48;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				signed int _t77;
				void* _t81;
				signed int _t83;
				signed int _t85;
				signed int _t87;
				signed int _t90;
				void* _t101;

				_t85 = __edx;
				 *0x7391405c = _a8;
				_t77 = 0;
				 *0x73914060 = _a16;
				_v12 = 0;
				_v8 = E7391123B();
				_t90 = E739112FE(_t42);
				_t87 = _t85;
				_t81 = E7391123B();
				_a8 = _t81;
				_t45 =  *_t81;
				if(_t45 != 0x7e && _t45 != 0x21) {
					_a16 = E7391123B();
					_t77 = E739112FE(_t74);
					_v12 = _t85;
					GlobalFree(_a16);
					_t81 = _a8;
				}
				_t46 =  *_t81;
				_t101 = _t46 - 0x2f;
				if(_t101 > 0) {
					_t47 = _t46 - 0x3c;
					__eflags = _t47;
					if(_t47 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3c;
						if( *((char*)(_t81 + 1)) != 0x3c) {
							__eflags = _t87 - _v12;
							if(__eflags > 0) {
								L56:
								_t48 = 0;
								__eflags = 0;
								L57:
								asm("cdq");
								L58:
								_t90 = _t48;
								_t87 = _t85;
								L59:
								E73911429(_t85, _t90, _t87,  &_v52);
								E73911266( &_v52);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L49:
								__eflags = 0;
								L50:
								_t48 = 1;
								goto L57;
							}
							__eflags = _t90 - _t77;
							if(_t90 < _t77) {
								goto L49;
							}
							goto L56;
						}
						_t85 = _t87;
						_t48 = E73912EF0(_t90, _t77, _t85);
						goto L58;
					}
					_t57 = _t47 - 1;
					__eflags = _t57;
					if(_t57 == 0) {
						__eflags = _t90 - _t77;
						if(_t90 != _t77) {
							goto L56;
						}
						__eflags = _t87 - _v12;
						if(_t87 != _v12) {
							goto L56;
						}
						goto L49;
					}
					_t58 = _t57 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3e;
						if( *((char*)(_t81 + 1)) != 0x3e) {
							__eflags = _t87 - _v12;
							if(__eflags < 0) {
								goto L56;
							}
							if(__eflags > 0) {
								goto L49;
							}
							__eflags = _t90 - _t77;
							if(_t90 <= _t77) {
								goto L56;
							}
							goto L49;
						}
						__eflags =  *((char*)(_t81 + 2)) - 0x3e;
						_t85 = _t87;
						_t59 = _t90;
						_t83 = _t77;
						if( *((char*)(_t81 + 2)) != 0x3e) {
							_t48 = E73912F10(_t59, _t83, _t85);
						} else {
							_t48 = E73912F40(_t59, _t83, _t85);
						}
						goto L58;
					}
					_t60 = _t58 - 0x20;
					__eflags = _t60;
					if(_t60 == 0) {
						_t90 = _t90 ^ _t77;
						_t87 = _t87 ^ _v12;
						goto L59;
					}
					_t61 = _t60 - 0x1e;
					__eflags = _t61;
					if(_t61 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x7c;
						if( *((char*)(_t81 + 1)) != 0x7c) {
							_t90 = _t90 | _t77;
							_t87 = _t87 | _v12;
							goto L59;
						}
						__eflags = _t90 | _t87;
						if((_t90 | _t87) != 0) {
							goto L49;
						}
						__eflags = _t77 | _v12;
						if((_t77 | _v12) != 0) {
							goto L49;
						}
						goto L56;
					}
					__eflags = _t61 == 0;
					if(_t61 == 0) {
						_t90 =  !_t90;
						_t87 =  !_t87;
					}
					goto L59;
				}
				if(_t101 == 0) {
					L21:
					__eflags = _t77 | _v12;
					if((_t77 | _v12) != 0) {
						_v24 = E73912D80(_t90, _t87, _t77, _v12);
						_v20 = _t85;
						_t48 = E73912E30(_t90, _t87, _t77, _v12);
						_t81 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t48 = _t90;
						_t85 = _t87;
					}
					__eflags =  *_t81 - 0x2f;
					if( *_t81 != 0x2f) {
						goto L58;
					} else {
						_t90 = _v24;
						_t87 = _v20;
						goto L59;
					}
				}
				_t67 = _t46 - 0x21;
				if(_t67 == 0) {
					_t48 = 0;
					__eflags = _t90 | _t87;
					if((_t90 | _t87) != 0) {
						goto L57;
					}
					goto L50;
				}
				_t68 = _t67 - 4;
				if(_t68 == 0) {
					goto L21;
				}
				_t69 = _t68 - 1;
				if(_t69 == 0) {
					__eflags =  *((char*)(_t81 + 1)) - 0x26;
					if( *((char*)(_t81 + 1)) != 0x26) {
						_t90 = _t90 & _t77;
						_t87 = _t87 & _v12;
						goto L59;
					}
					__eflags = _t90 | _t87;
					if((_t90 | _t87) == 0) {
						goto L56;
					}
					__eflags = _t77 | _v12;
					if((_t77 | _v12) == 0) {
						goto L56;
					}
					goto L49;
				}
				_t70 = _t69 - 4;
				if(_t70 == 0) {
					_t48 = E73912D40(_t90, _t87, _t77, _v12);
					goto L58;
				} else {
					_t71 = _t70 - 1;
					if(_t71 == 0) {
						_t90 = _t90 + _t77;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t71 == 0) {
							_t90 = _t90 - _t77;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L59;
				}
			}





























                                                                                                                              0x73911837
                                                                                                                              0x73911841
                                                                                                                              0x7391184a
                                                                                                                              0x7391184d
                                                                                                                              0x73911852
                                                                                                                              0x7391185b
                                                                                                                              0x73911864
                                                                                                                              0x73911866
                                                                                                                              0x7391186d
                                                                                                                              0x7391186f
                                                                                                                              0x73911872
                                                                                                                              0x73911876
                                                                                                                              0x73911882
                                                                                                                              0x7391188b
                                                                                                                              0x73911890
                                                                                                                              0x73911893
                                                                                                                              0x73911899
                                                                                                                              0x73911899
                                                                                                                              0x7391189c
                                                                                                                              0x7391189f
                                                                                                                              0x739118a2
                                                                                                                              0x73911968
                                                                                                                              0x73911968
                                                                                                                              0x7391196b
                                                                                                                              0x739119e5
                                                                                                                              0x739119e9
                                                                                                                              0x739119f8
                                                                                                                              0x739119fb
                                                                                                                              0x73911a03
                                                                                                                              0x73911a03
                                                                                                                              0x73911a03
                                                                                                                              0x73911a05
                                                                                                                              0x73911a05
                                                                                                                              0x73911a06
                                                                                                                              0x73911a06
                                                                                                                              0x73911a08
                                                                                                                              0x73911a0a
                                                                                                                              0x73911a10
                                                                                                                              0x73911a19
                                                                                                                              0x73911a2a
                                                                                                                              0x73911a35
                                                                                                                              0x73911a35
                                                                                                                              0x739119fd
                                                                                                                              0x739119e0
                                                                                                                              0x739119e0
                                                                                                                              0x739119e2
                                                                                                                              0x739119e2
                                                                                                                              0x00000000
                                                                                                                              0x739119e2
                                                                                                                              0x739119ff
                                                                                                                              0x73911a01
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911a01
                                                                                                                              0x739119ed
                                                                                                                              0x739119f1
                                                                                                                              0x00000000
                                                                                                                              0x739119f1
                                                                                                                              0x7391196d
                                                                                                                              0x7391196d
                                                                                                                              0x7391196e
                                                                                                                              0x739119d7
                                                                                                                              0x739119d9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x739119db
                                                                                                                              0x739119de
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x739119de
                                                                                                                              0x73911970
                                                                                                                              0x73911970
                                                                                                                              0x73911971
                                                                                                                              0x739119aa
                                                                                                                              0x739119ae
                                                                                                                              0x739119ca
                                                                                                                              0x739119cd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x739119cf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x739119d1
                                                                                                                              0x739119d3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x739119d5
                                                                                                                              0x739119b0
                                                                                                                              0x739119b4
                                                                                                                              0x739119b6
                                                                                                                              0x739119b8
                                                                                                                              0x739119ba
                                                                                                                              0x739119c3
                                                                                                                              0x739119bc
                                                                                                                              0x739119bc
                                                                                                                              0x739119bc
                                                                                                                              0x00000000
                                                                                                                              0x739119ba
                                                                                                                              0x73911973
                                                                                                                              0x73911973
                                                                                                                              0x73911976
                                                                                                                              0x739119a3
                                                                                                                              0x739119a5
                                                                                                                              0x00000000
                                                                                                                              0x739119a5
                                                                                                                              0x73911978
                                                                                                                              0x73911978
                                                                                                                              0x7391197b
                                                                                                                              0x7391198b
                                                                                                                              0x7391198f
                                                                                                                              0x7391199c
                                                                                                                              0x7391199e
                                                                                                                              0x00000000
                                                                                                                              0x7391199e
                                                                                                                              0x73911991
                                                                                                                              0x73911993
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911995
                                                                                                                              0x73911998
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x7391199a
                                                                                                                              0x7391197e
                                                                                                                              0x7391197f
                                                                                                                              0x73911985
                                                                                                                              0x73911987
                                                                                                                              0x73911987
                                                                                                                              0x00000000
                                                                                                                              0x7391197f
                                                                                                                              0x739118a8
                                                                                                                              0x73911920
                                                                                                                              0x73911922
                                                                                                                              0x73911925
                                                                                                                              0x73911943
                                                                                                                              0x73911946
                                                                                                                              0x7391194c
                                                                                                                              0x73911951
                                                                                                                              0x73911927
                                                                                                                              0x73911927
                                                                                                                              0x7391192b
                                                                                                                              0x7391192f
                                                                                                                              0x73911931
                                                                                                                              0x73911931
                                                                                                                              0x73911954
                                                                                                                              0x73911957
                                                                                                                              0x00000000
                                                                                                                              0x7391195d
                                                                                                                              0x7391195d
                                                                                                                              0x73911960
                                                                                                                              0x00000000
                                                                                                                              0x73911960
                                                                                                                              0x73911957
                                                                                                                              0x739118aa
                                                                                                                              0x739118ad
                                                                                                                              0x73911911
                                                                                                                              0x73911913
                                                                                                                              0x73911915
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x7391191b
                                                                                                                              0x739118af
                                                                                                                              0x739118b2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x739118b4
                                                                                                                              0x739118b5
                                                                                                                              0x739118eb
                                                                                                                              0x739118ef
                                                                                                                              0x73911907
                                                                                                                              0x73911909
                                                                                                                              0x00000000
                                                                                                                              0x73911909
                                                                                                                              0x739118f1
                                                                                                                              0x739118f3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x739118f9
                                                                                                                              0x739118fc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911902
                                                                                                                              0x739118b7
                                                                                                                              0x739118ba
                                                                                                                              0x739118e1
                                                                                                                              0x00000000
                                                                                                                              0x739118bc
                                                                                                                              0x739118bc
                                                                                                                              0x739118bd
                                                                                                                              0x739118d1
                                                                                                                              0x739118d3
                                                                                                                              0x739118bf
                                                                                                                              0x739118c1
                                                                                                                              0x739118c7
                                                                                                                              0x739118c9
                                                                                                                              0x739118c9
                                                                                                                              0x739118c1
                                                                                                                              0x00000000
                                                                                                                              0x739118bd

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.523462386.0000000073911000.00000020.00000001.01000000.00000005.sdmp, Offset: 73910000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.523447585.0000000073910000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.523475506.0000000073913000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.523488453.0000000073915000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_73910000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FreeGlobal
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2979337801-0
                                                                                                                              • Opcode ID: dd8eba23ca89a9913d1127c8ca498859b07d98f513874f2189e07f7eb59260ca
                                                                                                                              • Instruction ID: 2d723b720efa7f80ed6c2eb4fd40b30764e99262e84eb0262d002d666f85e061
                                                                                                                              • Opcode Fuzzy Hash: dd8eba23ca89a9913d1127c8ca498859b07d98f513874f2189e07f7eb59260ca
                                                                                                                              • Instruction Fuzzy Hash: 11510432D0419FFFEB029FA4D9407AEBFBEAB44285F18015AD41BB31A4C2319D618753
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 739116DB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 94%
                                                                                                                              			E739116DB(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v88;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x7391405c = _a8;
				 *0x73914060 = _a16;
				 *0x73914064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x73914038, E73911556);
				_push(1);
				_t37 = E73911A98();
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E739122AF(_t54);
					}
					E739122F1(_t67, _t54);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_t37 = E739124D8(_t54);
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x818; // 0x818
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E7391156B(_t54,  &_v88);
								 *(_t54 + 0x834) =  *(_t54 + 0x834) & 0x00000000;
								_t18 = _t54 + 0x818; // 0x818
								_t72 = _t18;
								 *((intOrPtr*)(_t54 + 0x820)) = _t42;
								 *_t72 = 3;
								E739124D8(_t54);
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							E739124D8(_t54);
							_t37 = GlobalFree(E73911266(E73911559(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E7391249E(_t54);
							if(( *(_t54 + 0x810) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x808);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x810) & 0x00000020) != 0) {
								_t37 = E739114E2( *0x73914058);
							}
						}
						if(( *(_t54 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E73912CC3(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E73912A38(_t57, _t54);
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E739126B2(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                                                                                              0x739116db
                                                                                                                              0x739116db
                                                                                                                              0x739116db
                                                                                                                              0x739116e5
                                                                                                                              0x739116ed
                                                                                                                              0x739116fa
                                                                                                                              0x73911708
                                                                                                                              0x7391170b
                                                                                                                              0x7391170d
                                                                                                                              0x73911712
                                                                                                                              0x73911717
                                                                                                                              0x73911836
                                                                                                                              0x73911836
                                                                                                                              0x7391171d
                                                                                                                              0x73911721
                                                                                                                              0x73911724
                                                                                                                              0x73911729
                                                                                                                              0x7391172b
                                                                                                                              0x73911731
                                                                                                                              0x73911737
                                                                                                                              0x73911767
                                                                                                                              0x7391176e
                                                                                                                              0x73911792
                                                                                                                              0x739117dd
                                                                                                                              0x73911794
                                                                                                                              0x73911794
                                                                                                                              0x73911795
                                                                                                                              0x7391179b
                                                                                                                              0x7391179c
                                                                                                                              0x739117a6
                                                                                                                              0x739117a9
                                                                                                                              0x739117ae
                                                                                                                              0x739117b5
                                                                                                                              0x739117b5
                                                                                                                              0x739117bc
                                                                                                                              0x739117c2
                                                                                                                              0x739117c8
                                                                                                                              0x739117d5
                                                                                                                              0x739117d6
                                                                                                                              0x739117d9
                                                                                                                              0x73911770
                                                                                                                              0x73911771
                                                                                                                              0x73911786
                                                                                                                              0x73911786
                                                                                                                              0x739117e7
                                                                                                                              0x739117ea
                                                                                                                              0x739117f7
                                                                                                                              0x739117fe
                                                                                                                              0x73911806
                                                                                                                              0x73911809
                                                                                                                              0x73911809
                                                                                                                              0x73911806
                                                                                                                              0x73911816
                                                                                                                              0x7391181e
                                                                                                                              0x73911823
                                                                                                                              0x73911816
                                                                                                                              0x7391182b
                                                                                                                              0x00000000
                                                                                                                              0x7391182d
                                                                                                                              0x00000000
                                                                                                                              0x7391182e
                                                                                                                              0x7391182b
                                                                                                                              0x7391173b
                                                                                                                              0x7391173e
                                                                                                                              0x7391175c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x7391175f
                                                                                                                              0x73911764
                                                                                                                              0x73911764
                                                                                                                              0x73911766
                                                                                                                              0x00000000
                                                                                                                              0x73911766
                                                                                                                              0x73911740
                                                                                                                              0x73911741
                                                                                                                              0x73911749
                                                                                                                              0x7391174a
                                                                                                                              0x00000000
                                                                                                                              0x7391174a
                                                                                                                              0x73911743
                                                                                                                              0x73911744
                                                                                                                              0x73911752
                                                                                                                              0x00000000
                                                                                                                              0x73911752
                                                                                                                              0x73911747
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911747

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 73911A98: GlobalFree.KERNEL32 ref: 73911D09
                                                                                                                                • Part of subcall function 73911A98: GlobalFree.KERNEL32 ref: 73911D0E
                                                                                                                                • Part of subcall function 73911A98: GlobalFree.KERNEL32 ref: 73911D13
                                                                                                                              • GlobalFree.KERNEL32 ref: 73911786
                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 73911809
                                                                                                                              • GlobalFree.KERNEL32 ref: 7391182E
                                                                                                                                • Part of subcall function 739122AF: GlobalAlloc.KERNEL32(00000040,?), ref: 739122E0
                                                                                                                                • Part of subcall function 739126B2: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,73911757,00000000), ref: 73912782
                                                                                                                                • Part of subcall function 7391156B: wsprintfA.USER32 ref: 73911599
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.523462386.0000000073911000.00000020.00000001.01000000.00000005.sdmp, Offset: 73910000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.523447585.0000000073910000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.523475506.0000000073913000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.523488453.0000000073915000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_73910000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3962662361-3916222277
                                                                                                                              • Opcode ID: 4b39fe98952fc1f6cf2bdbf445cb82f38c7cdf2dc14dd28814e8abb8deccc485
                                                                                                                              • Instruction ID: 39146347bed61b9ec081653eaeff32ed4d3caf5e480dfc4b06ea42b469b4f1bb
                                                                                                                              • Opcode Fuzzy Hash: 4b39fe98952fc1f6cf2bdbf445cb82f38c7cdf2dc14dd28814e8abb8deccc485
                                                                                                                              • Instruction Fuzzy Hash: 5641A27210430EEBEB01AF6989C4B9537FCBB05254F188475E94BBE1C6EB748065CBA3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004059A8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004059A8(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




                                                                                                                              0x004059a9
                                                                                                                              0x004059c0
                                                                                                                              0x004059c8
                                                                                                                              0x004059c8
                                                                                                                              0x004059d0

                                                                                                                              APIs
                                                                                                                              • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403258,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004059AE
                                                                                                                              • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403258,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004059B7
                                                                                                                              • lstrcatA.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 004059C8
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 004059A8
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharPrevlstrcatlstrlen
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 2659869361-3916508600
                                                                                                                              • Opcode ID: dfed55a16eab86d89f3af7970decdd3a6c9dbbcd65d2cf450bad9cf681275afb
                                                                                                                              • Instruction ID: 62df29c05e3eff7e61c48a1ee3c1863d20e1198667f6a1bd608fcc747cda2104
                                                                                                                              • Opcode Fuzzy Hash: dfed55a16eab86d89f3af7970decdd3a6c9dbbcd65d2cf450bad9cf681275afb
                                                                                                                              • Instruction Fuzzy Hash: 90D0A9B2211A30BAE20266259E09ECF2E088F06310B060037F200B21A1CA3D0D1287FE
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405A41 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405A41(CHAR* _a4) {
				CHAR* _t5;
				char* _t7;
				CHAR* _t9;
				char _t10;
				CHAR* _t11;
				void* _t13;

				_t11 = _a4;
				_t9 = CharNextA(_t11);
				_t5 = CharNextA(_t9);
				_t10 =  *_t11;
				if(_t10 == 0 ||  *_t9 != 0x3a || _t9[1] != 0x5c) {
					if(_t10 != 0x5c || _t11[1] != _t10) {
						L10:
						return 0;
					} else {
						_t13 = 2;
						while(1) {
							_t13 = _t13 - 1;
							_t7 = E004059D3(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 1;
							if(_t13 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextA(_t5);
				}
			}









                                                                                                                              0x00405a4a
                                                                                                                              0x00405a51
                                                                                                                              0x00405a54
                                                                                                                              0x00405a56
                                                                                                                              0x00405a5a
                                                                                                                              0x00405a6f
                                                                                                                              0x00405a8e
                                                                                                                              0x00000000
                                                                                                                              0x00405a76
                                                                                                                              0x00405a78
                                                                                                                              0x00405a79
                                                                                                                              0x00405a7c
                                                                                                                              0x00405a7d
                                                                                                                              0x00405a85
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405a87
                                                                                                                              0x00405a8a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405a8a
                                                                                                                              0x00000000
                                                                                                                              0x00405a79
                                                                                                                              0x00405a67
                                                                                                                              0x00000000
                                                                                                                              0x00405a68

                                                                                                                              APIs
                                                                                                                              • CharNextA.USER32(?,?,C:\,?,00405AAD,C:\,C:\,74D0FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A4F
                                                                                                                              • CharNextA.USER32(00000000), ref: 00405A54
                                                                                                                              • CharNextA.USER32(00000000), ref: 00405A68
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharNext
                                                                                                                              • String ID: C:\
                                                                                                                              • API String ID: 3213498283-3404278061
                                                                                                                              • Opcode ID: b0e8f5e89ebadb76a027bec09a8a2b8523dc58ec169e45d2c78276560c1d622b
                                                                                                                              • Instruction ID: 984e8433726efb403dd44e64a223cc5f2fc3fa985c42d0e1b55ccc4b068145f6
                                                                                                                              • Opcode Fuzzy Hash: b0e8f5e89ebadb76a027bec09a8a2b8523dc58ec169e45d2c78276560c1d622b
                                                                                                                              • Instruction Fuzzy Hash: F9F06251B04F656AFB2292744C94B7B5B8CCB55361F184667D980662C282784C418FAA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402D60 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00402D60(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x429428; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x42f410;
						if(_t2 >  *0x42f410) {
							_t3 = CreateDialogParamA( *0x42f400, 0x6f, 0, E00402CDD, 0);
							 *0x429428 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E004063E4(0);
					}
				} else {
					_t6 =  *0x429428; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x429428 = 0;
					return _t6;
				}
			}






                                                                                                                              0x00402d67
                                                                                                                              0x00402d81
                                                                                                                              0x00402d87
                                                                                                                              0x00402d91
                                                                                                                              0x00402d97
                                                                                                                              0x00402d9d
                                                                                                                              0x00402dae
                                                                                                                              0x00402db7
                                                                                                                              0x00000000
                                                                                                                              0x00402dbc
                                                                                                                              0x00402dc3
                                                                                                                              0x00402d89
                                                                                                                              0x00402d90
                                                                                                                              0x00402d90
                                                                                                                              0x00402d69
                                                                                                                              0x00402d69
                                                                                                                              0x00402d70
                                                                                                                              0x00402d73
                                                                                                                              0x00402d73
                                                                                                                              0x00402d79
                                                                                                                              0x00402d80
                                                                                                                              0x00402d80

                                                                                                                              APIs
                                                                                                                              • DestroyWindow.USER32(00000000,00000000,00402F3E,00000001), ref: 00402D73
                                                                                                                              • GetTickCount.KERNEL32 ref: 00402D91
                                                                                                                              • CreateDialogParamA.USER32(0000006F,00000000,00402CDD,00000000), ref: 00402DAE
                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00402DBC
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2102729457-0
                                                                                                                              • Opcode ID: 92830607251259d7b21fa7f6a4b037c479e5f1f9739c9a057c3e932900ba9aab
                                                                                                                              • Instruction ID: 761b86bf19c83071f88326f4280a43ff42c19d235faedd25f12e3078a496723d
                                                                                                                              • Opcode Fuzzy Hash: 92830607251259d7b21fa7f6a4b037c479e5f1f9739c9a057c3e932900ba9aab
                                                                                                                              • Instruction Fuzzy Hash: 62F0F431A05621ABC6217B64BE4C9DF7A64BB04B11B51047AF545B22E4DB744C878BAC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004050AB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E004050AB(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t11;
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					__eflags = _t15 - 0x200;
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						__eflags = _t15 - 0x419;
						if(_t15 == 0x419) {
							__eflags =  *0x42a85c - _t16; // 0x0
							if(__eflags != 0) {
								_push(_t16);
								_push(6);
								 *0x42a85c = _t16;
								E00404A71();
							}
						}
						L11:
						return CallWindowProcA( *0x42a864, _a4, _t15, _a12, _t16);
					}
					_t11 = IsWindowVisible(_a4);
					__eflags = _t11;
					if(_t11 == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E004049F1(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 == 0x20) {
					E004040EA(0x413);
					return 0;
				}
				goto L10;
			}






                                                                                                                              0x004050af
                                                                                                                              0x004050b9
                                                                                                                              0x004050cf
                                                                                                                              0x004050d5
                                                                                                                              0x004050f7
                                                                                                                              0x004050fa
                                                                                                                              0x004050fa
                                                                                                                              0x00405100
                                                                                                                              0x00405102
                                                                                                                              0x00405108
                                                                                                                              0x0040510a
                                                                                                                              0x0040510b
                                                                                                                              0x0040510d
                                                                                                                              0x00405113
                                                                                                                              0x00405113
                                                                                                                              0x00405108
                                                                                                                              0x0040511d
                                                                                                                              0x00000000
                                                                                                                              0x0040512b
                                                                                                                              0x004050da
                                                                                                                              0x004050e0
                                                                                                                              0x004050e2
                                                                                                                              0x0040511a
                                                                                                                              0x0040511a
                                                                                                                              0x00000000
                                                                                                                              0x0040511a
                                                                                                                              0x004050ee
                                                                                                                              0x004050f0
                                                                                                                              0x00000000
                                                                                                                              0x004050f0
                                                                                                                              0x004050bf
                                                                                                                              0x004050c6
                                                                                                                              0x00000000
                                                                                                                              0x004050cb
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • IsWindowVisible.USER32(?), ref: 004050DA
                                                                                                                              • CallWindowProcA.USER32 ref: 0040512B
                                                                                                                                • Part of subcall function 004040EA: SendMessageA.USER32 ref: 004040FC
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                              • Opcode ID: e888eab98be9719f5677808cf14d784dfa63dd3181dd39c0deeb7150e6d77b2f
                                                                                                                              • Instruction ID: 77e6a5b3f6bfc6627eb61d09ca0671ae0e6a579f7b3ef645513b94fc1d41cd39
                                                                                                                              • Opcode Fuzzy Hash: e888eab98be9719f5677808cf14d784dfa63dd3181dd39c0deeb7150e6d77b2f
                                                                                                                              • Instruction Fuzzy Hash: FD017171600648ABDF206F11DD81A5B3B65EB84750F144036FA417A1D2D73A8C629F6E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403798 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00403798() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x429834; // 0x77d268
				_t3 = E0040377D(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x429834 =  *0x429834 & 0x00000000;
				return _t3;
			}







                                                                                                                              0x00403799
                                                                                                                              0x004037a1
                                                                                                                              0x004037a8
                                                                                                                              0x004037ab
                                                                                                                              0x004037ab
                                                                                                                              0x004037ad
                                                                                                                              0x004037b2
                                                                                                                              0x004037b9
                                                                                                                              0x004037bf
                                                                                                                              0x004037c3
                                                                                                                              0x004037c4
                                                                                                                              0x004037cc

                                                                                                                              APIs
                                                                                                                              • FreeLibrary.KERNEL32(?,74D0FA90,00000000,C:\Users\user\AppData\Local\Temp\,00403770,0040358A,?,?,00000006,00000008,0000000A), ref: 004037B2
                                                                                                                              • GlobalFree.KERNEL32 ref: 004037B9
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403798
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Free$GlobalLibrary
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 1100898210-3916508600
                                                                                                                              • Opcode ID: 248c780681ff10c09d9810c58c710ba8abcca500869ff380da07a7f320702544
                                                                                                                              • Instruction ID: 06ba742c3ad1fb67bc09d12af4c86e1058789e05b1a36190638fabe2eea0851a
                                                                                                                              • Opcode Fuzzy Hash: 248c780681ff10c09d9810c58c710ba8abcca500869ff380da07a7f320702544
                                                                                                                              • Instruction Fuzzy Hash: EAE0C27352212097C7312F15EE04B1AB7A86F86F22F09403AE8407B2A087741C438BCC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004059EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004059EF(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                                              0x004059f0
                                                                                                                              0x004059fa
                                                                                                                              0x004059fc
                                                                                                                              0x00405a03
                                                                                                                              0x00405a0b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405a0b
                                                                                                                              0x00405a0d
                                                                                                                              0x00405a12

                                                                                                                              APIs
                                                                                                                              • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402E30,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SetupWIService.exe,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 004059F5
                                                                                                                              • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E30,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SetupWIService.exe,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405A03
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharPrevlstrlen
                                                                                                                              • String ID: C:\Users\user\Desktop
                                                                                                                              • API String ID: 2709904686-1669384263
                                                                                                                              • Opcode ID: 4402843b33e5109e67992b99d0281bb7e81fac819ebae0ac34b6d7d52c4d849b
                                                                                                                              • Instruction ID: 7185998fb8cc4c4ccda179d560b4c8302004e2739ffdff7e1043df3a51136750
                                                                                                                              • Opcode Fuzzy Hash: 4402843b33e5109e67992b99d0281bb7e81fac819ebae0ac34b6d7d52c4d849b
                                                                                                                              • Instruction Fuzzy Hash: E6D0C7B3519DB06EE30392549D04B9F6A48DF16710F094566E181A6195C6784D424BED
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 739110E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E739110E0(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x7391405c = _a8;
				 *0x73914060 = _a16;
				 *0x73914064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x73914038, E73911556, _t52);
				_t43 =  *0x7391405c +  *0x7391405c * 4 << 2;
				_t17 = E7391123B();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E73911266(E739112AD( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E739112D1( *_t55 - 0x30, E7391123B());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x73914030;
								 *0x73914030 = _t31;
								E73911508(_t31 + 4,  *0x73914064, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x73914030;
							if( *0x73914030 != 0) {
								E73911508( *0x73914064, _t34 + 4, _t43);
								_t37 =  *0x73914030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x73914030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                                                                                              0x739110e7
                                                                                                                              0x739110ef
                                                                                                                              0x73911103
                                                                                                                              0x7391110b
                                                                                                                              0x73911116
                                                                                                                              0x73911119
                                                                                                                              0x73911121
                                                                                                                              0x73911124
                                                                                                                              0x73911126
                                                                                                                              0x739111c4
                                                                                                                              0x739111d0
                                                                                                                              0x7391112c
                                                                                                                              0x7391112d
                                                                                                                              0x7391112d
                                                                                                                              0x73911130
                                                                                                                              0x73911131
                                                                                                                              0x73911134
                                                                                                                              0x73911203
                                                                                                                              0x73911206
                                                                                                                              0x7391119e
                                                                                                                              0x739111a4
                                                                                                                              0x739111ac
                                                                                                                              0x739111b1
                                                                                                                              0x739111b4
                                                                                                                              0x00000000
                                                                                                                              0x739111b4
                                                                                                                              0x73911209
                                                                                                                              0x7391120a
                                                                                                                              0x73911186
                                                                                                                              0x7391118c
                                                                                                                              0x73911194
                                                                                                                              0x00000000
                                                                                                                              0x73911194
                                                                                                                              0x73911152
                                                                                                                              0x73911153
                                                                                                                              0x7391115b
                                                                                                                              0x73911168
                                                                                                                              0x73911170
                                                                                                                              0x73911179
                                                                                                                              0x7391117e
                                                                                                                              0x7391117e
                                                                                                                              0x00000000
                                                                                                                              0x73911153
                                                                                                                              0x7391113a
                                                                                                                              0x739111d1
                                                                                                                              0x739111d1
                                                                                                                              0x739111d8
                                                                                                                              0x739111e5
                                                                                                                              0x739111ea
                                                                                                                              0x739111ef
                                                                                                                              0x739111f5
                                                                                                                              0x739111fb
                                                                                                                              0x739111fb
                                                                                                                              0x00000000
                                                                                                                              0x739111d8
                                                                                                                              0x73911140
                                                                                                                              0x73911143
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x73911149
                                                                                                                              0x7391114c
                                                                                                                              0x7391119b
                                                                                                                              0x00000000
                                                                                                                              0x7391119b
                                                                                                                              0x7391114f
                                                                                                                              0x73911150
                                                                                                                              0x73911183
                                                                                                                              0x00000000
                                                                                                                              0x73911183
                                                                                                                              0x00000000
                                                                                                                              0x739111ba
                                                                                                                              0x739111ba
                                                                                                                              0x00000000
                                                                                                                              0x739111c3

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.523462386.0000000073911000.00000020.00000001.01000000.00000005.sdmp, Offset: 73910000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.523447585.0000000073910000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.523475506.0000000073913000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.523488453.0000000073915000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_73910000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$Free$Alloc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1780285237-0
                                                                                                                              • Opcode ID: 614e35b26eddc712a6e0c9a79cc4bb3979d051ad9a6e8fd88275568c79c79d5b
                                                                                                                              • Instruction ID: 4041bab1fcb11af5a78e86df2e38f643a0deca5633437d6a9593f48342eaea9e
                                                                                                                              • Opcode Fuzzy Hash: 614e35b26eddc712a6e0c9a79cc4bb3979d051ad9a6e8fd88275568c79c79d5b
                                                                                                                              • Instruction Fuzzy Hash: 8731A8B250825AFFE741DF66D944B16BFFDEB09290B240525E84AFB254E734D420CF16
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405B0E Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405B0E(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                                                              0x00405b1e
                                                                                                                              0x00405b20
                                                                                                                              0x00405b23
                                                                                                                              0x00405b4f
                                                                                                                              0x00405b28
                                                                                                                              0x00405b31
                                                                                                                              0x00405b36
                                                                                                                              0x00405b41
                                                                                                                              0x00405b44
                                                                                                                              0x00405b60
                                                                                                                              0x00405b46
                                                                                                                              0x00405b4d
                                                                                                                              0x00000000
                                                                                                                              0x00405b4d
                                                                                                                              0x00405b59
                                                                                                                              0x00405b5d
                                                                                                                              0x00405b5d
                                                                                                                              0x00405b57
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B1E
                                                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B36
                                                                                                                              • CharNextA.USER32(00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B47
                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B50
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.519128107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.519121589.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519157463.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519191045.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519626972.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519684080.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.519719370.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.522238823.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 190613189-0
                                                                                                                              • Opcode ID: dddc0b46adaff912d9c321cf48e41736a02eed0190ef2a74250491e495455120
                                                                                                                              • Instruction ID: 0197496b5d832c36441f5dd9a15c5c44ab4bce902fcb82863052ee0cfca36748
                                                                                                                              • Opcode Fuzzy Hash: dddc0b46adaff912d9c321cf48e41736a02eed0190ef2a74250491e495455120
                                                                                                                              • Instruction Fuzzy Hash: C9F0C231600418BFC7029BA5DD00D9EBBB8DF06250B2540BAE840F7210D634FE019BA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 005919A0 Relevance: 7.7, APIs: 5, Instructions: 161filethreadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,?,?), ref: 005919EB
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00591A36
                                                                                                                              • VirtualQueryEx.KERNEL32(?,00000000,?,0000001C), ref: 00591AA1
                                                                                                                              • GetProcessId.KERNEL32(?,00000000,?,00000000,?,005916B0), ref: 00591B6D
                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00591B81
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.297334455.0000000000371000.00000020.00000001.01000000.00000007.sdmp, Offset: 00370000, based on PE: true
                                                                                                                              • Associated: 00000011.00000002.297296621.0000000000370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000011.00000002.302088034.00000000008C8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000011.00000002.303259985.0000000000A2F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000011.00000002.303270415.0000000000A32000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000011.00000002.303279567.0000000000A34000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000011.00000002.303308201.0000000000A37000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000011.00000002.303325577.0000000000A46000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000011.00000002.303335438.0000000000A4F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000011.00000002.303401145.0000000000CF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000011.00000002.303413295.0000000000CFC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000011.00000002.303422883.0000000000CFF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000011.00000002.303429913.0000000000D02000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000011.00000002.303618290.0000000000D3F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_370000_wiservice.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseCreateCurrentFileHandleProcessQueryThreadVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1837238986-0
                                                                                                                              • Opcode ID: 33499721eecdeba6a506d4eb6a54770f87b1794162e690049f2fff16ac4f5c03
                                                                                                                              • Instruction ID: b36ac5f1404d9379d86433b14949316150b40b3de0ac03b1d738cb4abefe403e
                                                                                                                              • Opcode Fuzzy Hash: 33499721eecdeba6a506d4eb6a54770f87b1794162e690049f2fff16ac4f5c03
                                                                                                                              • Instruction Fuzzy Hash: 8F5146716087019FD724CF29D884B5BBBE9FB88710F14892EF18AC72A1EB719904CF56
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 005919A0 Relevance: 7.7, APIs: 5, Instructions: 161filethreadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,?,?), ref: 005919EB
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00591A36
                                                                                                                              • VirtualQueryEx.KERNEL32(?,00000000,?,0000001C), ref: 00591AA1
                                                                                                                              • GetProcessId.KERNEL32(?,00000000,?,00000000,?,005916B0), ref: 00591B6D
                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00591B81
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000017.00000002.519473290.0000000000371000.00000020.00000001.01000000.00000007.sdmp, Offset: 00370000, based on PE: true
                                                                                                                              • Associated: 00000017.00000002.519434389.0000000000370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000017.00000002.524955722.00000000008C8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000017.00000002.525449457.0000000000A2F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000017.00000002.525513684.0000000000A37000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000017.00000002.525627169.0000000000A46000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000017.00000002.525671718.0000000000A4F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000017.00000002.525714504.0000000000A71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000017.00000002.525807126.0000000000CF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000017.00000002.525827991.0000000000CFC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000017.00000002.525840793.0000000000CFF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000017.00000002.525849017.0000000000D02000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              • Associated: 00000017.00000002.525949230.0000000000D3F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_23_2_370000_wiservice.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseCreateCurrentFileHandleProcessQueryThreadVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1837238986-0
                                                                                                                              • Opcode ID: 33499721eecdeba6a506d4eb6a54770f87b1794162e690049f2fff16ac4f5c03
                                                                                                                              • Instruction ID: b36ac5f1404d9379d86433b14949316150b40b3de0ac03b1d738cb4abefe403e
                                                                                                                              • Opcode Fuzzy Hash: 33499721eecdeba6a506d4eb6a54770f87b1794162e690049f2fff16ac4f5c03
                                                                                                                              • Instruction Fuzzy Hash: 8F5146716087019FD724CF29D884B5BBBE9FB88710F14892EF18AC72A1EB719904CF56
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%